Back in November 2021, the North American Electric Reliability Corp (NERC) conducted a simulation called GridEx VI. Within this two-day simulation, the participants – a mixture of government officials, grid operators, power producers, and more – were involved in fighting off a combination of cyber/physical/info attacks against the American and Canadian power grid.
Not only did they have to attempt to minimize the destruction caused by the attack in the exercise, but they had to restore the grid as quickly as possible as well.
The results of the exercise were finally published on April 7 in the form of the Electricity Information Sharing and Analysis Center (E-ISAC).
The exercise was comprised of two components: “distributed play” and “tabletop play.”
At least within the distributed play component, the simulation was comprised of five different “moves,” the first of which was “Move 0.”
Within Move 0, a nation-state begins reconnaissance of the North American electrical grids, telecommunications infrastructure, and natural gas facilities as they seek out the best avenue of attack. The next move, Move 1, resulting in large explosions at generators throughout North America and cyber attacks that hit the control systems of various aspects of the power industry.
Move 2 was a continuation of the cyber attacks combined with actual physical attacks against the pipelines throughout the continent. By Move 3, critical employees within the power industry were “targeted” by the nation-state aggressor. And then, in Move 4, there were numerous anonymous threats made over social media to other workers within the power industry to sow fear and panic.