Deep Dive: NERC’s Take on Grid Cybersecurity

When we talk about reliability, we generally talk about resource adequacy—does the grid have enough of the right kind of supply at the right times and in the right places to satisfy demand? But there’s another dimension of reliability that is likely to become more important if the world continues its multi-polar geopolitical drift: cybersecurity.

Consider that 2021’s SolarWinds malware attack impacted a quarter of American utilities. That same year a cyberattack hit the Colonial pipeline, knocking it out of service temporarily. In February, federal agencies reported that a China-linked actor had “compromised the IT environments of multiple critical infrastructure providers in the U.S.” And the Biden administration recently met with the water sector to discuss its concerns over the growing number of cyberattacks against it.

Earlier this month, the North American Electric Reliability Corp published its findings from a two-day exercise (called GridEx VII) with over 15,000 participants from about 250 organizations in the US and Canadian gas, electric, and telecommunications industries plus government partners. The aim of the exercise, held last November, was to test “operational and policy measures that would be needed to restore the grid following a severe cyber and physical attack.”

“Today’s threat landscape is dynamic, presenting challenges that are increasingly difficult to detect and protect against. The scenario created for GridEx VII reflected this by testing the collective ability of industry, government, and cross-sector partners to restore the grid under the most extreme circumstances,” Manny Cancel, senior vice president of NERC and chief executive officer, E-ISAC said in a statement. 

As America attempts to move toward greater digitalization of the power grid—smart meters and thermostats, virtual power plants, greater flexibility, etc.—cybersecurity vulnerabilities will grow.

Let’s pop the hood and take a look at what NERC did and what they learned.

Subscribe to Premium Subscription to read the rest.