A government exercise meant to test the nation’s response to attacks against the nation’s electricity grid got into the most trouble, not from simulated hackers or bomb attacks, but from its simulated news casts, Facebook, and Twitter feeds.
The utility industry’s grid security watchdog, the North American Electric Reliability Corporation, issued its first report on the GridEx IV exercise on Friday, showing it to be one of the largest grid and infrastructure security events of all time.
To add to the realism of the attacks, the two-day event last November had its own simulated newscasts and social media feeds. This is something it began to do in the last GridEx event in 2015. But the expanded array of social media and tweets in last year’s exercise almost proved to be too much to handle, according to the report.
The problem stemmed from realistic newscasts competing for space with social media on the same server, which nearly broke the entire system.
The media platform was used to “imitate” social media, including Facebook, Twitter, YouTube, blogs, in addition to traditional media like television, newspapers, and radio.
The “SimulationDeck” performed well, overall, but began to buckle under the pressure of handling both traditional and new media sources. It experienced “slowdowns and lagging performance” because the initial breaking news clips reporting widespread power outages “hogged significant bandwidth,” which was eventually fixed, requiring the newscasts to be placed on an entirely different computer server.
“In the future, SimulationDeck should allocate double the required resources to handle the initial logins as this is where the site was most stressed,” the report said.
The newscast and tweets began to flow on day one of the Nov. 15 to 16 exercise, in which unnamed “adversaries launched coordinated physical attacks at predetermined sites using vehicles to deliver explosive packages to damage and disable generation and transmission facilities.” Meanwhile, industry staff were seeing cyber intrusion attacks across the system.
“News and social media reports regarding the physical and cyber attacks increased dramatically,” the report said.
However, the media hiccups during the exercise may have had more to do with its ambitiousness than lack of technical expertise.
This was the fourth GridEx, which takes place every two years. But it was different than any of the previous exercises in terms of the number of participants, which for the first time extended well beyond the electricity industry to include telecommunication and financial firms, water utilities, oil and natural gas companies, and scores of vendor companies. None of the participants names were disclosed, however.
The exercise included 6,500 individuals and 450 organizations representing industry, law enforcement, and government agencies, according to the report. The exercise “was the largest physical, operational, and cyber grid security exercise to date,” NERC said. The watchdog, which was designated by Congress after the 2003 blackout, hosted and coordinated the event.
The exercise also included the FBI, White House national security officials, and the military, as well as local law enforcement.
