On November 15th and 16th, GridEx, a biennial event, will be taking place. Representatives from the North American utility industry, as well as various regional and federal agencies, will take part in simulated emergencies to test their response plans.
This year, three separate drills will be put forth to test each organization’s response plans, see how they interact with others involved in the general response, and identify areas for improvement.
Having a response specific to each emergency scenario can spell a massive difference in both the handling of the event and in the recovery. The emergencies that affect the utility industry fall into two very distinct categories: physical and cyber. Different and well thought-out responses for each scenario are needed – preparedness for both situations is critical. GridEx provides a way to test these responses.
Preparing for Physical Events
Physical events count for a majority of issues the power grid faces. Severe weather is often the cause of these issues. Even common weather events can take a hefty toll on the infrastructure, so much so that a majority of time and resources allocated for emergency management are devoted to treating outages caused by weather.
The power grid is a massive, complex, and interconnected system, much of whose physical structure is constantly exposed to the elements. Even when considering the grid as an amalgamation of various sectors owned by different companies, each individual company’s assets are still enormous beasts. A company’s response plan has to take into account complexity and exposure on a massive scale.
A response plan begins with some preliminary moves. One vital step is gathering intelligence. Just any intelligence won’t do; certain types of knowledge can and will make the difference in your company’s emergency response.
Know What Kind of Physical Emergency You’re Facing
Having some type of map or visual representation of your infrastructure will help to quickly identify an affected locale. Pinpointing the area will allow you to make decisions quickly and aid in restoring power rapidly. Simply having this information on hand will make a positive impact on the quality of your response and recovery. If the event is caused by a natural occurrence, satellite-based mapping may even lead to ideas on what caused the issue before the investigation kicks off.
Another vital step is to have foreknowledge and documentation from previous experiences. Knowing exactly what actions to execute, and having the ability to easily execute them once an incident begins, will have the strongest influence on the effectiveness of your response.
Since real emergencies can’t be scheduled, regular exercises and drills are the best way to ensure everyone involved knows their exact role in a response scenario.
They also help you to evaluate which parts of your plan are working well and which ones aren’t. Well-executed, thorough response plans have to be developed with training and drills in mind – going through a simulated event and implementing a practiced response is the best way to prepare for the real thing.
This is the essence of GridEx. Attendees get to practice their responses to a variety of simulated incidents and disasters, and in the process stress test their existing plans to find where they can be improved. The insights participants will gain about their responses to both physical and cyber occurrences will be invaluable.
The Threat of Cyber Attacks
Though cyber emergencies are far less common than physical events for utilities, they still pose a threat to the steady supply of service the power grid provides, and GridEx recognizes this fact. It simply can’t be denied that our nation’s power grid is an attractive target for malicious agents, and it’s become increasingly clear that a cyber attack could be just as likely as a physical attack.
The scale damage that a cyber attack can result in could easily eclipse that of a physical emergency.
With rare exceptions, physical events affect the supply of significantly small groups of customers. Just for scale, in December 2015, cyber criminals hacked into computers and SCADA of Kyivoblenergo, one of the primary power suppliers in Ukraine. By the end stage of the attack, a reported 225,000 customers experienced an outage.
This attack on the Ukrainian grid was the first known cyber strike on any power grid. And its effect and reach could have been far worse, according to some estimates. Many think this attack was a show of power. Experts agree that future cyber attacks could easily be many times worse than this incident was.
The cyber criminals who put together these assaults aren’t constrained by physical limitations like geography or weapons. With the right knowledge of ICS (industry control systems), they need just an internet connection to potentially topple entire power grids.
Cyber Attacks on the Grid are Not Unlike Cyber Attacks in General
Despite the short history the power grid industry has with cyber breaches, the tactics we’ve seen cyber criminals employ in these attacks are consistent across all targeted industries.
The 2015 Ukrainian incident, for example, was partly possible because the hackers tricked employees into opening Microsoft Word files containing malicious code. Educating employees on how to spot suspicious emails and how to dispose of them is an essential part preventing intrusion. Testing vigilance is easy – simply send a fake malicious email (there are a number of services that provide this capability), see what happens, and run the appropriate audits.
Social engineering is also a preferred method of hackers. There are innumerable methods that have been described (just do a Google search on “social engineering hacks”!). This method requires minimal effort and resources, and can have rather impactful consequences, especially if the hacker is able to create the illusion that they are a person of authority, whether from within the organization, or external to it (such as a governmental or enforcement representative).
The Power Grid’s Defense Against Hackers
Many of the aforementioned defense tactics and then some are being practiced today. Some grid stakeholders are actively striking out and taking the battle to the hackers.
Robert M. Lee, CEO of Dragos, Inc, spoke with Jesse Dunietz at Scientific American in August 2017 about cybersecurity and the grid. Perhaps more interestingly, Lee also talked about some more aggressive measures as well. He says that the tactics of these hackers seem to be fairly effective, so why not repurpose them to keep the grid running? This would basically mean throwing whatever weapons the hackers use back at them. Among these is reconnaissance and attacks on the tools cyber criminals compile for their attacks. Dismantling a cyber criminal’s weapons before they can even launch them is one of the strongest defenses. It’s a method of active defense, something more and more members of the grid security community are embracing.
GridEx 2011: What We All Learned
The 2011 GridEx conference, the first of its kind, simulated a large scale attack on the North American power grid. A complex background was crafted for the simulation to enhance the realism of the exercise. During Move One of the simulation, the initial attack was reported as a physical act of sabotage, that being the theft of copper materials already in place as part of the infrastructure. But as participants explored and acted in their roles, it was discovered this was only a small part of a larger combination style attack.
This first phase, the copper theft, of the fictional malicious agent’s strike was considered to be a diversion tactic.
The distraction the break-in caused also allowed the actor to plant hardware that captured critical network structure information and stole credentials. This data played a substantial role in the actor’s development of malicious code that allowed their true goals to manifest.
The agent weaponized the traditional threat power grids faced for many years. This exercise, along with those of 2013, 2015, and now 2017, provide those inside and outside of the industry with valuable protective measures to be taken as threats to the grid unfold and transform.
Prepare, Prepare, Prepare
Being able to handle and respond well to emergencies is a core element of operations in the power grid. A diverse portfolio of responses is the best preparation. The goal of GridEx is to test some of the plans within any given portfolio. Whatever type of incidents end up being simulated at the conference, whether they’re physical, cyber, or cross threats, they’ll lay some important groundwork for emergency response in the power grid for the years ahead.
In 2011, at the very first iteration of GridEx, 48 North American utilities, 21 government and university bodies, and 6 regional entities participated in the simulation. And industry participation grows every year. NERC’s 2011, 2013, and 2015 after-action reports detail what emergencies the participants responded to. Each contains the most crucial takeaways and preparations the participants agreed should be taken moving forward. Browse through their reports to see what buzz there is in your sector.
See what GridEx is about. See what they’ve done in the 2011, 2013, 2015, and what they’re planning on for this year.