On November 16-17, 2021 the utility industry conducted its biennial grid security exercise – GridEx VI. According to NERC, GridEx VI’s objectives were to:
- Activate incident, operating, and crisis management response plans
- Enhance coordination with government to facilitate grid restoration
- Identify interdependence concerns with natural gas and telecommunications sectors
- Exercise response to a supply chain-based compromise to critical components; and
- Identify common mode and cyber operation concerns across interconnections.
The exercise did address the hybridized attacks of IT and OT networks which included ransomware as well as physical security (on-site premise and perimeter attacks). These are important issues, but do not directly affect keeping lights on.
The exercise does not seem to have identified the issues that could affect keeping lights on. Specifically, control system cyber issues including the lack of cyber security in grid process measurements, the Aurora vulnerability, and the Chinese hardware backdoors in power transformers and other grid equipment such as relays and inverters (https://www.controlglobal.com/blogs/unfettered/dni-identifies-chinese-transformers-as-cyber-vulnerable-risks-yet-doe-and-industry-ignore-the-threat/). The lack of cybersecurity in the grid’s process sensors is a common mode vulnerability that affects both situational awareness and incident response plans. Aurora is a gap in electrical grid protecting that can render the grid inoperative for 9-18 MONTHS by damaging expensive and difficult to replace machinery. It can also damage natural gas compressor stations. The Chinese hardware backdoors represents a supply chain compromise that can lead to unanalyzed grid disturbances affecting major population centers. Yet hardware supply chain issues were not addressed.
Why won’t the utilities adequately address what is their most important function which is keeping the lights on?
Joe Weiss
