Collaborative Cyber Security Training Event at the NYISO
Cyber security is very important to the electric industry, so the New York Independent System Operator (NYISO) routinely collaborates with generators, utilities and transmission owners to conduct joint training and exercises. One example of this training occurred on September 17 and 18.
Personnel from New York’s electric utilities participated in a cyber security training exercise sponsored by the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and hosted at the NYISO’s headquarters in Rensselaer, N.Y.
The two training exercises focused specifically on practicing cyber skills that a professional in the electric industry might need, but all done within the DHS CISA cyber range. The team-based exercises offered participants the opportunity to test their knowledge while working with their peers from across the state in a competitive and challenging learning environment.
In all, 62 people took part, including 34 from the NYISO and 28 from New York utilities.
Practicing cyber skills was only one of the benefits from participating in the exercise. Every participant got the chance to work with their counterparts from different utilities in a cooperative way, together trying to solve the challenges presented in successive stages of the exercise faster than the other teams, leading to some friendly competition and providing a great environment to share experiential knowledge.
The DHS CISA cyber range is one of several exercises that the NYISO has hosted in the past decade. In odd numbered years, the NYISO, among many other companies, participates in the national North American Electric Reliability Corporation’s (NERC) grid security exercise, GridEx. This year’s exercise, GridEx V, takes place on Nov. 13 and 14 and is the largest cybersecurity exercise in the electric sector.
In even-numbered years, the NYISO leads and hosts a New York State-specific Cybersecurity Exercise. The NYISO, in conjunction with industry and state partners, develops the Master Scenario Event List to test incident response plans, identify opportunities for improvement, and enhance collaboration and information sharing with state agencies and industry.