North American grid regulator tests physical, cybersecurity preparedness

The North American Electric Reliability Corp (NERC) concluded a two-day simulation with power sector entities to stress-test their emergency response and recovery plans for physical and cybersecurity attacks.

Plots against power infrastructure and electric substations have come to light recently in different parts of the country, including Maryland, North Carolina, Washington state and South Carolina, with some incidents of vandalism leaving thousands in the dark.

“Although, the E-ISAC is not aware of any specific credible cyber or physical threats to the North American grid, the threat landscape in which we are operating is unprecedented – we are facing challenges that are increasingly difficult to detect and protect against,” said Manny Cancel, NERC senior vice president and E-ISAC chief executive officer.

"Our adversaries continue to look for ways to exploit our interconnected system. We must continue to be vigilant," said Cancel said.

E-ISAC's GridEx, the biggest grid security exercise in North America, took place on November 14 -15, with more than 250 participants, including electric and natural gas companies government agencies.

NERC warned of evolving cyber threats to the electric grid, "guided by geopolitical events, new vulnerabilities, changes in technologies, and increasingly bold cyber criminals and hackers."

In a report released Thursday, the Federal Energy Regulatory Commission warned that "a coordinated cyber and/or physical attack on the bulk power system or generation fuel sources, especially in conjunction with a severe cold weather event, could be especially impactful."

Data on electric disturbances reported by utilities shows about 95 human-related incidents, including vandalism and cyber events, in the first half of 2023, more compared to the same period in any past year, according to U.S. Department of Energy records dating back to 2000.

In an August report, NERC pushed to develop standards for the power sector on mitigating risk from cloud adoption and artificial intelligence technologies, along with cybersecurity training for the workforce.

A public report on the exercise will be released by the end of March 2024.

More from Cybernews:

FTC unveils voice cloning challenge to combat AI fraud

No, Osama bin Laden’s “Letter to America” did not go viral on TikTok

European Commission, IBM pull ads from Elon Musk’s X

Change of tactics: ALPHV reports target to SEC for failing to disclose breach

Apple to improve green bubbles on iPhone to RCS standard

Subscribe to our newsletter