The Department of Energy is planning a hands-on test of the grid’s ability to recover from a hacker-induced blackout, according to E&E News.
The report states that the Liberty Eclipse exercise will simulate “re-energizing the power grid while squaring off against a simultaneous cyber attack on electric, oil and natural gas infrastructure.”
Taking place in November, the aim of the stress test is to “gain insights into how industry, with DOE support, would execute [a] response to a significant cyber incident,” according to planning documents obtained by E&E News.
According to Energy Secretary, Rick Perry, digital threats are of “vital importance” and will allow the new Office of Cybersecurity, Energy Security and Emergency Response to show what it can do.
Speaking at a security event last week, Perry said: “It’s in our national security interest to continue to protect these sources of energy and to deliver them around the world. Taking care of that infrastructure, from the standpoint of protecting it from cyberattacks — I don’t think it’s ever been more important than it is today.”
It is believed that the Liberty Eclipse exercise may highlight the grid’s reliance on natural gas, a vulnerability which DOE officials worry may be exploited. Earlier this year they warned that the US natural gas pipeline network is “difficult to protect” from physical or cyber disruption.
Others, however, believe that it is hard to pinpoint specific types of generation as being at greater risk.
“I don’t know that we’ve been able to make that judgment — remember that we don’t have perfect visibility,” Jeanette Manfra, assistant secretary for DHS’s Office of Cybersecurity and Communications, told reporters. “They’re definitely a target, [but] the electric sector has a lot of resilience built into it.”
There will be a two-day tabletop exercise ahead of the operational drill on 1 November. The operational phase will focus on ‘black start’ recovery before syncing generation with the wider grid.
During Liberty Eclipse, the DoE will incorporate simulated cranking paths provided by the Defense Advanced Research Projects Agency, in the hopes of speeding up grid restoration following a major cyberattack.
The exercise will include replicas of substation equipment so the utility industry can rehearse how it would handle a crippling cyberattack aimed at blocking participants from restoring power.
According to a DoE memo: “Together, [participants] will work to energize a blackstart cranking path by detecting the attack, cleaning malicious influence and restoring crank path digital systems to operation.”
“Each iteration of the series will strive to build upon lessons learned from previous cybersecurity exercises impacting the energy sector,” DOE planning documents state.
The agency’s five-year plan for energy cybersecurity, prepared in March, first disclosed DOE’s intention to host a new cyber-focused exercise this year. DOE said it wants to quintuple participation by 2019.
This article was originally published on Smart Energy International and was republished with permission.