The North American Electric Reliability Corp (NERC) concluded a two-day simulation with power sector entities to stress-test their emergency response and recovery plans for physical and cybersecurity attacks.
Plots against power infrastructure and electric substations have come to light recently in different parts of the country, including Maryland, North Carolina, Washington state and South Carolina, with some incidents of vandalism leaving thousands in the dark.
“Although, the E-ISAC is not aware of any specific credible cyber or physical threats to the North American grid, the threat landscape in which we are operating is unprecedented – we are facing challenges that are increasingly difficult to detect and protect against,” said Manny Cancel, NERC senior vice president and E-ISAC chief executive officer.
"Our adversaries continue to look for ways to exploit our interconnected system. We must continue to be vigilant," said Cancel said.
E-ISAC's GridEx, the biggest grid security exercise in North America, took place on November 14 -15, with more than 250 participants, including electric and natural gas companies government agencies.
NERC warned of evolving cyber threats to the electric grid, "guided by geopolitical events, new vulnerabilities, changes in technologies, and increasingly bold cyber criminals and hackers."
In a report released Thursday, the Federal Energy Regulatory Commission warned that "a coordinated cyber and/or physical attack on the bulk power system or generation fuel sources, especially in conjunction with a severe cold weather event, could be especially impactful."
Data on electric disturbances reported by utilities shows about 95 human-related incidents, including vandalism and cyber events, in the first half of 2023, more compared to the same period in any past year, according to U.S. Department of Energy records dating back to 2000.
In an August report, NERC pushed to develop standards for the power sector on mitigating risk from cloud adoption and artificial intelligence technologies, along with cybersecurity training for the workforce.
A public report on the exercise will be released by the end of March 2024.
More from Cybernews:
Subscribe to our newsletter