The North American Electric Reliability Corp (NERC) has taken proactive measures to assess and enhance the emergency response and recovery plans of power sector entities in the face of escalating physical and cyber security threats. A two-day simulation named GridEx was conducted by NERC, involving more than 250 participants, including electric and natural gas companies, as well as government agencies.
Recent incidents of plots targeting power infrastructure in different U.S. states, such as Maryland, North Carolina, Washington state, and South Carolina, have underscored the vulnerability of the power sector. Some of these incidents, involving vandalism, have resulted in widespread power outages.
NERC’s senior vice president, Manny Cancel, who leads its Electricity Information Sharing and Analysis Center (E-ISAC), emphasized the ongoing need for vigilance. “Our adversaries continue to look for ways to exploit our interconnected system,” he stated.
The stress test aimed to evaluate the emergency response and recovery plans of power sector entities in the event of both physical and cyber security attacks. NERC’s report highlighted the evolving nature of cyber threats to the electric grid, driven by geopolitical events, new vulnerabilities, changes in technologies, and increasingly bold cyber criminals and hackers.
In a related development, the Federal Energy Regulatory Commission (FERC) issued a warning about the potential impact of coordinated cyber and/or physical attacks on the bulk power system, especially when combined with severe cold weather events.
Data from the U.S. Department of Energy revealed about 95 human-related incidents, including vandalism and cyber events, in the first half of 2023. This represents an increase compared to the same period in any past year, highlighting the growing frequency and sophistication of threats.
In an August report, NERC emphasized the need to develop standards for the power sector to mitigate risks associated with cloud adoption and artificial intelligence technologies. The report also emphasized the importance of cybersecurity training for the workforce in the power sector.