Most war exercises
are starkly visual, intimidatingly loud experiences. Weapons, hardware, maybe
even smoke and booms are involved.
The cyberwar is a
different animal altogether, with an invisible enemy probing for weakness along
the wall separating information and operations. Most are fended off, but
Ukrainian power generators learned the hard way after malware shut down their
grid in 2015.
The Ukraine attack forced cybersecurity to
top of mind for many utilities in the US. Exelon Corp. decided to do something
about it, undertaking a live exercise to disconnect its real-time network from
the corporate network in the case of an intruder within its system.
Exelon IT and cybersecurity experts shared their insights during the “Live Cybersecurity Exercises against Production Systems” session Tuesday [28 January] at DISTRIBUTECH International in San Antonio. The panel also featured West Monroe Partners, which worked with Exelon on the live exercises from 2017 to August 2019.
Read more about cyber-attacks
Conducting live exercises
The live exercises disconnected the Exelon
corporate network from the real-time system for about a four-hour period,
testing how operations handled the break and how things were brought back
together. The Exelon event involved hundreds of collaborations among its
various utilities and infrastructure vendors.
communication system engineers, transmission system operators, compliance
experts, physical and corporate security, among many others. To even attempt
the exercise Exelon’s experts had to understand the data architecture
intimately – which they did – but also learned how spread out and complex the
“There were some things we thought would work a certain way and they didn’t work,” said Mike Kuberski, director of IT for utility communications at Exelon. “We capture what went well, what didn’t go well.”
Ted Johnson, director
of IT, real-time solutions for Exelon unit ComEd, said the goal was to minimise
disconnection time. The first step was to perform pre-disconnection checks,
then disconnect, validate the critical functionalities, validate retained and lost
functionality, reconnect, validate normal operations and then backfilling of
data, if necessary.
The system isolated
from the enterprise network includes the transmission and distribution SCADA
(supervisory control and data acquisition) system, advanced metering
infrastructure, operations management systems and more.
“This was meant (to
simulate) an external attack,” Kuberski said, “that would come through the
corporate network into the real-time network.”
The Exelon utilities
which participated in their own live exercises over the two-year period
included ComEd, PECO, Baltimore Gas & Electric, Atlantic City Electric,
Delmarva Power and Pepco.
This article was
written by Rod Walton, Clarion Energy Content Director, and featured on
the Power Grid International website.
Power Grid International is a Clarion Power and Energy brand.