Professional Documents
Culture Documents
GridEx II Overview NERC will host GridEx 2013 on November 13-14, 2013 North American wide distributed-play exercise Executive policy trigger table top exercise on 14 November
RELIABILITY | ACCOUNTABILITY
GridEx II Objectives
GridEx II Objectives
1
Validate the current readiness of the electricity industry to respond to a security incident, incorporating lessons learned from GridEx 2011 Assess, test, and validate existing command, control and communication plans and tools for NERC and its stakeholders
Identify potential improvements in physical and cybersecurity plans, programs, and responder skills
Evaluate senior leadership policy doctrine and triggers in response to major grid reliability issues
RELIABILITY | ACCOUNTABILITY
GridEx II Participants
Core group of approximately 10 planners committed to a sustained scenario development effort Available for planning conferences and regular exercise design teleconferences Leaders of full player organizations that attend planning conferences, provide scenario feedback and orient players Provided opportunity to shape after action findings Players that will be fully engaged in the exercise, responding to all relevant injects and coordinating activities across the player set Fully player organizations generally engage in the planning process with sufficient time to orient players Entities that are not fully engaged in the GridEx planning process but express an interest in participating and gaining visibility into the exercise Monitor/Respond entities can receive injects, exercise internal processes and participate in coordination calls
Planners
Full Players
Monitor/Respond Players
RELIABILITY | ACCOUNTABILITY
Scenario Imperatives
Broad Relevance and Application Cyber and Physical Vectorswith Extended Conditions Highlights Timely Vulnerabilities and Issues
Given the diverse player set, the scenario should have far-reaching application that can exercise the plans and processes of all players Must test policy implications
Scenario must feature cyber & physical attacks that engage a range of security staff Feature prolonged blackout, potentially to be played in TTX
Must feature current concerns and challenges facing industry To avoid one-size-fitsall, can craft several scenario workstreams for entities to select from
RELIABILITY | ACCOUNTABILITY
GridEx II Timeline
IPC (March 26) Initial Planning Phase Initiate outreach Shape scenario themes Confirm exercise mechanics
MPC (June 4) Mid-term Planning Phase Craft scenario narrative Develop materials Confirm participation
Kick-Off
Conduct
After Action
Oversee distributed play Facilitate senior TTX Capture player actions and findings
Analyze findings and lessons learned Draft After Action Report and Briefing
RELIABILITY | ACCOUNTABILITY
Executive TTX (1/2 Day) Exercise Control Oversees exercise play & facilitates interactions between exercise modules Discussion-based construct engages senior decision makers in assessing distributed play and exploring policy triggers
Executive TTX
Federal Agencies
RELIABILITY | ACCOUNTABILITY
Mature scenario in written form that features key events, timing and expected player actions
Scenario Narrative:
Developed by CIPC Working Group to meet objectives and engage player set
Individual injects (or pieces of information) derived from scenario narrative for release to players
Players respond to injects through info sharing efforts, interaction with ExCon and other players
Exercise Play
ExCon and C/Es observe and capture interactions and craft dynamic injects as needed
RELIABILITY | ACCOUNTABILITY
RELIABILITY | ACCOUNTABILITY
Compliance Concern
Possible Benefits PER training credits for operators CIP-008 exercise opportunity of Incident Response Plan Possible CIP-009 test opportunity Possible EOP-008 test opportunity CIP-001 exercise opportunity of reporting to local and state FBI EOP-004 procedure test opportunity OE-417 test reporting opportunity Utilize lessons learned to perform annual updates Test internal communications and notification lists
If we play and identify a weakness due to non-compliance If we do not perform an expected player action that is in our procedures do we self report Legal teams not comfortable with submittal of data to NERC, ESISAC, law enforcement
10
RELIABILITY | ACCOUNTABILITY
Event
Transmission Operations Generation Operations Energy trading Field operations Tech service Communication & control OT teams Corporate IT Physical Security Major Accounts Executive Leadership Corporate communications State and local law enforcement
11
Large conference room 40 50 Players 4-5 planners on site to coordinate and facilitate Utilize tools, DTS, QAS, Communications tools, reporting, IRP, physical security Utilize scenario activity gaps to whiteboard current status (war room simulation activity) Project and display scenario videos, all player injects and talk about how your organization would have seen the injects and who they would have communicated to.
RELIABILITY | ACCOUNTABILITY
GridSecCon 2013
Grid Security Conference 2013 October 15-17, 2013 Jacksonville, Florida Day 1 Full day of training covering emerging topics Cyber and physical security Day 2-3 Full agenda highlighting recent policy changes, cyber attacks, security convergence and response/recovery
12
RELIABILITY | ACCOUNTABILITY
13
RELIABILITY | ACCOUNTABILITY