Dive Brief:
- A grid security exercise hosted by the North American Electric Reliability Corp. kicks off this week with more than 370 organizations involved, marking an almost 50% increase in participation over 2023, officials said Monday.
- Managed by NERC’s Electricity Information Sharing and Analysis Center, or E-ISAC, GridEx takes place every two years and allows the utility sector to stress-test response plans to simulated cybersecurity and physical attacks.
- This year, NERC is seeing an increase in participation by small and medium-sized utilities, said E-ISAC CEO Michael Ball. They represent about 70% of the increase in participating organizations, he said.
Dive Insight:
GridEx brings utility, government and cross-sector partners together to test response and recovery plans to a coordinated electric sector attack, Ball said. And as the exercise — and threat — matures, increasing emphasis is placed on broadening its reach.
Along with seeing an increase in smaller utilities, GridEx is seeing an uptick in Canadian utility participation and is reaching out to the natural gas and other sectors, Ball said.
“We recognize the focus of this is North America, and the interconnectedness between Canadian and U.S. operations,” he said. “We're [also] engaging with other critical infrastructure sectors. I think it's really important to recognize that to operate the electric grid in North America, it is a broad spectrum of interconnectedness with other sectors. So we're really focused on natural gas, water, wastewater and telecommunications.”
“Cross-industry engagement just makes us stronger,” Ball said.
Past GridEx exercises have improved electric sector collaboration and coordination “in a very tangible way,” said Tim Kocher, deputy director of the Office of Cybersecurity, Energy Security and Emergency Response at the U.S. Department of Energy.
“The energy sector, writ large, faces unprecedented attacks from across the threat landscape,” Kocher said.
And he noted the threat is rising at a time when grid stress has created “unacceptable reliability risks” in many U.S. regions.
Exercises like GridEx allow the electric sector to “build that muscle memory that we need when real-world emergencies strike,” Kocher said. “Every role of government is represented and plays a role in GridEx, as they do in a real-life scenario.”
The GridEx exercise will run through Thursday; NERC does not disclose details of the scenarios that utilities will face. Following the live portion of the exercise will be an “executive tabletop discussion” that brings together industry leaders to discuss issues found during the simulated attack.
A public report on the lessons learned from GridEx will be published in the first quarter of next year, NERC officials said.
