We are here to help you plan, prepare, respond, and report on anything that comes your way. Give us a few moments of your time and we'll show you.
Oct 9, 2018Back to Veoci Blog
Last November, GridEx IV kicked off with 6,500 participants from 450 different organizations. This exercise saw a large rise in participation over GridEx III; 1,800 more individuals participated, and 86 more organizations were represented.
Preparedness, which has always been a top priority, has gained increasing visibility in recent years as cyber attacks and other malicious threats become more common. It’s the reason behind these exercises and the different scenarios and injects—it allows participants to experience a broad spectrum of possibilities, both in terms of threats faced, and ways in which to respond to them.
GridEx IV set a record for participants, and the planned exercises played off this bump in players, simulating a large-scale, coordinated cyber and physical attack on specific sites spread across all North American Regions.
The exercise was divided into five “Moves” to represent different phases. Move 0 involved the adversary gearing up for the exercise, doing research and trying to sniff out vulnerabilities. The attacks kicked off with Move 1, bringing down systems and disrupting power supplies. In Move 2, efforts to maintain reliability were enacted; meanwhile, copy cat attacks started to happen, and news and media started to work up a frenzy of coverage, piling more pressure onto the players to reconnect to the grid.
As the impact became clear, Move 3 began, with the players executing their responses by isolating impacted cyber systems and enabling physical defense measures. And just as importantly, the players engaged in sharing information about the adversary and what solutions were working with each other. Move 3 also put a spotlight on physical and cyber mutual assistance, reinforcing how vital collaboration is.
Move Four saw players recovering from the attacks, repairing their cyber systems and physical assets, working with law enforcement to provide intelligence and receive guidance, and engaging in after action activities.
The point of these exercises is to prepare players for these events, but they also serve another purpose. Players, and the larger participating parties like the Department of Energy, use GridEx to identify gaps, find opportunities for improvement, and draw creative inspiration for future responses, which is just as valuable as affirming existing response capabilities.
So, what were some of the biggest lessons from last November?
The malicious actors in GridEx IV’s exercise focused on taking down multiple locations. The entire grid, or at least large portions, didn’t go down in the attack. The actors wanted to make a dent, but not enough to be noticed right away.
The nature of the attacks reinforced how important collaboration is in these scenarios. Open lines of communication encourage awareness and allow countermeasures to be deployed sooner. Not only that, but collaboration is essential to effective mutual assistance - a lot of sectors lent helping hands to the players with outages, not only restoring operations, but in the following recovery and investigation also.
Collaboration will be a massive factor in any wide-scale attack like the simulation GridEx IV put forth. And this highlighted another key realm in dealing with attacks on the grid: cross-sector response.
GridEx scenarios always target the power grid, but electrical utilities are never the only ones affected by these attacks. Other utilities rely on the supply of power electrical utilities provide, like water utilities and telecom companies. They need to keep their operations up, and they can’t do so without power.
Attacks on the grid—and other utilities in general—extend beyond the utilities space too. A utility company is part of a much bigger network, not just the physical grid. When malicious actors make this kind of move, law enforcement will need to get involved at every level. Local, state, and federal agents will have a part to play in the response, recovery, and investigation. Making sure that all sectors and stakeholders are part of the response only improves future responses.
Both observers and players recommended more cross-sector play for future exercises. And it’s good to see that NERC, the organizer of GridEx, plans to incorporate more cross-sector play in future exercises. Including other utilities, law enforcement, and members in the supply chain will ensure every player is trained for a true, real-world incident.
There’ are even talks to tie vendors into the exercise more. GridEx IV did include vendors, but they were underutilized by participants. A true incident would see a lot of engagement with vendors, so recreating this in a simulation would be to the benefit of both parties.
Both cross-sector response and collaboration hinge on reliable communications for these operations. Given the potential scope of cyber hits on utilities, and the distinct possibility that the communications infrastructure may itself be compromised as part of a cyber attack, finding alternative or back up modes for collaborating is vital.
During GridEX IV, E-ISAC pulled a simulated communications blackout in the National Capital Region, preventing participants from seeing a critical broadcast. If real malicious actors make a move on the power grid, they’ll most likely couple cyber hits in with physical ones. And as part of that, they’ll close off communication pathways.
The lead planners used the blackout in the National Capital Region to urge exercise participants to use backup communications methods. Given the reality of attacks on the grid, it’s good practice. These paths don’t need to be utilized often either, they just need to be available during an emergency.
Every exercise has seen more participants, as well as more organizations represented. GridEx I only included 83 organizations. That number ballooned to 234 for GridEx II, then to 374 in GridEx III. GridEx IV had 450, over five times as many as the first iteration.
Given the trend in the first four exercises, even more participants will dive in and more organizations will be represented in 2020 during GridEx V. It’s a good sign. More and more entities understand how vital security and preparedness is for their industry, and GridEx is the perfect time for them to show this. No outage in utilities is isolated; there is always a ripple effect.
Veoci for Utilities is going to GridSecCon 2018. Come to booth #23 to learn more about the benefits Veoci offers utilities.
Receive all the latest emergency, crisis, and continuity management news, tips, and advice