By Rich Heidorn Jr.

Participants in NERC’s  GridEx IV began the two-day drill Wednesday encouraged by their coordination in recent hurricanes but chastened by the 2015 cyberattack on the Ukraine and the spread of disinformation via social media.

About 6,500 participants from 450 organizations took part in GridEx IV, including electric utilities, RTO officials, regional and federal government officials, first responders and intelligence agencies.

“The large-scale cyber and physical attack scenario is designed to overwhelm even the most prepared organizations,” NERC Acting CEO Charles Berardesco said during a media briefing Thursday morning. “Participating organizations are encouraged to identify their own lesson learned and to share them with NERC.”

Most of the participants are involved in two days of “distributed play” across the U.S., Canada and Mexico. In addition, about 100 executives gathered at Booz Allen Hamilton in Washington Thursday for a “tabletop” exercise run in parallel.

“The usefulness of these exercises is [testing] the unknown and heretofore unseen. It is to break the system. It is to find out where the friction points are [and] trying to harmonize the activities  [of] the federal government, private industry and state and local governments,” said Southern Co. CEO Tom Fanning, co-chair of the Electricity Subsector Coordinating Council (ESCC). “It’ll be a great day. We’ll learn a lot.”

Previous Lessons Learned

Fanning said previous GridEx drills improved industry coordination, as he said was demonstrated in the “unprecedented collaboration” among investor owned utilities, cooperatives and municipal utilities following hurricanes Harvey and Irma in August and September.

“The ESCC also has a responsibility for helping to coordinate storm response,” he said. “I think this model is working exceptionally well. In fact, we believe the metrics would show that our recovery times were roughly half of what they have been for similar storms in the past.” Hardening of infrastructure also contributed to the speed of the storm recovery. (See Power Restored for 97% of Customers in Irma’s Wake.)

“You get good at what you practice, and we want to be good at response recovery,” said ESCC Co-Chair Duane Highley, CEO of the Arkansas Electric Cooperative Corp., who noted that about 50 cooperatives were participating.  “And we want to build our relationships before we need them.”

ESCC Co-Chair Kevin Wailes, CEO of Lincoln Electric System, said a key improvement resulting from the 2015 drill was the creation of a cyber mutual assistance group. “We realized that we really did not have a deep enough bench … to deal with some of these events on an individual basis,” he said. “So we now have 130 companies involved in cyber mutual assistance.”

The 6,500 participants represented an almost 50% increase from GridEx III. (See GridEx III Shows Vulnerability of Power Grid to Cyberattack.)

This year’s iteration of the biennial exercise is the first to involve the finance, telecommunication and natural gas sectors in the tabletop exercise.

‘Real World’ Scenarios

The “injects” — or scenarios — were informed by the cyberattack that knocked out power to 225,000 customers in Ukraine for several hours in December 2015. (See How a ‘Phantom Mouse’ and Weaponized Excel Files Brought Down Ukraine’s Grid.)

“We always take real-world events as the basis for the exercise because the engineers that are running the distributed play … know what the vulnerabilities are,” said Marcus Sachs, NERC senior vice president and chief security officer.

“We will name specific vendors and components, so it’s a very realistic type of exercise.”

“There’s been a lot of operational planning and coordination since Ukraine in 2015 between government and industry,” said Chris Krebs, the Department of Homeland Security’s acting undersecretary for national protection and programs. “So this is a fantastic opportunity for us to start stress testing some of those planning assumptions we’ve made.”

In recognition of revelations about a Russian campaign to spread “fake news” during last year’s presidential election, officials said they also were incorporating the threat of disinformation on social media platforms.

“The unity of message … is just about as important as the unity of effort. That is, we’ve got to make sure we understand … how we advance our communications,” said Fanning. “An important aspect of that … is how do we gain more influence and control on social media.”

Cauley Absent

GridEx IV was the first such drill run without longtime NERC CEO Gerry Cauley, who was removed from his post Nov. 11 following his arrest on domestic violence charges. (See Cauley Arrest Tied to Relationship with NERC Subordinate.)

NERC issued a statement Wednesday saying the board “has engaged counsel to assist in conducting a thorough investigation” of the allegations. NERC spokeswoman Kimberly Mielcarek cut off Berardesco before he could answer a question about how he kept the Cauley situation from being a distraction going into the exercise.

“We’re keeping staff informed as developments unfold,” she said. “It’s premature for us to comment on anything further at this time.  However, we do provide updates as they are available, and we will continue to do so both publicly and to our staff.”

Hopes for 2017 Drill

Patricia Hoffman, principal deputy assistant secretary for the Department of Energy’s Office of Electricity Delivery and Energy Reliability, said she hoped this year’s drill would test the energy secretary’s emergency authority. Section 202(c) of the Federal Power Act allows the secretary to order power plants to operate for reliability reasons during emergencies. It has been used infrequently, notably during the Western Energy Crisis in 2000 and after Hurricane Katrina in 2005.

The drill “also helps with us as we look at how we’re planning for modernization and investment in the infrastructure moving forward,” she said.

A report on the drill will be released in about March 2018.