U.S. and Canadian electric grids face a growing threat from hackers and physical attacks, and greater communication, coordination and advance planning are required to counter them, officials at the North American Electric Reliability Corp. said on Thursday.

“The current geopolitical situation has significant ramifications for the North American grid,” said Manny Cancel, senior vice president of NERC and CEO of the Electricity Information Sharing and Analysis Center.

NERC on Tuesday issued its “GridEx VII Lessons Learned Report,” laying out recommendations based on a biennial grid attack exercise hosted in November. More than 250 organizations and 15,000 participants took part in the exercise, officials said. 

“In addition to the ongoing war in Ukraine, the Israel-Hamas conflict, which began last October, is also a cause for concern,” Cancel said during a call with media to discuss the report and threat environment. “This turmoil has contributed to a dramatic increase in malicious cyber activity, including new versions of malware and ransomware that constantly pressure operational and information technology networks.”

China, Russia, Iran and North Korea have demonstrated advanced cyber capabilities, Cancel said. And there are risks associated with software and supply chain vulnerabilities. Earlier this year, the Cybersecurity and Infrastructure Security Agency confirmed that state-sponsored threat actor Volt Typhoon had compromised the IT environments of multiple critical infrastructure providers in the U.S. 

“All these vulnerabilities and threats just further emphasize the need for the industry to remain vigilant and ensure good internal network monitoring is in place, especially on critical OT systems,” Cancel said.

There were also 2,800 physical grid security events reported to the E-ISAC in 2023, Cancel said. About 3% of them led to grid impacts, including outages or the need for operational contingencies. The most serious impacts were the result of firearms attacks, thefts, tampering and vandalism.

The E-ISAC has previously seen a correlation between malicious activity targeting the power sector and elections, “so we anticipate that there could be an opportunity for an increase. As we know, activists continue to use this as a vehicle to get their ideology and other political thoughts across,” Cancel said.

Against a growing threat backdrop, the GridEx simulated attack allows utilities the opportunity to gauge their responses, communications protocols and cross-sector coordination. NERC’s assessment of the November exercise revealed the opportunity for greater cooperation and communication, in particular between utilities and non-federal government partners.

There was an “overall reduction in the number of government entities that participated” in the simulated attack, according to the after-action report. “Municipal government entities, such as city, town, and county governments, as well as state energy offices would benefit from greater involvement in emergency response planning, training, and exercises.”

Organizations are also still identifying best practices for communications in a hybrid work environment, the report said. The simulated attack “helped participating organizations identify challenges with hybrid response and interoperable communications with internal and external response partners.”

The electric power sector must also evaluate options to manage grid reliability impacts when power market systems may be unavailable for a lengthy time, the report found.

“Market operators and participants should review their market rules to ensure a common understanding of how generation dispatch and financial settlements would be administered through an extended period of market system or data unavailability,” the report said.

Cancel said the E-ISAC is developing an action plan to track progress made addressing each recommendation, and to update industry and government partners on that progress. Some GridEx participants have already begun implementing the report’s recommendations, he said. 

“Continued coordination across the industry helps ensure our vigilance and allows us to respond quickly, should the need arise,” he said.