The North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) began its sixth grid security exercise, GridEx VI, today. GridEx, a two-day exercise, provides the electricity industry, government agencies, and other relevant organizations the opportunity to exercise emergency response and recovery plans in response to simulated cyber and physical security attacks and other contingencies affecting North America’s electricity system.
Past GridEx participants have consistently said that the exercise helped them enhance their operational response capabilities. As a result, participation rates have steadily increased. GridEx VI will be a unique, realistic, and challenging opportunity for all participating organizations.
The goal of GridEx VI is to exercise the resilience of the North American electricity system in the face of a coordinated attack from a state sponsored adversary.
GridEx VI objectives are to:
- Activate incident, operating, and crisis management response plans
- Enhance coordination with government to facilitate restoration
- Identify interdependence concerns with natural gas and telecommunications sectors
- Exercise response to a supply chain-based compromise to critical components
- Identify common mode and cyber operation concerns across interconnections
As part of the GridEx planning process, NERC develops the exercise scenario and supporting tools with a team of industry subject matter experts. NERC strongly encourages all participating organizations to customize the scenario to meet their own learning and training objectives. Organizations may choose to develop their own scenarios, participate in some parts of the NERC scenario and add elements of their own, or participate in the entire NERC scenario. Each customized scenario should remain reasonably consistent with the overall flow of the exercise. Additionally, organizations may choose to collaborate with neighboring utilities to observe or participate in the exercise.
Throughout the GridEx planning process, NERC conducts web-based information sessions to provide organizations with updates on the planning process, scenario design, planning material, and exercise tools. Guidance will also be provided for organizations participating in GridEx for the first time. At the conclusion of the exercise, participating organizations will be asked to respond to an after action survey. The summary will help develop observations and recommendations for a lessons learned report. All information collected will be confidential, consistent with the E-ISAC Code of Conduct, and without attribution to individual organizations. Participation is voluntary and independent from NERC’s regulatory compliance program.
GridEx VI is a de-centralized exercise, designed for all electricity organization across North America. Each organization will decide how it will participate to achieve organizational objectives. Effective and efficient exercise planning is the single most important factor for success and starting early in the process will achieve the best results.