The Turlock Irrigation District will participate in a nationwide test on Wednesday and Thursday, intended to gauge the national power grid’s ability to stand up to security threats like cyber attacks.
The test will consist of a number of simulated scenarios, and will have no real-world effects. The testing is not expected to impact TID customers in any way, but will help the District make a solid report on the potential risks and weakspots in the area (like those https://blog.cobalt.io/how-to-write-a-great-vulnerability-report-ab8654c6290c shows) and then address these weaknesses.
The exercise, known as GridEx II, will be the second grid security exercise conducted by the North American Energy Reliability Corporation, a not-for-profit entity tasked with ensuring the reliability of America’s power system.
The first GridEx, conducted from Nov. 16 to 17, 2011, was intended to test the grid’s readiness to respond to a cyber incident, strengthen utilities’ crisis response functions, and provide input for internal security program improvements. A total of 75 industry and governmental organizations participated in GridEx 2011; TID was not among the participants.
This year’s simulated exercise is intended to build on the results of GridEx 2011, and further test the system’s security by expanding both scope and participation. According to NERC, the test will examine the grid’s response to a “disruptive, coordinated physical and cyber” attack.
The test will see participating utilities and businesses receive a number of e-mails that detail the conditions of the ever-changing security scenario. As the e-mails come in, participants will conduct their internal response measures and share information about attacks throughout the sector. The entire exercise will be overseen by a group in Washington, D.C.
The district will not be a full player in the event, responding dynamically to the exercise, as some utilities will. Instead, TID will be a monitor/respond player, receiving the scenario information as it unfolds and then stress-testing its incident response plans at a later date.
“We will then take this information and play out our internal cyber security plan,” said TID spokesperson Michelle Reimers. “This exercise will be useful in testing response plans and in testing communication channels between government entities and utilities.”
