CSC News Table of Contents
GridEx VIII exercise convened more than 370 organizations to test North America’s power grid against coordinated cyber and physical threats. Led by NERC’s Electricity Information Sharing and Analysis Center, the two day drill focused on incident response, recovery, and cross sector coordination. Participants practiced secure information sharing and restoration under pressure across utilities and government partners.
The GridEx VIII exercise is the industry’s flagship preparedness event and a model for a NERC grid security drill. It validated playbooks for cyber operations and operational technology contingencies.
Organizers ran parallel exercises for operators and executives to improve decision making, crisis communications, and unity of effort during complex attacks.
GridEx VIII exercise: What You Need to Know
- The GridEx VIII exercise gathered more than 370 organizations to rehearse cyber physical incident response and grid resilience across North America.
- Bitdefender: Endpoint protection and EDR for modern threats.
- 1Password: Enterprise grade password security and SSO integrations.
- IDrive: Reliable, encrypted backup for business continuity.
- Tenable: Visibility into vulnerabilities across IT and OT assets.
Inside the GridEx VIII exercise
The GridEx VIII exercise is a biennial event organized by NERC’s E-ISAC to strengthen operational readiness across the electricity sector.
Over two days, operators faced simulated cascading cyber intrusions, physical incidents, and misinformation to validate response plans, improve information sharing, and practice restoration under stress.
NERC reports that the GridEx VIII exercise engages utilities from across the United States and Canada, along with federal, state, provincial, and cross sector partners, to coordinate during realistic scenarios.
An executive level tabletop runs in parallel to test strategic decision making and crisis communications. See NERC’s overview for program history and objectives: NERC GridEx.
Who participated and why it matters
More than 370 organizations joined the GridEx VIII exercise, spanning generation, transmission, distribution, law enforcement, emergency management, and key suppliers.
The drill aligns roles, escalation paths, and continuity procedures, and it reinforces how to operate through degraded conditions at scale.
The GridEx VIII exercise also reflects lessons from recent energy sector incidents and critical infrastructure threats. For context, review coverage of energy sector cyberattacks and current ICS patching updates.
These resources highlight the need for a recurring NERC grid security drill and a comprehensive grid security exercise 2024 approach.
How the scenario unfolded
Specific play details remain controlled to preserve realism in future drills. Generally, the GridEx VIII exercise layers concurrent cyber intrusions, operational disruptions, and physical security challenges.
Participants practice detection, containment, and recovery in both IT and OT environments, and they test external communications and rumor control to counter adversary influence.
These activities support ongoing federal programs that harden critical infrastructure. Related guidance includes the U.S. Department of Energy’s CESER mission to protect energy systems, available here: DOE CESER, and CISA’s resources for industrial control systems: CISA ICS.
Coordination and information sharing
The GridEx VIII exercise emphasizes rapid and trustworthy information exchange through E-ISAC and utility coordination channels.
Teams test secure communications, operational reporting, and cross-sector notifications designed to accelerate situational awareness and unified action across jurisdictions.
Exercises like the GridEx VIII exercise also stress test incident response processes and joint operating procedures. For practical planning, see this primer on incident response for large scale attacks, which aligns with common grid disruption scenarios.
What comes next
Following the GridEx VIII exercise, E-ISAC compiles observations and lessons learned that inform improvements, training, and future drills.
Utilities then refine tabletop scenarios, rehearse playbooks, and plan investments to address identified gaps in technology, staffing, and vendor coordination.
The GridEx VIII exercise converts findings into action items that raise preparedness across operations and leadership.
Those actions guide enterprise risk decisions, from procurement controls to improved OT visibility and crisis communications maturity.
Implications for grid security and resilience
The GridEx VIII exercise builds muscle memory for operators and leadership and it improves trust in information sharing pipelines.
The drill validates restoration plans under realistic stress and deepens cross-border and cross-sector coordination when energy, telecom, and public safety are affected at the same time.
Limitations remain, since exercises are time-bound snapshots and participation quality varies. Insights from the GridEx VIII exercise require funding and sustained follow-through.
Closing gaps means resourcing tools, networks, training, and third-party alignment. A recurring NERC grid security drill helps chart that path, but execution is the long-term test.
Conclusion
The GridEx VIII exercise shows how the electricity sector prioritizes readiness for complex risks. With more than 370 participating organizations, the drill sharpened coordination across North America.
By stress testing plans and communications, the GridEx VIII exercise helps utilities and partners manage uncertainty, accelerate restoration, and protect public safety.
For teams seeking a grid security exercise 2024 reference or planning a NERC grid security drill, the GridEx VIII exercise remains a benchmark for collaboration and continuous improvement.
Questions Worth Answering
What is the GridEx VIII exercise?
It is NERC’s biennial sector wide drill that simulates cyber and physical threats to the power grid, and it tests response, recovery, and information sharing.
Who organizes the GridEx VIII exercise?
NERC’s Electricity Information Sharing and Analysis Center leads planning and execution with support from utilities and cross sector partners.
How many organizations participated?
More than 370 organizations joined, including electric utilities, government agencies, suppliers, and emergency management partners.
What capabilities does the exercise test?
It tests detection, containment, restoration, crisis communications, executive decision making, and coordinated information sharing across the grid community.
Is there an executive tabletop component?
Yes. Senior leaders run a parallel tabletop to practice strategic coordination and communications during high pressure scenarios.
Where can teams learn more about GridEx?
See NERC’s overview at the GridEx program page, along with DOE CESER and CISA ICS guidance.
How does this relate to a grid security exercise 2024?
The GridEx VIII exercise informs current year planning and standards, and it offers a template for a NERC grid security drill with realistic scenarios.
About the North American Electric Reliability Corporation (NERC)
NERC is the federally designated Electric Reliability Organization for North America, responsible for bulk power system reliability and security.
Through the E-ISAC, NERC enables industry wide information sharing, analysis, and exercises that strengthen resilience, including the GridEx VIII exercise.
NERC develops reliability standards, monitors compliance, and supports preparedness initiatives that inform utilities and policy makers across the region.
