Latest GridEx simulation models 'fake news' campaigns, Ukraine cyberattack
- More than 6,000 individuals participated last week in a simulated attack on the power grid, an exercise held once every two years by the North American Electric Reliability Corp. in an effort to boost coordination and response to a range of scenarios.
- Officials say in excess of 400 organizations were involved in GridEx on two separate days. A report detailing the exercise's findings is expected out next spring.
- This year's event modeled a combined physical and cyber attack on the grid, informed by a 2015 outage in Ukraine as well as recent fears over so-called "fake news" and disinformation campaigns that have plagued social media.
Last week was the fourth iteration of NERC's GridEx simulation and in a call with reporters, officials outlined how they worked to make it reflective of real-world threats. The simulated attack builds off a successful 2015 cyberattack in Ukraine that caused a widespread outage, and included simulated social media platforms that forced participants to consider the possibility of an active disinformation campaign.
“Protecting the nation’s energy grid and ensuring a reliable supply of energy are top priorities for the electric power industry,” Edison Electric Institute President Tom Kuhn said in a statement. "Previous GridEx exercises have led to important changes in how the government and our industry protect the energy grid and respond to incidents affecting energy infrastructure.”
A report detailing the exercise's findings is expected out in March of next year. The 2015 exercise had revealed a number of areas where improvements were needed, including communications, upgrading the Electricity Information Sharing and Analysis Center portal and enhancing coordination with law enforcement.
In that exercise, more than 4,400 individuals from 364 organizations across North America participated. This year, the numbers exceeded 6,000 and 400, respectively.
The exercise results in real-world changes to how electric officials respond to threats. Two years ago during GridEx III, industry executives identified the need for a program that would help electric companies restore critical computer systems following a major cyber incident, EEI said in a statement. The Cyber Mutual Assistance program was subsequently developed and launched by the Electricity Subsector Coordinating Council, and more than 130 entities now are participate.
Fears over a possible cyberattack in the grid are growing. According to a recent report from consulting firm Accenture, more than three quarters of utility executives in North America believe a cyberattack is likely in the next five years. Those results mirrored results from Utility Dive's 2017 survey of utility professionals, which found cyber and physical grid security to be the most pressing issue facing the industry.
Follow Robert Walton on Twitter