Full Report
U.S. and Canadian defense installations should collaborate with applicable industry partners to build a common operating picture and collective understanding of the electric reliability requirements for defense critical infrastructure (DCI) and associated risks to DCE, NERC and the Electricity Information Sharing and Analysis Center’s (E-ISAC) said in the GridEx VIII Lessons Learned Report, a detailed post-exercise review…
Analysis Summary
# Best Practices: Electric Reliability & Defense Critical Infrastructure (DCI)
## Overview
These practices address the operational gaps and communication silos identified during the GridEx VIII exercise. They aim to safeguard the energy supply for Defense Critical Infrastructure (DCI) against evolving physical threats (like UAS/drones) and cyber-related grid instabilities through enhanced public-private collaboration.
## Key Recommendations
### Immediate Actions
1. **Join Information Sharing Centers:** Ensure relevant security and facility personnel are registered with the **Electricity Information Sharing and Analysis Center (E-ISAC)** to receive real-time threat telemetry.
2. **Inventory DCI Feeders:** Defense installations must identify and label all electric feeders and substations that serve critical infrastructure to prioritize them for restoration during an outage.
3. **Establish Direct Contacts:** Create a "warm" contact list between facility energy managers and local utility **Reliability Coordinators**.
### Short-term Improvements (1-3 months)
1. **Build a Common Operating Picture (COP):** Develop a shared dashboard or reporting framework with utility providers to monitor real-time grid health relative to defense mission requirements.
2. **UAS Threat Assessment:** Evaluate physical security perimeters for vulnerability to Unmanned Aerial Systems (UAS). Audit current airspace monitoring capabilities.
3. **Communication Drill:** Conduct a tabletop exercise specifically testing communication bypasses (e.g., satellite phones, radio) for when standard internet/cellular networks fail during a grid emergency.
### Long-term Strategy (3+ months)
1. **Legal Tech Integration:** Partner with federal agencies to identify and deploy legally compliant counter-UAS (C-UAS) technologies to protect sensitive energy assets.
2. **Formalize ESCC Coordination:** Integrate facility-level emergency plans with the **Electricity Subsector Coordinating Council (ESCC)** to ensure high-level national coordination during large-scale systemic failures.
3. **Resilience Investment:** Shift from "backup power" to "grid-interactive" systems capable of sustaining DCI indefinitely through microgrids and industry-partnered reliability projects.
## Implementation Guidance
### For Small Organizations (Local Contractors/Satellite Sites)
- focus on basic communication: Know your local utility's emergency dispatch number and ensure you are listed on their "Critical Load" registry.
### For Medium Organizations (Utility Providers/Mid-sized Defense Suppliers)
- Implement formalized information-sharing protocols. Assign a dedicated liaison to participate in regional GridEx-style exercises.
### For Large Enterprises (Defense Installations/Major Utilities)
- Develop automated data-sharing feeds to contribute to the Common Operating Picture. Invest in federally-vetted UAS detection and mitigation platforms.
## Configuration Examples
*While specific software code is not provided in the report, the following logic applies to COP development:*
- **Standard Protocol:** Utilize **ICCP (Inter-Control Center Communications Protocol)** for sharing real-time data between utility control centers and defense facility energy management systems (EMS).
- **Redundancy:** Configure emergency notifications to trigger across three distinct paths: (1) Secure IP network, (2) Cellular/LTE, (3) SATCOM or FirstNet.
## Compliance Alignment
- **NERC CIP:** Alignment with Critical Infrastructure Protection standards.
- **NIST SP 800-53:** Specifically controls for System and Communications Protection (SC) and Continuity of Operations (CP).
- **DoD Instruction 3020.45:** Critical Infrastructure Management.
## Common Pitfalls to Avoid
- **Information Silos:** Assuming the utility knows which buildings on a base are "critical." (You must explicitly identify them).
- **Legal Compliance Risks:** Deploying UAS "jamming" or "interception" hardware without verifying the legality of such devices under FAA and FCC regulations.
- **Exercise Fatigue:** Treating exercises like GridEx as "one-off" events rather than integrating "Lessons Learned" into a permanent Action Plan.
## Resources
- **NERC GridEx Reports:** [nerc.com]
- **E-ISAC Membership:** [cisarp.org] (Defanged)
- **CISA Infrastructure Security:** [cisa.gov/critical-infrastructure-sectors/energy] (Defanged)
- **FirstNet for Emergency Comms:** [firstnet.gov] (Defanged)