Dive Brief:
- The North American Electric Reliability Corp. will hold its biennial "GridEx" event on Nov. 13 and 14, including a simulated grid attack that allows thousands of utility-sector participants to run through cybsersecurity response plans.
- The U.S. Department of Energy will follow with its CyberForce Competition on Nov. 15 and 16, which challenges more than 100 college teams to respond to a similar grid attack. The event aims to help build the nation's security workforce.
- While the U.S. electric sector has so far kept hackers from disrupting operations, many experts say it is only a matter of time. The issue is exacerbated by a global shortage in cybersecurity experts, which Argonne National Laboratory says could top 3 million by 2021.
Dive Insight:
With cyberattacks becoming more persistent and sophisticated, experts warn a dearth of security talent poses a real threat. DOE's university-focused event is one way the federal government is hoping to address the shortage.
“The idea behind the competition is to build a strong workforce to defend this infrastructure from cyberattacks,” Amanda Joyce, the head of Argonne's cybersecurity analysis group, said in a statement.
Joyce is also director of the CyberForce competition and says the nation’s energy infrastructure is "becoming increasingly reliant on digital controls and communications." She echoed concerns raised in a September report from the U.S. Government Accountability Office, which found industrial control systems and the rise of distributed resources mean the grid "is becoming more vulnerable to cyberattacks."
The CyberForce scenarios call for teams to defend one of four pieces of grid infrastructure: a solar generation facility, energy substation, data center or manufacturing facility. Event officials say adversarial “red teams” will be made up of industry professionals.
"Not only will you need to concern yourself with keeping your infrastructure up and secure, you will need to connect and communicate with the other three types of infrastructure throughout the competition," according to a competition scenarios document. "This model simulates real-world interdependency channels, which allow infrastructure to receive and distribute data throughout the day."
A national winner will be selected, and participating national laboratory site winners will also be announced.
There is less information available about NERC's fifth GridEx simulation, which does not publish scenarios in advance. The last event, in 2017, included more than 6,500 participants and 450 organizations comprising industry, law enforcement and government agencies. Past participants included utility companies, regional and federal governments, supply-chain stakeholders and critical infrastructure cross-sector partners.
Despite the back-to-back scheduling, Argonne officials say there is no connection between GridEx and the CyberForce competition.