Power Grid Simulation by NERC Exposes Cyber Threat Sharing Issues
How vulnerable are utility companies to terrorism and cyber-attacks? How would these organizations react to such attacks? How soon would they be able to recover and restore power? And just what exactly is the cybersecurity awareness level in the utilities and energy sector? We now have a better idea of the answers to all of those questions thanks to a simulated terrorist physical assault and cyber-attack on the North American power grid that took place this past November.
Sadly, the feigned attack uncovered liabilities in how the organizations that make up the grid would handle cyber threat data and weaknesses in how they would assemble emergency support to restore power to the blacked-out regions of the country.
The results were detailed in the North American Electric Reliability Corp.'s (NERC) unclassified summary of the latest GridEx III "war games", an event with simulated cyber-attacks, and even physical attacks, on power substations across North America, including the United States and parts of Canada and Mexico. GridEx III put utility companies to the test, seeing how they would deal with a blackout due to the attacks.
Unfortunately, it wasn't all good news. GridEx III shone a light on challenges related to NERC's cyber threat-sharing portal, the Electricity Information Sharing and Analysis Center (E-ISAC). The purpose of E-ISAC is to act as sort of a real-time clearinghouse for malware threats to the electric power sector, so this result is particularly troubling and provides the industry with at least one clear goal regarding what to improve.
Another key finding was the absence of a master plan to facilitate communications and logistics among local, state, and federal agencies in the wake of a major attack.
But improvements are already under way. The Electricity Subsector Coordinating Council, a NERC committee charged with security leadership for the industry, is overhauling a guide that deals with how CEOs can work together in cyber threat sharing. They will also be determining what other new policies or legislation would be beneficial.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.