In November 2021, I had the extraordinary opportunity to facilitate the North American Electric Reliability Corporation (NERC) and the Electricity Information Sharing and Analysis Center’s (E-ISAC) sixth grid security exercise, GridEx VI. This exercise brings together participants from across North America – including the electricity and gas industries, and United States (U.S.) and Canadian government partners – in a two-day operational event, and a one-day executive tabletop, to practice and discuss the operational and policy measures that would be required to restore the grid following a severe cyber and physical attack.
Taking part in GridEx VI was an opportunity for me to gain a greater understanding of the electricity industry as a whole, and its commitment to security, reliability, and resilience, thanks to a combination of mandatory security standards through NERC and voluntary information sharing through the E-ISAC. It also exposed me to new concepts that many emergency managers are not familiar with, such as the secretary of the Department of Energy’s authority to issue Grid Security Emergency Orders intended to expeditiously restore the reliability of critical electric infrastructure during emergencies.
After GridEx VI, I reflected on my previous experience working with the Federal Emergency Management Agency (FEMA) where emergency managers work in support of response efforts to sustain human life and safety as well as critical government and business functions in the wake of a disaster or emergency. My experience in many emergency situations has highlighted the need for greater advance collaboration and coordination with critical infrastructure sectors, especially the electricity industry as it is fundamental to so many aspects of the emergency recovery process and to daily life. Facilitating the GridEx VI Executive Tabletop reinforced this need. It is clear to me that a lot of utilities’ existing incident response plans already incorporate this type of collaboration; however, the degree to which this is articulated in those plans and exercised is not consistent across the industry. We have also seen recent examples, such as the Colonial Pipeline hack and Winter Storm Uri in Texas that demonstrated a lack of cohesion between emergency managers and electricity utilities. These incidents could have been mitigated had they exercised incident response before events occurred.
Improving Operational Communications
Most emergency managers recognize that restoring power as soon as possible during the disaster response phase solves many problems across the other critical infrastructure sectors, including FEMA’s Community Lifelines. Doing so requires the ability to communicate even when service is interrupted due to the event. In fact, GridEx VI also highlighted significant gaps in the power industry’s ability to ensure continuity of communications during a large-scale cyber incident or grid failure. Since the creation of the U.S. Department of Homeland Security, emergency managers have been outfitted with numerous emergency communication platforms, such as multi-communication vehicles and portable communications on wheels.
Given these identified gaps, it seems prudent for emergency managers to proactively bring utilities into the conversation to discuss ways to repurpose multi-communication platforms in a manner that supports infrastructure providers in their power restoration efforts.
This would require a serious nationwide planning initiative, but it may be as simple as state and local emergency managers asking their power and fuel providers how they can use existing communication capabilities to assist them during extreme grid failure events. It is also appropriate for emergency managers to ask how operational and grid security and restoration information will be shared with them.
A recent example of critical coordination, leveraging existing emergency management tools, involved the State of California’s use of the Wireless Emergency Alert (WEA) system to request the public’s support with energy conservation to help avoid rolling blackouts amidst a historic heatwave impacting the state for more than a week, taxing the power grid daily. While the use of a WEA message for this purpose was unprecedented, the coordination between the State’s Office of Emergency Services and grid operators to issue the message mitigated the impending risk of power failure – offering a significant amount of load reduction within minutes of the message being sent statewide.
Preparing for Electricity Outages and Emergencies
Restoring power after a disaster also reduces the actions emergency managers must take to sustain life in their communities. GridEx VI highlighted that the current dialogue between emergency managers and private/public energy providers needs to be refocused. While much of the discussion around energy reliability is rightfully centered on a sustainable and secure grid of the future, emergency managers need to better understand what they can do today to assist energy providers with keeping the lights on and adjusting their response tactics to reduce grid downtime when events occur in the future.
In some cases, our emergency response tactics may unknowingly prevent critical services from coming back online. For example, there are several disasters I have worked where power and communication providers expressed frustration with the first push debris removal efforts initiated by local governments. A community’s efforts to open critical roadways added to the power being off longer than necessary because key infrastructure was blocked by debris piles preventing workers from accessing key areas to begin restoration efforts. This should serve as an important reminder to emergency managers: we need to proactively engage in regular dialogue with public and private energy, fuel, communication providers, and other critical infrastructure sectors to understand how we can better organize and optimize our emergency response efforts – rather than simply asking how long it will be before services are restored.
While GridEx is targeted toward the E-ISAC’s core membership (utility asset owners and operators across North America), E-ISAC partners – which include state and local security and emergency response officials – can participate as well. Becoming a member of the E-ISAC not only provides state and local officials the ability to share and receive cyber and physical security information related to the electricity sector in a timely manner, but it also allows them to work side-by-side with utilities to plan, exercise, and execute emergency response efforts.
Reaching for Resilience, Planning for Today
While grid experts work to secure and make our energy grids more resilient, emergency managers must work closely with industry partners. They must leverage existing tools and resources such as the E-ISAC which provides an opportunity to gain real-time knowledge and understanding of the cyber and physical threats impacting the electricity industry. As we saw from GridEx VI, communication, collaboration, and coordination – between industry and government, between states and localities, and across international borders – are fundamental to a successful emergency response.
My team at Hagerty and I are in the process of planning GridEx VII with NERC and the E-ISAC. Now is the time for emergency managers to get involved in discussions with local utilities in advance of the next exercise, which is November 2023. Organizations can reach out to the E-ISAC for more information on membership and participation in GridEx VII.