Simulated Attack on Power Grid Highlights Need for Improved Communications
Time 2 Minute Read
Categories: Cybersecurity, Security Breach

In its third simulated test of the security of the power grid, the North American Reliability Corporation (“NERC”) reported general progress across the electric utility industry in defending against physical and cyber threats, while also identifying several areas for further improvement.

The NERC exercise, dubbed GridEx III, took place over two days in November 2015 and involved more than 4,400 individuals from 364 industry, law enforcement and government organizations across the United States, Canada and Mexico. The main objectives of the exercise were to test crisis response and recovery, improve communication, identify problem areas and engage senior-level leadership in the organizations involved.

Despite broadly meeting these objectives, NERC nevertheless called for improvements in communication systems and protocols, particularly in the incident response capabilities of the Electricity Information Sharing and Analysis Center (“E-ISAC”) portal and coordination with law enforcement and other governmental agencies.

E-ISAC acts as a kind of highly-specialized “antivirus” application for the power sector, collecting and sharing information regarding malware indicators identified by electric utilities or government agencies. For the exercise, NERC created a “mirrored” version of the E-ISAC portal and found it unable to track and respond to the flood of distress calls and other inquiries it received, with critical information getting lost or buried. This made it difficult for participants to distinguish important information coming from the portal during the exercise, a problem which may have been compounded by redundancies and other inefficiencies in industry information sharing and reporting practices, according to the NERC report.

Similarly, NERC reported that the exercise revealed the need, in the event of a major and persistent disruption in electricity service, for far greater levels of coordination across federal, state and local government agencies to the power sector and aid the public at large.

Tags: Consumer Protection, Information Sharing, Service Provider
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page