Blackout
© Unknown
For the average resident, a blackout is typically a short-term inconvenience. But what happens when a cyberattack or natural disaster leaves millions of citizens without power for weeks or months on end?

That's the question federal government and electric utility employees hope to answer during GridEx II - a two-day security exercise that simulates a nationwide collapse of the electric grid due to cyberterror or other attacks. The exercise is designed to assess the readiness of the electricity sector, strengthen utilities' crisis response functions and provide input for internal security program improvements.

"To put it simply, it's important because if the grid gets attacked and stops working, people lose power. If people lose power they lose heat, the ability to provide important services, they lose banking ... they lose more than just the day-to-day comforts," said Marcus Rogers, a Purdue University professor of computer and information technology and director of the Purdue Cyber Forensics Lab. "They're running the simulation to try and get an idea of how secure it really is."

GridEx II is conducted by the North American Electric Reliability Corp., a Georgia-based nonprofit whose mission is to ensure the reliability of the Bulk-Power System in North America. NERC is subject to oversight by the Federal Energy Regulatory Commission.

As a software simulation, Rogers said no individuals or businesses will actually suffer any kind of blackout.

The first GridEx was organized in November 2011, and 75 industry and government organizations from the United States and Canada participated.

Chris Foreman, professor of electrical and computer engineering technology at Purdue, said although the university is not a player in the exercise, it is an observing entity that may be involved in future research inspired by the results of GridEx II.

The exercise will put many existing emergency procedures to the test, he said.

"A lot of the time, you don't know how those things are going work out until you have a scenario," he said. "This allows (participants) to answer questions like, how long does it take to respond? Do they start a response, or do they have to go up to higher management? If they do, what kind of delay is involved?"

The majority of GridEx II participants will take part from their normal work environment. They will receive sequenced email messages that detail national scenario conditions.

Based on the information, participants will engage in both internal response measures and external information-sharing activities across the sector. An Exercise Control cell, based in Washington, D.C., will manage scenario distribution, monitor exercise play and capture response activities.

Rogers said in today's world, events like GridEx II are crucial because cyberattackers are more sophisticated, and organizational dependency on electronics is at an all-time high.

"The grid is more connected to the Internet than ever," he said.

According to NERC, the blackout in August 2003 left 50 million people in eight northeastern states and the province of Ontario without power.