The North American Electric Reliability Corporation (NERC) Grid Security Exercise GridEx IV report provides valuable lessons learned regarding the security of the North American bulk power system.
The recently released report-out from NERC provides details on the massive November 2017 exercise. The exercise was highlighted in the T&D World article “More Than 6,000 Utility, Government Officials Tested Grid Security During GridEx IV Exercise.”
As detailed in NERC’s new report, the objectives of GridEx IV were to do the following:
- Exercise incident response plans
- Expand local and regional response
- Engage critical interdependencies
- Improve communication
- Gather lessons learned
- Engage senior leadership
NERC conducted its fourth biennial (once every two years) grid security and emergency response exercise, GridEx IV, from Nov. 15-16, 2017. GridEx IV consisted of a two-day distributed play exercise and a separate executive tabletop on the second day.
The exercise provided an opportunity for various stakeholders in the electricity sector to respond to simulated cyber and physical attacks that affect the reliable operation of the grid, fulfilling NERC’s mission to assure the effective and efficient reduction of risks to the reliability and security of the BPS.
Electric utilities continue to use the planning materials for separate exercises with NERC, government, and consultant support. In addition to the distributed play portion of GridEx IV, a six-hour executive tabletop portion took place on Nov. 16 that involved industry executives and senior government officials. The 42 participants included a cross-section of industry executives and senior officials from federal and state governments.
The tabletop was facilitated as a structured discussion for industry and government to share the actions they would take and issues they would face in responding to the scenario. Participants articulated the severe limitations and barriers that would need to be addressed, both independently and collaboratively, to respond.
Feedback from participants indicates that the exercise continues to provide industry and government participants with a valuable learning opportunity to strengthen their internal crisis response capabilities, including how they coordinate with others. Participants understand that physical and cyber security incidents could disrupt the reliable operation of the bulk power system, and GridEx IV allowed security staff and power system operators to identify the threats and quickly respond as they would in a real-world event. GridEx IV reinforced the need to continue building on the collaborative relationships between the electricity industry and other critical infrastructure sectors and government.
The exercise identified opportunities to improve information-sharing capabilities in today’s evolving threat environment. The E-ISAC continues striving to achieve its vision of being “a world-class, trusted source of quality analysis that rapidly shares electricity industry security information.”
The full March 2018 NERC report is at this link.
