GridEx Musings

By Richard Schlottman, NERC Senior Reliability Specialist

GridEx is a NERC exercise that takes place every two years. It allows utilities to demonstrate how they would respond in the event of cyber or physical security incidents. It allows for entities to respond to incidents in their facilities and service territories as well as responding to resource sharing requests from neighboring entities during these types of events.  

I attended GridEx last November and found it to be a very interesting exercise for many reasons. Most interesting to me was that back in August of last year, our pre-planning sessions were being used to develop the injects for the planned exercises and our western region planner presented us with a scenario for a global pandemic. It seems ironic now but at the time everyone attending these sessions thought, “That is not going to happen. We are trying to plan for cyber and physical security issues.” We all had our response plans and not one of them had anything about what to do in a pandemic. We ditched that inject and went on with what we all were looking at getting out of the exercise: how we respond to cyber and physical security events. Hindsight being what it is and seeing how we have responded since a pandemic did in fact happen, I am sure all of us participating would have given it a more serious look during the planning phase of the exercise.  

The day finally arrived for the exercise to commence, and it was interesting to see across the various regions how they responded to the injects placed into the exercise. There was an exercise website set up that had simulated news casts from various regions describing the events occurring during this exercise; power outages, rioting, people evacuating their homes and businesses, and severe weather events. It was truly interesting to see the level of participation from all that participated. I saw where people were using props in the exercises. They were sending pictures to their plant managers and Transmission Operator of suspected cyber sabotage consisting of a cell phone plugged into a device out in the field. The use of heavy equipment at a facility to block access in response to a physical threat was another creative response to a situation. I think the most humorous one was a facility in a rural and the remote area was being “attacked.” A person at the plant called his family to let them know what was going on. The next thing we knew, the local citizens mobilized and came to help protect the facility and personnel. The creativity used during these exercises point to the real life “thinking outside of the box” necessary during an actual event. 

The exercise was a success as it made the participants consider how to respond based upon their response plan. That response plan more than likely changed after the exercise due to lessons learned during the exercise. I suspect that entities are now adding pandemic response to their response plans and it will be discussed with more seriousness for future exercise injects. I hope that more people in our industry both participate in the next exercise or sign up as an observer. This will give a unique opportunity to see how responses to events impacting our grid are handled.