The National Association of Regulatory Utility Commissioners Center for Partnerships & Innovation announced the release of the Cybersecurity Tabletop Exercise Guide and Public Utility Commission Participation in GridEx V: A Case Study. These new publications highlight the need for public utility commissions and utilities to coordinate on cybersecurity preparedness efforts. Robust and well-established communication protocols between utilities and regulators can prevent cybersecurity incidents and accelerate the recovery process in the event of a cybersecurity attack on critical energy infrastructure. The tabletop exercise (TTX) guide and case study are useful for these purposes.

The Cybersecurity Tabletop Exercise Guide, one of five tools in the Cybersecurity Manual, provides public utility commissions and other stakeholders with step-by-step instructions to design, conduct, and evaluate a cybersecurity-focused TTX.  A TTX is a discussion-based exercise where partners gather around a conference table (or virtually) and work through a simulated incident to identify emergency response capabilities.  The guide includes customizable templates, so public utility commissions with little or no exercise experience can easily fill in the blanks to start these critical conversations. Over the next year, NARUC will partner with the Texas Public Utility Commission to pilot this technical guide's applicability.

“The Public Utility Commission of Texas welcomes the opportunity to take part in the NARUC Cybersecurity Tabletop Exercise Guide pilot program,” said Chuck Bondurant, director, Critical Infrastructure Security and Risk Management, Public Utility Commission of Texas. “Given the ever-present threat to critical infrastructure posed by cyberattack, we embrace the importance of not only overseeing Incident Response Plans for individual utilities, but also ensuring our own organization is fully synchronized with our local, state and federal counterparts to ensure the most effective response.”

Public Utility Commission Participation in GridEx V: A Case Study highlights the experiences of six public utility commissions (Alaska, Connecticut, Colorado, Florida, Idaho and Iowa) that participated in GridEx V. GridEx focuses on response and recovery from coordinated cyber and physical security incidents on the bulk power system. The case study explores the benefits that PUCs gained from participating, as well as challenges they faced while coordinating with utilities in simulated cyber and physical attacks.

“The GridEx exercise demonstrated that it is not enough to just rely on preparation to respond to a cyber incident. We must continuously test the resiliency of our cyber infrastructure to improve the effectiveness of how our grid responds to cyber challenges,” said Commissioner Andrews Giles Fay of the Florida Public Service Commission.

The two new publications are available on NARUC's website at http://bit.ly/CybersecurityTTX and http://bit.ly/GridExV.