GridEx II - National Mock Power Outage
Posted: Wed Nov 13, 2013 8:27 am
National power grid in mock emergency Nov 13 and 14. No real power outages will occur.
http://www.nerc.com/pa/CI/CIPOutreach/Pages/GridEX.aspx
I post this here because business contingency planning is rooted in the same concepts as personal preparedness, though it may look a little different at first. In this case, it's good to know that power companies are preparing for physical and cybersecurity threats. There is a link to the public version of the after action report on the original GridEx in 2011. If you are into that kind of thing, give it a look. ProTip: Skip the executive summary and go straight to page 10. It appears to be a mild review of how well everything went, but reading between the lines a couple of things jump out.
While some organizations readily shared information across functions, others worked in isolation and struggled to recognize implications for both operational and IT assets. This means at least one group talked to another, but overall most everyone "silo"ed and did not communicate until the situation was too big for them.
...some business units such as generation and transmission operators also noted that cross-department information sharing could have occurred in a more proactive manner. This means when one sector became overwhelmed, no one else was ready to step in to help. While this is usually due to how big the crisis is, in this case it was compounded by understaffing.
Entities reported the need to establish clearer thresholds that can rapidly distinguish a common operational issue from a major cybersecurity incident. Most people were really confused with whether or not the scenario constituted a threat.
...highlighted a heavy reliance on e-mail, teleconferencing, and other technology that enables coordination in crisis conditions. We all know these things are the first to go down... They need to find other ways to talk to each other.
I don't share this to bash the power companies. I am happy they are testing and evaluating plans. And we learn more from our failures than from our successes, as hard as that might be to admit sometimes. So kudos to them. But the bottom line... keep prepping, cause the power companies can only do so much.
http://www.nerc.com/pa/CI/CIPOutreach/Pages/GridEX.aspx
I post this here because business contingency planning is rooted in the same concepts as personal preparedness, though it may look a little different at first. In this case, it's good to know that power companies are preparing for physical and cybersecurity threats. There is a link to the public version of the after action report on the original GridEx in 2011. If you are into that kind of thing, give it a look. ProTip: Skip the executive summary and go straight to page 10. It appears to be a mild review of how well everything went, but reading between the lines a couple of things jump out.
While some organizations readily shared information across functions, others worked in isolation and struggled to recognize implications for both operational and IT assets. This means at least one group talked to another, but overall most everyone "silo"ed and did not communicate until the situation was too big for them.
...some business units such as generation and transmission operators also noted that cross-department information sharing could have occurred in a more proactive manner. This means when one sector became overwhelmed, no one else was ready to step in to help. While this is usually due to how big the crisis is, in this case it was compounded by understaffing.
Entities reported the need to establish clearer thresholds that can rapidly distinguish a common operational issue from a major cybersecurity incident. Most people were really confused with whether or not the scenario constituted a threat.
...highlighted a heavy reliance on e-mail, teleconferencing, and other technology that enables coordination in crisis conditions. We all know these things are the first to go down... They need to find other ways to talk to each other.
I don't share this to bash the power companies. I am happy they are testing and evaluating plans. And we learn more from our failures than from our successes, as hard as that might be to admit sometimes. So kudos to them. But the bottom line... keep prepping, cause the power companies can only do so much.