GridEx IV Summary Scott Heffentrager Sr Director Physical Security BCP and Facility Services MC Webinar November 27 2017 www pjm com PJM C 2017 2017 GridEx IV What NERC Sponsored North American grid resilience exercise conducted every 2 years When November 15 - 16 2017 Purpose Strengthen Industry capabilities to respond to and recover from severe physical cyber and operational events affecting the bulk power system Who NERC-registered entities law enforcement local government suppliers Voluntary participation How Simulated cyber and physical attacks that degrade bulk power system operations 2 PJM C 2017 ISO RTO Participation in 2017 GridEx IV Code Name ERCOT ERCOT ISO FRCC Florida Reliability Coordinating Council HQT HydroQuebec TransEnergie ISNE ISO New England Inc MISO Midcontinent Independent System Operator NBPC New Brunswick Power Corporation NYIS New York Independent System Operator ONT Ontario - Independent Electricity System Operator PJM PJM Interconnection SPC SaskPower SOCO Southern Company Services Inc SPP Southwest Power Pool TVA Tennessee Valley Authority VACS VACAR-South PEAK Peak Reliability AESO Alberta Electric System Operator 3 PJM C 2017 2017 GridEx IV GridEx IV is a biennial unclassified public private exercise designed to simulate a cyber physical attack on electric and other critical infrastructures across North America to improve security resilience and reliability 3 Generation Operators 15 Transmission Operators o o o o o o o o o o o o o o o American Electric Power AEP Atlantic City Electric ACE Baltimore Gas Electric BGE Commonwealth Edison ComEd Dayton Power Light DPL DelMarva Power Dominion Duquesne East Kentucky Power EKPC First Energy PECO Pepco PPL PSE G RECO East Kentucky Power EKPC PSE G American Electric Power AEP o o o Key Observers Department of Homeland Security DHS FEMA U S Army Cyber Command Defense Advanced Research Projects Agency DARPA Utility Commissions PA NJ MD o o o o o Key Objectives o o o o o Exercise Incident response plans Exercise Crisis Communications Exercise Incident Response Capabilities with PJM members adjacent Reliability Coordinators and external agencies Engage Interdependent Sectors Engage Senior Leadership 4 PJM Participants o Corporate Incident Response Team IRT o Operational Emergency Response Team OERT o Cyber Security Response Team CSIRT o Physical Security Incident Response Team PSIRT o Crisis Communication Response Team CCRT o System Operations Training o Business Continuity Planning o State and Member Training o State and Government Policy o Enterprise Information Security o Corporate Applications o Applied Solutions PJM C 2017 Exercise Results Due to the decisive actions taken by PJM and TO GO operators the PJM footprint stood resilient against operational physical and cyber injects Exercised o o o o o o Loss of extra high voltage assets Realistic communications Incorporated lessons learned from 2016 Annual Security Exercise Promoted awareness of cyber events with dispatchers Provided 13 Continuing Education Hours for dispatchers Provided CIP compliance evidence www pjm com 5 PJM C 2017 Next Steps o o o o o o o www pjm com Conduct Lessons Learned with PJM internal external participants Compile and Report Lessons Learned to NERC Review Executive Tabletop Summary for Lessons Learned NERC Report Issued out in February Incorporate Lessons Learned from GridEx IV into Annual Security Exercise Incorporate Lessons Learned updates into emergency procedures Conduct Annual Security Exercise in 2018 6 PJM C 2017 This document is from the holdings of The National Security Archive Suite 701 Gelman Library The George Washington University 2130 H Street NW Washington D C 20037 Phone 202 994-7000 Fax 202 994-7005 nsarchiv@gwu edu