December 9, 2015

Cybersecurity and the Grid

The North American Electric Reliability Corporation (NERC), the not-for-profit international regulatory authority tasked with assuring the reliability of North America’s bulk power system, ran a two-day drill simulating a series of coordinated cyber and physical attacks on various automated systems and key transmission and generation facilities. NERC conducts these types of exercises every two years to give participating utilities and governmental agencies the opportunity to assess their emergency response and recovery plans. While NERC did not release any findings from the test, called “GridEx III”, they expect to complete a report on the test and resulting recommendations by early next year. Read NERC’s press release here.

NERC conducted the last such exercise (“GridEx II”) in November 2013. The report following that test recommended, among other things, that stakeholders:
  1. review communication infrastructure to identify redundancies or alternatives to maintain communication during a crisis,
  2. build relationships with relevant government agencies to establish communications procedures prior to a crisis,
  3. clarify reporting roles and functions, and
  4. develop mechanisms to preserve evidence and collect forensic data following a physical or cyber attack.