The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.
Throughout 2016, the E-ISAC collected, analyzed, and shared information on physical and cyber security issues, and this report is a review of the main issues covered over the year. The information came from open source reporting, electricity members, and federal partners and includes the E-ISAC's analytical summary of those collective reports. This report looks at how the E-ISAC may further identify trends and patterns benefitting members.
The President’s National Infrastructure Advisory Council (NIAC) recently published a draft report titled: Surviving a Catastrophic Power Outage: How to Strengthen the Capabilities of the Nation. The EISAC is working with the Electricity Subsector Coordinating Council and our members to address the report’s recommendations. Please find it attached and available online here.
NERC conducted its fourth biennial (once every two years) grid security and emergency response exercise, GridEx IV, from November 15–16, 2017. With 6,500 individuals and 450 organizations participating across industry, law enforcement, and government agencies, GridEx IV consisted of a two-day distributed play exercise and a separate executive tabletop on the second day. The exercise provided an opportunity for various stakeholders in the electricity sector to respond to simulated cyber and physical attacks that affect the reliable operation of the grid, fulfilling NERC’s mission to assure the effective and efficient reduction of risks to the reliability and security of the BPS. Led by NERC’s E-ISAC, GridEx IV was the largest geographically distributed grid security exercise to date. Electric utilities continue to use the planning materials for separate exercises with NERC, government, and consultant support.