North American grid regulator tests physical, cybersecurity preparedness
(Reuters) — The North American Electric Reliability Corp. said Thursday it has concluded a two-day simulation with power sector entities to stress test their emergency response and recovery plans for physical and cybersecurity attacks.
Plots against power infrastructure and electric substations have come to light recently in different parts of the country, including Maryland, North Carolina, South Carolina and Washington state, with some incidents of vandalism leaving thousands in the dark.
“Our adversaries continue to look for ways to exploit our interconnected system. We must continue to be vigilant,” said NERC Senior Vice President Manny Cancel, who leads its Electricity Information Sharing and Analysis Center.
The E-ISAC's GridEx, the biggest grid security exercise in North America, took place Nov. 14-15 with more than 250 participants, including electric and natural gas companies and government agencies.
NERC warned of evolving cyber threats to the electric grid, “guided by geopolitical events, new vulnerabilities, changes in technologies, and increasingly bold cybercriminals and hackers.”
In a report released Thursday, the Federal Energy Regulatory Commission warned that “a coordinated cyber and/or physical attack on the bulk power system or generation fuel sources, especially in conjunction with a severe cold weather event, could be especially impactful.”
Data on electric disturbances reported by utilities shows about 95 human-related incidents, including vandalism and cyber events, in the first half of 2023, more compared with the same period in any past year, according to U.S. Department of Energy records dating back to 2000.
In an August report, NERC pushed to develop standards for the power sector on mitigating risk from cloud adoption and artificial intelligence technologies, along with cybersecurity training for the workforce.
