GridEx
GridEx III Logo(clear border).png
GridEx IV is the biennial exercise designed to simulate a cyber/physical attack on electric and other critical infrastructures across North America, and will involve:
·         Electric Utilities;
·         Regional (Local, State, Provincial) and Federal Government agencies in law enforcement, first response, and

            intelligence community functions;
·         Critical Infrastructure Cross-Sector partners (ISACs and other utilities), and;
·         Supply Chain stakeholder organizations.

GridEx V Dates
November 13-14, 2019
Due to the sensitive nature of the scenario discussion, this exercise program is not open to the general public or the media.  A public report will be available after the exercise concludes.
TLP_WHITE_GridEx IV Fact Sheet_20161202.docx TLP_WHITE_GridEx IV Fact Sheet_20161202.docx
 
More Information
Contact Jake Schmitter, Senior Manager, Exercises and Training, Electricity Information Sharing and Analysis Center.
 
GridEx program history:
NERC conducted its fourth sector-wide grid security exercise, GridEx IV, in November 2017. The first grid security exercise took place in November 2011. These geographically distributed exercises were designed to execute the electricity sector's crisis response to simulated coordinated cybersecurity and physical security threats and incidents, to strengthen utilities' crisis response functions, and to provide input for lessons learned.
 
Objectives
The objectives for GridEx IV were:
·         Exercise incident response plans;
·         Expand local and regional response;
·         Engage critical interdependencies;
·         Improve communication;
·         Gather lessons learned; and
 ·        Engage senior leadership.
 
Exercise Construct
GridEx IV included a grid-focused operational exercise for participants across North America and a tabletop discussion for executives and senior government leaders. Over the course of two days, the majority of participants took part in the exercise from their workplaces, where they received scenario injects that detailed simulated different cyber and physical threats. Based on the provided information, participants responded with simulated internal and external crisis response and information sharing activities. An exercise control cell, based in the Washington, D.C. area, managed simulated news reports, monitored the exercise, and gathered lessons learned.
 
Previous GridEx Participation
GridEx IV was the largest cyber and physical security exercise of its kind, involving more than 6,500 participants from 450 industry and government organizations in the United States, Canada, and Mexico.  The tabletop discussion involved senior leaders from the Electricity Subsector Coordinating Council, cross-sector partners and U.S. government executives.  Lessons learned from the exercise are available in a public report, below.