Last month’s GridEX II security drill was a valuable test of PJM’s emergency response procedures but lacked in realism, according to a briefing to the Operating Committee last week.

PJM’s Don Wallin said the North American Electric Reliability Corp. tried to stress the capabilities of the 200 organizations that participated in the Nov. 13-14 drill by giving them multiple simultaneous “injects.”

The scenarios included:

• Denial of service attacks against shared service websites such as OATI;
• Malware – similar to that which hobbled Saudi Aramco in a 2012 attack – that that exfiltrated sensitive information and locked corporate desktops and laptops;
• Physical attacks against transmission and generation; and
• Snipers firing at first responders.

The exercise was meant to simulate nation-state sponsored attacks against the grid. But Wallin said those who took part thought the volume of simultaneous injects undercut the verisimilitude.

“We don’t want this to be a Bruce Willis movie,” he said. Because the injects were compressed in such a short time, “it really took away from the realism and turned it into a disaster movie.”

More than 200 organizations, including 35 PJM member companies took part. Among those involved from PJM were the dispatch training team, corporate incident response team, cyber security incident response team, physical security incident response team and crisis communications.

Also involved were the FBI, Department of Homeland Security and the Electricity Sector Information Sharing and Analysis Center (ES-ISAC).

In addition to recommending the staggering of “injects,” participants said the drill should have used real-world communications channels.

GridEx III will be conducted in 2015. PJM plans a joint exercise with transmission owners in 2014.