SAVE THE DATE – GridEx IV – Mid-term Planning Meeting (MPM)– Friday, February 10, 2017 – 10 a.m. – 4:00 p.m. Eastern. Conference call/webinar format.
GridEx IV is an unclassified exercise designed to simulate a cyber/physical attack on electric and other critical infrastructures across North America, and will involve:
• Electric Utilities;
• Regional (Local, State, Provincial) and Federal Government agencies in law enforcement, first response, and intelligence community functions;
• Critical Infrastructure Cross-Sector partners (ISACs and other utilities), and;
• Supply Chain stakeholder organizations.
Participate in the MPM to gain a high-level understanding of GridEx IV in November 2017. During this meeting your organization can expect high level discussions on:
• How your organization can participate and benefit from the exercise;
• Understanding the cyber and physical threat scenario and simulated operational impacts, and;
• How the exercise has matured and the measurements in place from previous exercises.
The MPM is designed for “planners,” those that will be running the exercise at your organization and will be in conference call/webinar format. Registration details will be provided shortly, as well as shared to the E-ISAC portal and this website.
Due to the sensitive nature of the scenario discussion, this exercise program is not open to the general public or the media. A public report will be available after the exercise concludes.
Contact Jake Schmitter, Senior Manager, Exercises and Training, Electricity Information Sharing and Analysis Center.
GridEx program history: NERC conducted its third sector-wide grid security exercise, GridEx III, in November 2015. The first grid security exercise took place in November 2011. These geographically distributed exercises were designed to execute the electricity sector’s crisis response to simulated coordinated cybersecurity and physical security threats and incidents, to strengthen utilities’ crisis response functions, and to provide input for lessons learned.
The objectives for GridEx III were:
· Exercise crisis response and recovery
· Improve communications
· Identify lessons learned
· Engage senior leadership
GridEx III was made up of a grid-focused operational exercise for participants across North America and a tabletop discussion for executives. The majority of participants took part in the exercise from their place of work over two days and received sequenced email messages that detailed simulated scenario conditions. Based on this information, participants responded with simulated internal and external crisis response and information sharing activities. An exercise control cell, based in the Washington, D.C. area, managed scenario distribution, monitored the exercise and gathered lessons learned.
GridEx III was the largest cyber and physical security exercise of its kind, involving more than 4,400 participants from 364 industry and government organizations in the US, Canada, and Mexico. The tabletop discussion involved senior leaders from the Electricity Subsector Coordinating Council and US government executives. Lessons learned from the exercise are available in a public report, below.
GridEx III Public Report
GridEx II Public Report