GridEx II: News Media Quiet Ahead Of November 13-14 National Power Grid Emergency Drills
November 12, 2013 in Uncategorized
| WTF News |
GridEx II, the set of national emergency drills designed to simulate massive outages and related problems from varied threats is scheduled to begin Wednesday, November 13 and will extend to the following day. The media, mainstream and alternative alike has been relatively quiet about the drills. There is however, the usual collection of abhorrently bad Youtube videos on the subject which will not be dignified by links.
The exercises are organized by the North American Electric Reliability Corporation (NERC).
NERC About Page
The North American Electric Reliability Corporation is a not-for-profit entity whose mission is to ensure the reliability of the Bulk-Power System in North America. NERC develops and enforces Reliability Standards; annually assesses seasonal and long-term reliability; monitors the Bulk-Power System through system awareness; and educates, trains and certifies industry personnel. As the electric reliability organization, NERC is subject to oversight by the Federal Energy Regulatory Commission and is under similar obligations in Canada, as well as a portion of Baja California Norte, Mexico.
The ERO’s key programs, which impact more than 1,900 Bulk-Power System owners and operators, are based on four pillars of continued success:
· Reliability – to address events and identifiable risks, thereby improving the reliability of the Bulk-Power System.
· Assurance – to provide assurance to the public, industry and government for the reliable performance of the Bulk-Power System.
· Learning – to promote learning and continuous improvement of operations and adapt to lessons learned for improvement of Bulk-Power System reliability.
· Risk-Based Approach – to focus attention, resources and actions on issues most important to Bulk-Power System reliability.
They even made cute little “Save the Date” cards
What is GridEx?
GridEx II Explanation (PDF)
In November 2011, the North American Electric Reliability Corporation (NERC) conducted its first sector – wide grid security exercise, GridEx 2011.
The geographically distributed exercise was designed to validate the readiness of the electricity sector to respond to a cyber incident, strengthen utilities’ crisis response functions, and provide input for internal security program improvements.
Seventy – five industry and government organizations from the United States and Canada participated in GridEx 2011. NERC intends to build on the success of GridEx 2011, while expanding participation and scope for GridEx II.
GridEx 2013 Objectives
The participants of GridEx 2011 successfully achieved the objectives established in the initial planning phase.
The updated objectives for GridEx II are:
• Exercise the current readiness of the electricity industry to respond to a security incident, incorporating lessons learned from GridEx 2011.
• Review existing command, control and communication plans and tools for NERC and its stakeholders.
• Identify potential improvements in physical and cybersecurity plans, programs, and responder skills.
• Explore senior leadership policy doctrine and triggers in response to major grid reliability issues.
As in the first GridEx engagement, GridEx II will feature a hybrid, operational – and discussion-based exercise format that combines a geographically distributed environment for operators and a tabletop exercise for executive leadership. The majority of participants will take part from their normal work environment. During the one and a half days of the live exercise play, participants will receive sequenced email messages
– injects – that detail notional scenario conditions. Based on this information, participants will engage in both internal response measures and external information sharing activities across the sector. An Exercise Control cell, based in Washington, D.C., will manage scenario distribution, monitor exercise play and capture response activities.
Planning and Participation
The nine-month planning cycle will be structured around three planning conferences: the Initial Planning Conference on March 26th, the Mid-term Planning Conference on June 4th, and the Final Planning Conference on October 1st. Designated planners from each organization will participate in planning conferences and designate
GridEx players. They will also support the development of a credible scenario that achieves exercise objectives. Planners will support scenario development and the orientation of their players. Organizations can elect to be “Full Players” that participate directly in planning, dynamic exercise play and after action activities; or “Monitor/Respond Players” who engage in a more passive, less resource intensive manner. The exercise is not open to media or non-participants.
The website’s F.A.Q.
When is the deadline to register for GridEx II?
Registration for GridEx II closes on November 1. Ensure you are up-to-date throughout the planning and preparation process by registering early. Current exercise information will also allow you to determine your level of participation in GridEx II.
Who should register for the exercise? Should there be one individual who registers for an entity or should all potential participants register separately?
Each participant should register on the GridEx II portal to ensure the most current contact directory. The directory will be used for communications during planning and exercise play. The Lead Planner (to be identified by your organization) is responsible for coordinating your organization’s involvement and participation level.
Can anyone attend GridEx II?
GridEx II is open only to registered industry participants and federal stakeholders. No media or observers will be allowed in the exercise to ensure confidentiality and integrity of the scenario.
Will compliance findings come out of GridEx II?
GridEx II is a scenario created as a learning event for industry to exercise their physical and cybersecurity procedures and response. There is no compliance risk associated with this exercise. Additionally, the expected level of detail in responses to the exercise scenario from participating organizations will not reach a threshold for compliance; for example, there will not be in-depth technical discussions on firewall settings or other sensitive internal organizational information shared during the exercise.
How will regional entities participate in GridEx II?
There are two ways for regional entities to participate in GridEx II — as Monitor/Respond Players to keep informed by exercise injects or as Full Player Organizations to build a coordinated situational awareness picture for the region and any impacted entities. GridEx II, a learning exercise event, allows organizations to do real-world training so that existing communication paths that include regional entities can be used as they would be in a real event. There was no compliance risk associated with or resulting from GridEx 2011, and there will be no compliance risk associated with GridEx II.
Will a public report be released after GridEx II?
NERC will release a report that details the findings of the exercise. GridEx 2011 found 6 major findings and associated recommendations that are detailed in the after action report. Those findings will be built into GridEx II.
What is the return on investment for the organizations who dedicate their participants’ time to the exercise?
GridEx II will foster/enhance relationship building across the sector. It will also allow organizations stress test their incident response plans. For additional details regarding players return on investment take a look at slide 7 on the Recruitment Deck which lays out the return of investment by level of participation.
Compliance requirements under CIP Standards are still the responsibility of those organizations. For ‘Full Player Organizations’ (not ‘Monitor/Respond Organizations’), the scenario, training, crisis response and communications within the GridEx II exercise will provide opportunities for Full Player Organizations to capture the performance of the following potential annual compliance requirements:
• CIP-001 exercise opportunity for reporting to local and state law enforcement / FBI
• CIP-008 exercise opportunity of Incident Response Plan
• CIP-009 exercise opportunity
• EOP-004 procedure exercise opportunity
• EOP-008 exercise opportunity
• OE-417 exercise reporting opportunity
• Annual updates utilizing GridEx II Lessons Learned
• Exercise of internal communications and notification lists
Will GridEx II provide any continuing education hours for certificate holders who participate as Players or Planners?
NERC is pursuing the establishment of training registration mechanisms that would allow for entity participants from Full Player Organizations to earn Continuing Education Hours (CEH) for the time committed to the GridEx II event. These CEH hours are required by a number of certification programs and NERC is working to ensure hours are granted for the NERC Certified Operators as well as those participants holding IT industry certifications.
What are Some of the GridEx II SharePoint Site Best Practices?
The GridEx II SharePoint site is a tool for GridEx Working Group members and Lead Planners
• The GridEx II SharePoint site is compatible with Internet Explorer (IE) 8, if you are
having issues viewing the site in your current IE browser go to the
following link, http://windows.microsoft.com/en-us/internet-explorer/use-compatibility-view#ie=ie-10
• The homepage contains a calendar of events and on the left side of the site is a list of
folders pertaining to different GridEx II exercise materials
How can Lead Planners find out who from their organization has registered for GridEx II?
EDITOR’S NOTE: SECTION WAS LEFT BLANK HERE. WHY?
What is the agenda for the GridEx II FPC?
The Final Planning Conference is Tuesday, 1 October. This is primarily a conference call and will use separate dial-in codes for the Planner and Player portions, below, in the draft agenda. All times are Eastern. The agenda items from 2 p.m. onward are for both Players and Planners (shaded in grey).
· 9:00-9:15 – GridEx II introductions and opening remarks
· 9:15-11:00 – GridEx II planning & design recap/Planner Handbook Review
· 11:15-12:30 – MSEL dry run
· 12:30-1:00 – Lunch
· 1:00-2:00 – MSEL tailoring and alignment
· 2:00-3:15 – Player orientation
· 3:15-4:00 – C2M2 briefing
· 4:00-4:15 – Wrap-up
Chinese Military Forces Taking Part?
This is one area people are latching onto as a sign of trouble to come. Why would foreign military forces need to participate? Can’t the collection of US forces provide what support is needed?
Soldiers from the Chinese Army, called the “People’s Liberation Army,” are now in Hawaii for what the local news outlet, the Star Advertiser, referred to yesterday as “disaster relief exercises,” coinciding with the little reported Grid Ex II exercises.
Michelle Tan of the Army Times reported today that this will be the first time ever that the Chinese Army will be teaming with American forces.
“The Hawaii-based portion of the exercise is a continuation of an annual — and growing — exchange between the Army and the People’s Liberation Army, said Col. John Lee, strategy and plans officer for security cooperation and policy at U.S. Army Pacific.”
Last year, Russian “Airborne Assault Forces” arrived in Colorado for similar drills, as reported by Alex Newman of the New American. He wrote that Cmdr. Wendy L. Snyder, U.S. Defense Press Officer for policy, said
“This is the first time that American and Russian special operations troops have participated in a bilateral exercise.”
There seem to be quite a few “firsts” with communist military forces teaming up with American forces.
Neither article mentions Grid Ex II. But as Timothy Whiteman of the Examiner points out,
“…the Department of Defense official website quietly noted rather generically that Chinese troops were invited to ‘attend next year’s Rim of the Pacific multilateral naval exercise.’”
The DoD website also noted that Defense Secretary Chuck Hagel and Chinese Defense Minister Gen. Chang Wanquan announced that they “agreed to expand the current system of defense exchanges and joint exercises.”