GridEx IV Initial Lessons Learned and Resilience Initiatives LeRoy T. Bunyon, MBA, CBCP Sr. Lead Analyst, Business Continuity
2017 GridEx IV GridEx is a NERC-sponsored, North American grid resilience exercise conducted every two years. When Nov. 15-16, 2017 Purpose Strengthen industry capabilities to respond to and recover from severe physical, cyber and operational events affecting the bulk power system. Who NERC-registered entities, law enforcement, local government and suppliers. Participation is voluntary. How Through simulated cyber and physical attacks that degrade bulk power system operations. 2
ISO & RTO Participation in 2017 GridEx IV ERCOT FRCC HQT ISNE MISO NBPC NYIS ONT PJM SPC SOCO SPP TVA VACS PEAK AESO Electric Reliability Council of Texas ISO Florida Reliability Coordinating Council Hydro-Québec TransÉnergie ISO New England Midcontinent Independent System Operator New Brunswick Power Corporation New York Independent System Operator Independent Electricity System Operator (Ontario) PJM Interconnection SaskPower Southern Company Services Southwest Power Pool Tennessee Valley Authority VACAR-South Peak Reliability Alberta Electric System Operator Over 6,500 participants 3
A biennial unclassified public/private exercise designed to simulate a cyber/physical attack on electric and other critical infrastructures across North America to improve security, resilience and reliability. 2017 GridEx IV 15 Transmission Operators + 3 Generation Operators Key Observers Department of Homeland Security FEMA U.S. Army Cyber Command Defense Advanced Research Projects Agency Utility Commissions PJM Participant Teams Corporate Incident Response Operational Emergency Response Cyber Security Response Physical Security Incident Response Crisis Communication Response System Operations Training Business Continuity Planning State and Member Training State and Government Policy Enterprise Information Security Corporate Applications Applied Solutions 4
Exercise Results Due to the decisive actions taken by PJM and transmission and generation operators, the PJM footprint stood resilient against operational, physical and cyber injections. Exercises covered Loss of extra-high-voltage assets Realistic communications Incorporated lessons learned from 2016 annual security exercise Promoted awareness of cyber events with dispatchers Provided 13 continuing education hours for dispatchers Provided CIP compliance evidence 5
Reliability... Resilience 6
PJM s Resilience Initiatives PJM System Resilience Evolve the drill and exercise programs to incorporate business impact analysis results and support resilience-focused objectives. Engage with federal and state partners for joint planning and execution. Advancing Security & Resilience Advancing Security & Resilience System Restoration & Degraded Operations Expand and prioritize partnerships with the DoD and other government agencies to explore advanced cyber and physical security tools and capabilities. Expand outreach initiatives to federal & state partners, cross-industry and cross-sector peers, research organizations & PJM members expand the discussion of resilience-related initiatives. 7
Feedback from Transmission Owners Initial Lessons Learned Aligning to Resilience Initiatives The planning team should include additional sector-based organizations affiliated with the National Council of Information Sharing and Analysis Centers in future exercises to identify interdependencies and common vulnerabilities. National Council of ISACs Downstream Natural Gas ISAC Emergency Management and Response ISAC Oil & Natural Gas ISAC Multi-State ISAC National Coordinating Center for Communications ISAC Additional information: Gather more information about the Electric Subsector Coordinating Council s Cyber Mutual Assistance program What is the process for requesting assistance? What services are available? Is there a sample Cyber Mutual Assistance Memorandum of Agreement or Memorandum of Understanding available? 8
Next Steps Conduct additional lessons learned with PJM internal/external participants Compile and report lessons learned to NERC Review executive tabletop summary for lessons learned NERC report issued in February Incorporate lessons learned from GridEx IV into annual security exercise Incorporate lessons learned updates into emergency procedures Conduct annual security exercise in 2018 9
10