35+ Years of Freedom of Information Action


Published: Dec 6, 2019

Edited by Ian Sotnek and Alex Neumann 

For more information, contact:
202-994-7000 or nsarchiv@gwu.edu

Washington, D.C., December 6, 2019 – The GridEx Exercises are a series of biennial grid security exercises designed to evaluate the response of the electricity sector to a cyber incident, strengthen utilities’ crisis response functions, and inform security improvements. They are designed and planned by a group of industry stakeholders from the U.S. and Canada including service providers, the FBI, and the Departments of Energy and Homeland Security, to promote coordination amongst the stakeholders while highlighting cybersecurity threats facing the electricity sector.

The exercise, run by the North American Electric Reliability Organization (NERC -- a non-profit international regulatory authority), has historically featured operational components which evaluate the ability of the participants to respond internally and coordinate with other participants to respond to the simulated cyber threat.  In addition there is a tabletop component in which industry executives and senior government officials assess the policy-level issues and management decisions that would need to be made in case of a large-scale attack on electrical infrastructure.

Today the Cyber Vault is adding a set of associated documents including exercise summaries, after-action reports, and applications of the findings of the exercises on areas of the energy infrastructure for each iteration of the GridEx exercise from 2011 to 2017. Also included are documents previewing and otherwise related to the GridEx V exercise, which took place in November 2019.

These documents provide an overview of a typical infrastructure cybersecurity exercise as well as how such exercises operate on a large scale. Furthermore, the documents provide insight into the vulnerabilities that cybersecurity professionals have found and what a potential attack on the North American power grid might look like.


The documents