GridEx IV Fact Sheet November 15-16 2017 Background GridEx IV is scheduled for November 15-16 2017 This biennial exercise provides an opportunity for utilities to demonstrate how they would respond to and recover from simulated coordinated cyber and physical security threats and incidents strengthen their crisis communications relationships and provide input for lessons learned The first grid security exercise took place in November 2011 Objectives The objectives for GridEx IV are Exercise incident response plan Expand local and regional response Engage interdependent sectors Improve communication Gather lessons learned Engage senior leadership Similar to the first three GridEx exercises GridEx IV is an operational exercise for utilities and other stakeholders from North America Industry participants take part from their regular work locations and respond to simulated scenario events called injects during the two-day exercise Participants respond with simulated internal and external operational activities as they would during an actual event including sharing information within their organization and with external entities according to their established procedures NERC also coordinates a tabletop discussion for industry executives and senior government officials on an invitation-only basis Planning and Participation The two-year GridEx IV planning schedule is structured around three planning meetings made up of planners from participating utilities The initial meeting was held on November 14 2016 Planners identify their organizations as either active i e directly involved in planning dynamic exercise play and after-action activities or observing e g more limited tabletop-like participation Planners identify their own exercise participants players from across departmental and functional areas and are encouraged to develop their own customized scenario events consistent with the NERC scenario to achieve additional local exercise objectives and increase realism for their Players Flexibility and Feedback The GridEx planning team designs the exercise to allow each organization to participate in a way that is consistent with its available resources and real-world operational environment NERC asks participating organizations to complete an after-action survey and encourages them to share with the Electricity Information Sharing and Analysis Center lessons learned for the key observations and recommendations provided in reports after each exercise For more information on GridEx IV contact Jake Schmitter Senior Manager of Training and Exercises Electricity Information Sharing and Analysis Center TLP WHITE 1 GridEx IV Frequently Asked Questions What benefit do utilities receive by participating in GridEx IV NERC's grid security exercise GridEx is designed for utilities electricity and other critical sectors to exercise their response to simulated coordinated cyber and physical security threats and incidents strengthen utilities' crisis communications relationships and provide input for lessons learned Like its predecessors GridEx IV is a voluntary exercise that provides participants the opportunity to take part at a level that reflects their available resources and objectives while being consistent with the NERC scenario GridEx IV will help participants strengthen their capability to respond to and recover from severe events affecting the reliable operation of North America's bulk electric system Will compliance be reviewed during the exercise Compliance is not a part of the exercise GridEx IV provides an opportunity for utilities and other stakeholders to exercise their cyber and physical security procedures in a learning environment How do utilities register for the exercise The Lead Planner identified by each utility is responsible for coordinating participation Lead Planners may register all the individuals within their utility or allow these individuals to register themselves Lead Planners from an organization wishing to participate in GridEx IV should send their contact information to GridEx_registration@bah com The Lead Planner will then be given access to the GridEx IV Planning Portal and included on future communications with relevant exercise information Can anyone participate GridEx IV GridEx IV participation is open only to registered utilities and others specifically invited by the utility e g vendors local law enforcement In an effort to ensure GridEx IV is focused on security and operational response the exercise is closed to media and the public A public report will be available following the exercise conclusion Are there different levels of participation There are two levels of participation for organizations in GridEx IV as an active organization or as an observing organization Active organizations participate in planning conferences adapt scenario injects to meet their local objectives engage in dynamic crisis response and communicate externally to other exercise participants for information sharing and coordination Observing organizations have access to all planning materials including the scenario injects do not communicate externally during the exercise and may choose to tabletop or discuss scenario events internally Utilities have the flexibility to switch from observing to active or vice versa as they gain knowledge of how they might best participate and dedicate the appropriate resources NERC will provide planning and support to encourage first-time participating utilities to participate as an active organization What are other benefits to participation GridEx IV will foster and enhance relationship building across the electric industry and with public sector stakeholders allowing organizations to fully execute their crisis response plans Lead planners will have the ability to customize scenario events to achieve their local organizational objectives e g use a physical security threat to prompt power system operators to move to their back-up control center TLP WHITE NERC is planning for entity participants from active organizations to earn Continuing Education Hours CEH hours are required by a number of certification programs and NERC is working to ensure hours are granted for participating NERC certified operators as well as those individuals with information technology and physical security industry certifications For active organizations GridEx IV will provide utilities with the opportunity to exercise their processes that support o o o o o o EOP-004 - Event Reporting EOP-008 - Loss of Control Center Functionality CIP-008 - Incident Reporting and Response Planning CIP-009 - Recovery Plans for Critical Cyber Assets OE-417 exercise reporting Exercising internal and external communications and notification processes When is the deadline to register Registration for GridEx IV closes on October 31 2017 to help ensure that utilities have enough time to participate effectively Lead planners should register early to ensure they have enough time to participate in the planning and preparation process Planning materials are available to give lead planners everything they might need to support their role in leading their organization and participants through the exercise Will NERC prepare a public report after GridEx IV Yes The report includes key observations and recommendations for improving the exercise How should GridEx IV participants respond to media inquiries regarding the exercise o GridEx IV participants may respond to media queries as they would respond to any media query Participants may also direct any media inquiries to NERC communications staff - Kimberly Mielcarek and Marty Coyne o NERC does not disclose the scenario premise or names of participating organizations individuals It is up to participating organization whether to let media know about the participation of the organization or its employees in GridEx IV o NERC will not respond to media queries about a specific entity but will speak about the bulk electric system as a whole o Individuals and organizations participating in or observing GridEx IV should not disclose details of the exercise and instead refer all media inquiries about the details of the exercise to NERC communications staff - Kimberly Mielcarek and Marty Coyne For more information on GridEx IV contact Jake Schmitter Senior Manager of Training and Exercises Electricity Information Sharing and Analysis Center TLP WHITE This document is from the holdings of The National Security Archive Suite 701 Gelman Library The George Washington University 2130 H Street NW Washington D C 20037 Phone 202 994-7000 Fax 202 994-7005 nsarchiv@gwu edu