NERC conducted its second industry-wide grid security exercise, GridEx II, on November 13 and 14, 2013. The exercise brought together NERC, industry, and government agencies, as well as participants from Canada and Mexico. GridEx is an example of industry’s ongoing efforts on cyber and physical security. It was the largest, most comprehensive effort addressing security by the electricity industry to date and serves as an example of the commitment of stakeholders to continuously improve physical security and cybersecurity.
The NERC GridEx II scenario was built on the objectives, outreach, and findings from GridEx 2011. The exercise, a coordinated cyber and physical attack on the bulk power system, promoted coordination and highlighted urgent issues facing the industry. The simulated cyber attack impacted corporate and control networks, while the concurrent, simulated physical attack degraded reliability and threatened public health and safety. NERC encouraged participating organizations to modify the GridEx II baseline scenario to achieve entity-specific objectives and ensure relevance to local conditions.
Over 234 organizations with more than 2,000 individuals from all key bulk power system functions, as well as relevant government agencies such as the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE), participated in the simulated exercise play. Participants received sequenced email messages that detailed scenario conditions throughout the one-and-a-half-day exercise. Based on this information, "Players" engaged in both internal response measures and external coordination activities across the industry. An Exercise Control (ExCon) cell transmitted scenario updates, simulated nonplaying entities, monitored exercise play, and recorded response activities.
GridEx II’s objectives were to:
Exercise the current readiness of the electricity industry to respond to a security incident, incorporating lessons learned from GridEx 2011;
Review existing command, control, and communication plans and tools for NERC and its stakeholders; and
Identify potential improvements in physical security and cybersecurity plans, programs, and responder skills.