AICPA SOC Service Organizations - Certrec

NERC Offers Recommendations for Combating Power Grid Cyber Attacks


Cyberattacks targeting critical infrastructure are on the rise, and a new report stemming from a scenario exercise aims to help the industry grapple with the changing security landscape.

The GridEx VII Lessons Learned Report, is a post-exercise review and analysis of the North American Electric Reliability Corporation (NERC) and the Electricity Information Sharing and Analysis Center’s (E-ISAC) GridEx VII, that took place in November 2023. The report provides recommendations and actions for utilities, government partners, the E-ISAC, and other stakeholders to prepare for and respond to security incidents that affect the North American electric system.

“Today’s threat landscape is dynamic, presenting challenges that are increasingly difficult to detect and protect against. The scenario created for GridEx VII reflected this by testing the collective ability of industry, government, and cross-sector partners to restore the grid under the most extreme circumstances,” said Manny Cancel, senior vice president of NERC and chief executive officer, E-ISAC. “An exercise on this scale requires significant commitment and collaboration from the participants. This continues as we develop associated action plans and I am encouraged that several participants have already begun to implement some of the recommendations in their organizations.”

More than 15,000 participants from approximately 250 North American organizations – including the electric industry, cross-sector partners from gas and telecommunications, and U.S. and Canadian government partners – took part in a two-day “Distributed Play” exercise, which tested operational and policy measures that would be needed to restore the grid following a severe cyber and physical attack. Using core planning and exercise materials developed by E-ISAC’s GridEx team, participants tested their response and restoration capabilities by customizing the core scenario to meet their actual operating environment.

GridEx VII concluded with a day-long executive session during which industry executives and government leaders from the United States and Canada convened in-person in Washington, D.C., as well as virtually, to explore strategic and policy implications presented by the scenario via a “Tabletop” exercise. The Tabletop exercise resulted in the following recommendations:

1. Explore opportunities to improve the transmission of critical data between control centers

InterControl Center Communications Protocol (ICCP) systems are typically reliable and support by redundant infrastructure and cybersecurity protections, the report said. However, the “severity” of the hypothetical scenario examined prompted the participants to consider than ICCP infrastructure may not be resilient enough against certain single-point-of-failure or common-mode vulnerabilities.

The report argues that the electric industry should consider the potential impact of a complete loss of functionality, and develop recommendations for alternatives hat would provide comparable capabilities.

2. Evaluate alternative technologies for voice communications necessary to operate the grid

The Tabletop scenario examined a hypothetical case in which operator voice communications are unavailable. The report stresses that the industry should coordinate to identify which specific aspects related to resilient voice communications may be improved. If necessary, the report says the industry should evaluate the need for alternative voice technologies with a focus on essential operator-to-operator communications.

3. Increase participation and collaboration between utilities, local, state and provincial governments

While the industry has “well-practiced” plans in resources to restore the grid in the case of an attack, a large-scale crisis that affects electricity and other critical infrastructure providers over extended periods will reveal “new and conflicting” priorities, the report said. The report recommends that the industry determines the need to develop an improved restoration framework that considers government requests that may conflict with pre-established restoration priorities, as well as adopting guiding principles for coordinating with other critical infrastructure as needed.

4. Conduct further discussion between industry and government regarding restoration priorities and supply chain concerns

The report argues that market operators should review their market rules to ensure a common understanding of how generation dispatch and financial settlements would be administered through an extended period of market system or data unavailability.

The goal of the Distributed Play exercise was to examine the resilience of the North American electric system in the face of a coordinated attack from a nation-state adversary. Participants aimed to address the following objectives:

  • Exercise incident, operating, communications, mutual assistance, and crisis management response plans
  • Respond to imminent cyber, physical, and other threats with the potential to affect the reliable operation of the grid
  • Enhance coordination with state/provincial and local governments, suppliers supporting critical operations, and industry partners to facilitate restoration
  • Manage interdependencies with natural gas, telecommunications, and other critical infrastructure sectors
  • Exercise response to information technology (IT) and communications system failures
  • Exercise response to emergency events in a remote or hybrid environment with reduced staff availability and limited access to resources

Further collaboration and coordination between the E-ISAC, industry and government is already in progress with action plans in development based on recommendations in the report. Feedback received from participants will be incorporated into the planning process for GridEx VIII i