Today, the United States, Canada and Mexico will embark on an electrical grid joint simulation that will involve thousands of utility workers, government agencies, law enforcement, anti-terrorism experts and more than 150 businesses in the private sector.
Described as a stress test unlike anything the “power grid” has ever experienced before, the GridEX II drill on November 13 – 14, will measure readiness of the Electricity Sub-sector to respond to a cyber incident, strengthen utilities’ crisis response functions, and provide input for internal security program improvements.
GridEX II will build on lessons learned from GridEX 2011 both in terms of cybersecurity and physical security.
“The utility industry is faced with a myriad of challenges in the planning and design of the communications networks that will monitor, control and manage millions of meters and communicating field devices,” said Jason DeVoe, managing principal at Verizon Enterprise Security Solutions. “Initiatives like GridEx II are important because the threats to utility equipment today are evolving as the overall system has become more modern and increasingly interconnected.”
According to a recent report from Navigant Research, the worldwide installed base of smart meters will grow from 313 million in 2013 to nearly 1.1 billion in 2022. This will continue to drive unprecedented transformation and managing change will introduce costs for new and additional business process requirements and labor allocation.
“Traditionally, utilities have focused on building out their core functions from an operational standpoint while limiting security investment to enterprise information technology or the business side of the house. As the threat landscape continues to widen, moving forward it will be important for utilities to also invest in security controls that address the operations and industrial control side,” DeVoe added.
DeVoe acknowledges that this is easier said than done however.
“When it comes to security we are seeing significant knowledge gaps at utility companies on both the enterprise information technology (IT) side and the operational industrial technology (OT) side. A holistic cybersecurity program will address both IT and OT environments, and as the sides converge through grid modernization, the technical requirements and business strategies are often lost. GridEX II is an important milestone to the extent that it exposes these vulnerabilities on an industry-wide basis and identifies the actions needed to establish strategic partnerships between the public sector and trusted industry advisors in the private sector to develop and maintain the appropriate security posture that closes these gaps moving forward,” DeVoe added.
To learn more about Verizon’s security capabilities, click here.