GridEx V Frequently Asked Questions What benefit do utilities receive by participating in GridEx V NERC's grid security exercise GridEx is designed for utilities and government partners to exercise coordinated responses to simulated cyber and physical security attacks strengthen crisis communications relationships and provide input for lessons learned Like its predecessors GridEx V is a voluntary exercise that will provide participants the opportunity to take part at a level that reflects their available resources and objectives while being consistent with the exercise scenario GridEx V will help participants strengthen their capabilities to respond to and recover from severe events affecting the reliable operation of North America's electric grid What part does compliance play during the exercise Compliance is not a part of the exercise GridEx V provides an opportunity for utilities and other stakeholders to exercise their cyber and physical security incident response procedures in a learning environment How do utilities register for the exercise Each utility and government organization identifies a lead planner who is responsible for coordinating participation Lead planners may register individuals within their utilities or allow these individuals to register themselves Lead planners from organizations that wish to participate in GridEx V should send their contact information to GridEx_registration@bah com The lead planner will then have access to the GridEx V planning website and receive on future communications with relevant exercise information Can anyone participate in GridEx V GridEx V participation is open only to registered utilities individuals the utility specifically invites e g vendors law enforcement emergency managers State Provincial Federal government and government organizations To ensure GridEx V is focused on security and operational response the exercise is closed to media and the public The Electricity Information Sharing and Analysis Center E-ISAC develops a public report highlighting lessons learned and recommendations following the exercise Does GridEx offer different levels of participation GridEx offers two levels of participation for organizations in GridEx V as an active organization or an observing organization Active organizations participate in the planning conferences adapt scenario injects to meet their local objectives engage in dynamic crisis response and communicate externally to other exercise participants for information sharing and coordination Observing organizations have access to all planning materials including the scenario injects do not communicate externally during the exercise and may choose to tabletop or discuss scenario events internally Utilities have the flexibility to switch from observing to active or vice versa as they gain knowledge on how they might best participate and dedicate the appropriate resources The E-ISAC will provide planning and support to encourage utilities new to GridEx to participate as active organizations Asset owners and operators AOOs can register as observers by sending their contact information to GridEx_registration@bah com Where can I observe GridEx V GridEx V is a distributed play exercise and does not have a central exercise location NERC recommends that external organizations e g supply chain law enforcement emergency managers and State Provincial Federal government identify those AOOs that they would like to observe during GridEx Each participating AOO may determine whether to allow external organizations to observe them during the exercise What are other benefits to participating in GridEx V o Relationships GridEx V helps to build and enhance relationships across the electric industry and with government stakeholders Lead planners can customize scenario events to achieve their local organizational objectives e g use a physical security threat to prompt power system operators to move to their back-up control center o Certification Hours Several certification programs require their members to earn Continuing Education Hours CEHs NERC is working to ensure that participants from active organizations are eligible for CEHs NERC certified operators as well as those individuals with information technology and physical security industry certifications can receive CEHs for participating in GridEx V o Exercise Processes For active organizations GridEx gives utilities the opportunity to exercise their processes that support EOP-004 - Event Reporting EOP-008 - Loss of Control Center Functionality CIP-008 - Incident Reporting and Response Planning CIP-009 - Recovery Plans for Critical Cyber Assets OE-417 - Exercise Reporting Internal and external communications and notification processes When is the deadline to register as an active participant GridEx V registration closes on September 30 2019 Lead planners should register early to ensure they have time to participate in the planning process for the exercise The E-ISAC develops planning materials for lead planners to support their roles in directing their organization's participants through the exercise Will NERC prepare a public report after GridEx V NERC produces a public report that includes key observations and recommendations for improving the exercise How should GridEx V participants respond to media inquiries regarding the exercise GridEx V participants may respond to media queries as they would respond to any media query Participants may also direct media inquiries to NERC Communications staff Marty Coyne and Kimberly Mielcarek GridEx V FAQ 2 Please note o NERC does not disclose the scenario premise or names of participating organizations or individuals Only participating organizations can notify media about their participation in GridEx V o NERC will not respond to media queries about a specific entity but will speak about industry participation as a whole o Individuals and organizations participating in or observing GridEx V should not disclose details of the exercise and should instead refer all media inquiries about the details of the exercise to NERC Communications staff Marty Coyne and Kimberly Mielcarek For more information on GridEx V contact E-ISAC Events GridEx V FAQ 3 This document is from the holdings of The National Security Archive Suite 701 Gelman Library The George Washington University 2130 H Street NW Washington D C 20037 Phone 202 994-7000 Fax 202 994-7005 nsarchiv@gwu edu