GridEx: Challenging the Grid to Make It More Secure

By Scott Heffentrager, senior director – Physical Security & Facilities Services and Steven McElwee, chief information security officer – PJM Interconnection

Steven McElwee, chief information security officer – PJM Interconnection, and Scott Heffentrager, senior director – Physical Security & Facilities Services.

The situation on the electrical grid spanning the U.S. and Canada was grim.

Cyberattacks targeted multiple utilities simultaneously, as physical attacks on infrastructure and insider threats popped up across North America, impacting the ability to deliver the electricity that powers modern life. PJM Interconnection summoned its incident response teams, scanning its footprint in concert with neighboring grid operators, ready to respond to the kind of emergency we had never yet encountered.

Thankfully, this scenario was not real but was part of a nationwide emergency preparedness exercise called GridEx.

This month, PJM will join hundreds of organizations and thousands of industry professionals, government officials, law enforcement and other stakeholders as part of GridEx V, the two-day simulated emergency drill that also includes a tabletop exercise in Washington, D.C., attended by high-ranking government officials and industry executives.

GridEx challenges participants to respond to, recover from and successfully communicate through coordinated cyber and physical attacks. This is how the operators of the electric grid in the United States and Canada practice for the worst extreme threat scenarios experts can imagine.

An Intricate Balance

Keeping the lights on requires the consistent, precisely coordinated flow of electricity between generators, transmission line owners and the utility companies that distribute power to 65 million people in the PJM footprint. Damage to these facilities or communication networks can upset this balance.

On the twin fronts of physical and cybersecurity, PJM is continuously improving our capabilities to identify, protect against, detect, respond to, and recover from potential internal and external threats to our systems and information.

We embrace the challenge of managing these complex, ever-evolving risks. But we don’t do it alone. We work with our industry partners, the state and federal government, the North American Electric Reliability Corporation (NERC), and the Electricity Information Sharing and Analysis Center (E-ISAC). E-ISAC is the primary security communications channel for the electric industry and works with the industry to enhance preparation and response to security threats.

While PJM regularly conducts simulator drills with our transmission owners and other critical players, every two years, GridEx allows us to test ourselves in extreme attack scenarios aimed at taking down the electrical systems in all of North America.

Uniting Grid Operators for Emergency Response

The 2017 event, GridEx IV, simulated a number of sophisticated cyber and physical attacks targeting grid control systems, generation and transmission facilities, and other critical infrastructure, leading to widespread, prolonged power outages. Participants included the FBI, Department of Homeland Security, Department of Defense, Department of Energy, and multiple state governments.

Exercises like GridEx are crucial for PJM. Across our grid alone, we manage 84,238 miles of transmission lines and their associated substation facilities. These networks are served by nearly 1,400 electricity generators and resources, including natural gas plants and pipelines. Fuel supplies for natural gas, coal-burning facilities and nuclear plants are an important part of supply chain considerations. And we are just a small part of the national grid, connected via nearly 400 tie lines to other regional transmission organizations.

NERC, the organization that oversees grid reliability on the continent, held the first GridEx event in 2011, and it attracted 180 participants. At the last GridEx event in 2017, more than 6,500 people and 450 organizations were involved. GridEx has increased participation across supply chain industries, such as gas, water and communications utilities, as well as affected stakeholder groups and state governments.

Evolving to React to Changing Threats

As the makeup of the power grid evolves, including more natural gas and renewable resources, PJM’s strategy to defend physical assets evolves, too. For the first time this year, we held a joint exercise with a natural gas pipeline company to coordinate our emergency response efforts to keep key generators supplied with fuel.

From a cybersecurity perspective, we know technology is always changing, requiring us to apply innovative tools and approaches. We have to be ready to react to anything – including attacks that we have never encountered before. Equipping our staff with skills, techniques and situational awareness helps to increase the effort and cost for adversaries to carry out attacks. We constantly scour our systems for vulnerabilities. When we find weaknesses, we fix them.

One of our new initiatives utilizes machine learning to recognize threats and report anomalies. Malicious actors are increasingly armed with their own machine-driven forces to constantly probe system defenses. PJM is leveraging artificial intelligence to enhance situational awareness to detect attacks and defend our systems.

Learning, Together

Feedback from drills and tabletop practice sessions, such as GridEx, consistently reveals that cyber and physical security rely on extensive outreach, communication and coordination. Lessons learned are evaluated and incorporated into our processes, positioning us for a better response in the event of any future attack.

As GridEx V approaches, we look forward to enhancing our coordination across the electricity industry, improving our relationships with government stakeholders and sharing what we know. The energy industry is confronted daily by cyber and physical threat actors. We know the stakes are high. As we collaborate and coordinate with other regional transmission organizations, transmission owners and generation owners across North America, we find tremendous value in coordinated exercises – working together against the constantly evolving threats to deliver energy reliably.