Connected Plant

Utilities Prepare for Simulated Attack on U.S. Power Grid

Utilities across the country are gearing up for an attack on the power grid November 15 and 16.

Thankfully, it’s only a drill. But in the event of an actual emergency, a real physical and cyberattack on the U.S. electricity infrastructure, GridEx IV—a biennial exercise conducted by the North American Electric Reliability Corp. (NERC)—will help the nation’s power generators be prepared.

An “exercise control cell,” based in Washington, D.C., will “manage [the] scenario distribution, monitor the exercise and gather lessons learned,” according to NERC.

Drills have been held in 2011, 2013, and 2015, and real events over the past several years have shown that training is needed as attacks on the grid and power generators become more common. Just in the past month, the FBI and U.S. Dept. of Homeland Security (DHS) warned that the energy industry is among the targets of an ongoing campaign of cyber espionage and “advanced persistent threat” actions designed to disrupt U.S. industrial and power infrastructure.

Grid operators and utilities are expected to treat the drill as a real disaster situation, in which they will implement crisis plans, coordinate response efforts, and keep the public informed about steps being taken to restore power.

The fear of physical and particularly cyber-oriented attacks against the grid and  power plants has prompted power generators to take several steps to protect their infrastructure, both in the U.S. and elsewhere. In fact, security issues were second only to cost concerns among power generators, according to a poll of attendees of POWER’s annual Connected Plant Conference earlier this year.

Stan Schneider, CEO of Real-Time Innovations, a California-based Data-Distribution Service (DDS) company, said then that “Security is a huge problem, everybody knows … there’s just so many things that don’t work that people are dependent on for various reasons, but the new technologies [where] you can layer in different levels of security, are definitely making it better.”

NERC in a news release said “The GridEx planning team designs the exercise to allow each organization to participate in a way that is consistent with its available resources and real-world operational environment. NERC asks participating organizations to complete an after-action survey and encourages them to share with the Electricity Information Sharing and Analysis Center lessons learned for the key observations and recommendations provided in reports after each exercise.”

GridEx III, the most-recent drill held in 2015, had participation from about 4,400 persons within 364 organizations. More than 200 companies had staff take part in the drill, and more than 100 observed the exercise, according to NERC. Gerry Cauley, president and CEO of NERC, said the 2015 drill included simulated assaults on public-facing websites of energy generators, including customer service sites. It also simulated physical attacks on equipment such as transformers.

NERC would not talk about the premise for this year’s drill, but said representatives from the FBI, National Guard, National Security Council, Department of Energy and Department of Defense would observe and gather insight and intelligence from the simulated attack.

Darrell Proctor is a POWER associate editor (@DarrellProctor1, @POWERmagazine)

SHARE this article

infrastructure Ukraine cyberattack attack grid DOE cybersecurity DOD NERC