Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceFire & Life SafetyPhysical Security

Special Report – Critical Infrastructure

GridEx: How exercising response and recovery supports grid reliability

GridEx has grown to be the largest distributed play exercise of its kind in North America, serving as a critical benchmark that maximizes the ability of organizations to coordinate with neighboring utilities and reliability coordinators to effectively exercise and address grid reliability issues.

By Kate Ledesma
GridEx-Feature

narvikk / E+ via Getty Images

SEC1021-SR-Gridex-slide2_900px.jpg

halbergman / E+ via Getty Images

GridEx-Feature
SEC1021-SR-Gridex-slide2_900px.jpg
October 7, 2021

The North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) has hosted GridEx since 2011, its biennial grid security exercise designed to help prepare the electricity industry to respond to contemporary threats and security issues. Since then, GridEx has provided utilities and government stakeholders the opportunity to improve industry security and resilience by exercising their response and recovery plans and collaboration efforts during simulated cyber and physical attacks impacting the reliable operation of the North American power grid.

As the largest sector-specific functional exercise, GridEx offers complex attack scenarios designed to overwhelm even the most prepared utilities and participant organizations to push the limits of a potential real event or crisis. Next month, on November 16 and 17, 2021, the industry will once again come together to participate in GridEx VI.

Initially conceived as a tabletop exercise to strengthen coordination between the electricity industry and government to prepare for a response to cyber incidents, the exercise has grown to be the largest distributed play exercise of its kind in North America. Participation has grown steadily from 75 organizations in the initial exercise in 2011 to more than 500 organizations and 7,000 participants from the United States, Canada and Mexico in 2019’s GridEx V. The growth in participation, coupled with the diversity of participating organizations, is a positive sign of the industry’s understanding of the collective threats facing the industry and the critical importance of preparedness. Previous GridEx participants consistently report that the exercise helped them to assess and enhance their operational response capabilities.

To ensure participants derive the greatest benefit, the E-ISAC and its partners work to create authentic scenarios that reflect the threat landscape at that time. Observing Stuxnet — a computer worm that was originally aimed at Iran’s nuclear facilities and has since mutated and spread to other industrial and energy-producing facilities — and other cyber incidents with the potential to affect operations and reliability of the bulk power system, NERC designed the first GridEx scenario to validate the readiness of the electricity industry to respond to a cyber incident, strengthen utilities’ crisis response functions, and provide input for internal security program improvements.

Since then, GridEx has evolved to include both cyber and physical security threats. Events such as the 2013 Metcalf substation rifle attack — where a group or individual attacked an electrical substation, causing more than $15 million in damages — have underscored the potential for disruption presented by physical security events, as well as the value of opportunities to exercise response to both cyber and physical security incidents in a converged threat environment. In addition to exercising their own internal response and recovery plans, participants also focus on grid operational reliability. GridEx provides the opportunity to coordinate regionally and across organizations on issues affecting interconnected generation, transmission and distribution systems.

GridEx scenarios, developed by NERC and the E-ISAC, in coordination with industry subject matter experts, are designed to challenge organizations’ response capabilities. The scenarios are customizable, allowing organizations to meet specific internal training and exercise needs, as well as meet regional objectives. This maximizes the ability of organizations to coordinate with neighboring utilities and reliability coordinators to exercise and address grid reliability issues effectively.

Scenario elements over the past decade have included a wide range of current and emergent threats, including malware targeting industrial control systems, ransomware, distributed denial of service attacks, supply chain compromises, rifle fire at high voltage transmission substations and targeted explosions at key natural gas pipelines.

Lessons learned from GridEx over the years include both tangible recommendations for entities and industry-wide insights. Findings from the exercise and subsequent industry actions have led to strengthened crisis communications procedures across the industry. During GridEx V, the Cyber Mutual Assistance Program was successfully activated and exercised to share information as well as resources and was incorporated into both regional and national play. GridEx also provided an opportunity for the industry to exercise and enhance communications resilience through simulation of degraded or disrupted communications paths. This prompted players to identify alternatives and use backup communication tools. GridEx also highlighted the need for the industry to continue to strengthen relationships with intelligence partners, law enforcement, emergency responders and national security agencies.

Reflecting on these findings, GridEx has matured over the years to include other organizations outside the electricity industry. Today, GridEx participants include a broad set of stakeholders with vital roles in response, recovery and restoration, including law enforcement, government agencies at the local, state and federal levels, and other critical infrastructure sectors such as finance, telecommunications and natural gas.

In conjunction with the distributed exercise, NERC and the E-ISAC also host an invitation-only executive tabletop as part of GridEx. This brings together senior U.S. and Canadian government officials and industry CEOs to discuss policy decisions and extraordinary operational measures necessary to restore grid reliability in a cross-border scenario centered on a severe combined cyber and physical attack on the North American electricity system. Recommendations from previous tabletops have largely focused on enhancing government and industry operational coordination during incidents and developing better public-private national security policy coordination.

Next month, NERC and the E-ISAC will facilitate the sixth iteration of GridEx. The distributed nature of the exercise is uniquely suited to continue to deliver and enhance the exercise experience for participants, even as organizations have adapted to embrace a hybrid or increasingly remote workforce. Electricity organizations, government agencies and partner organizations from across North America will join the NERC and E-ISAC teams for two days of exercises.

GridEx VI will exercise the resilience of the North American power grid in the face of a coordinated attack from a nation-state adversary. The scenario will provide the opportunity for organizations to activate incident, operational and crisis management response plans; enhance coordination with the government to facilitate restoration; and exercise response to a supply chain-based compromise to critical components in a no-fault environment. Building on lessons learned from previous iterations of the exercise, the GridEx VI scenario will also continue to facilitate the identification of interdependence concerns with the natural gas and telecommunications sectors.

The scenario, informed by industry expert recommendations and current events, reflects the diversity of today’s distributed energy resources, the complexity of modern supply chains, and the necessity of coordinated response across industry and government to restore and ensure grid reliability.




Recognizing 2021’s National Critical Infrastructure Security and Resilience Month, Security magazine had the honor of working with security leaders within the public and private sectors to bring you October’s Special Report — comprised of five different features to be used as best practices and resources to assist critical infrastructure organizations in bolstering their security postures to prevent and reduce the risks of disruptions.

  • A resilience framework for the future
  • Protecting the energy grid is a team sport
  • Cyber-physical security in an interconnected world
KEYWORDS: business continuity critical infrastructure cyber security enterprise security gridex public sa risk management security management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sec1021 sr gridex slide3 900px

Kate Ledesma is the Resilience and Policy Manager at the North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC). Prior to this role, she was a Senior Advisor and acted as a Deputy Chief of Staff at the Cybersecurity and Infrastructure Security Agency. Image courtesy of Ledesma


Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0821-Covid-Georgetown-Feat-slide1_900px

    Georgetown University’s Office of Emergency Management supports COVID-19 response

    See More
  • energy security

    CISA and AVANGRID conduct virtual exercise to improve emergency response and recovery plans

    See More
  • cyber_lock

    COVID-19 and the need for a national cyber director: How the response to the pandemic illustrates the importance of a leadership

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing