WASHINGTON — In windowless rooms from here to California, nearly 10,000 electrical engineers, cybersecurity specialists, utility executives and FBI agents furiously grappled over 48 hours with an unseen “enemy” who tried to turn out the lights across America. The enemy injected computer viruses into grid control systems, bombed transformers and substations, and knocked out power lines by the dozen.
By late Thursday morning, in this unprecedented continental-scale war game to determine how prepared the nation is for a cyberattack, tens of millions of Americans were in simulated darkness.
Hundreds of transmission lines and transformers were declared damaged or destroyed, and the engineers were rushing to assess computers that were, for the purposes of the drill, tearing their system apart.
“It’s going really well,” said Gerry Cauley, the president and chief executive of the North American Electric Reliability Corp., which ran the drill. “A bit scary, but really well.”
There were seven “deaths” of police officers, firefighters and utility workers who showed up to investigate reports of problems at substations or power lines and were shot by attackers still on the scene. In all, there were 150 “casualties,” Cauley said. Attempts to restore equipment and get the lights back on were stymied by police officers who locked down the locations because of “active shooters.”
The degree of simulation varied, organizers said. Nobody touched actual operating equipment, but some companies sent trucks with linemen aboard to investigate the status of key transformers because the “scenarios” written by Cauley’s group included computer viruses that kept technicians at the control centers from knowing the condition of crucial equipment.
The drill also involved “denial of service” attacks, in which hackers flooded a computer connected to the Internet with so many messages that it could not handle the load. In real life, banks and other companies have been hit with such attacks.
Drill participants said they would not talk about the specific locations of the simulated attacks, for two reasons: The locations were chosen at points that the insiders knew were vulnerable, and the companies involved were promised that, if they participated, their performance would not be held up to public criticism. The purpose, organizers said, was to pose problems that were hard to solve, to expose areas that needed improvement.
In a much smaller drill two years ago, known as GridEx, for Grid Exercise, analysis afterward found that participants were good at communicating with their neighbors, electrically speaking, but not with national organizations like the electric reliability corporation, making it hard for anyone to get an overview of what was happening.
How well they did this time in what the national group called GridEx II will not be clear for weeks.