A record number of attendees participated in the 10th annual Grid Security Conference (GridSecCon), which was held on Oct. 19-20, 2021 in Washington, D.C.
“More than 850 security experts from across North America attended the two-day conference to discuss the current environment around grid security and the future of cyber and physical security,” according to the post-conference press release.
GridSecCon was hosted by the North American Electric Reliability Corporation (NERC), the Electricity Information Sharing and Analysis Center (E-ISAC) and the Texas Reliability Entity Inc. (Texas RE). It focused on the most current compromises and emphasized the programs that are necessary for protecting the grid from constantly fluctuating cybersecurity and physical security threats.
Prior to the start of the conference, a day of training sessions covered a range of topics, including operational cyber risk management, cyber physical grid training, a preview of SANS ICS 418 (a two-day course offered by the SANS Institute that provides techniques to address a manager’s biggest concern: keeping industrial processes secure), a phishing simulation, 5G security, building an insider threat program and supply chain management.
At this year’s GridSecCon, Manny Cancel, NERC senior vice president and CEO of the E-ISAC, opened the conference by discussing the volume, complexity and velocity of cybersecurity and physical security threats impacting the electricity industry. He particularly noted the extraordinary escalation in ransomware threats, which have the capability to severely impact grid reliability.
“From supply chain compromises to operational technology vulnerabilities, this trend shows no sign of subsiding,” Cancel said “Despite unprecedented new risks from aggressive nation-state threat actors, persistent domestic civil unrest, extreme weather, and evolving pandemic conditions, the E-ISAC team has kept its focus, allowing industry to maintain the level of situational awareness required to mitigate their exposure to these threats.”
The conference’s second day opened with a conversation between U.S. Department of Energy Secretary Jennifer Granholm and Jim Robb, NERC president and CEO. They discussed how a reliable and resilient bulk power system is critical to the economy.
During his keynote address, Jim Albright, Texas RE president and CEO, remarked that “keeping the lights on is vitally important work, and all of us at Texas RE believe in what we do.”
He added that the organization would much rather provide training and outreach that sets a registered entity up for success than find a noncompliance during an audit, because compliance is not the end goal—a secure and reliable grid is.
The conference also featured breakout sessions that focused on topics such as cyber defense for municipalities and co-ops, risk mitigation, the role of trade associations in cybersecurity, security threats from drones, supply chain lessons, insider threat programs and industry diversity and inclusion.
The first GridSecCon was held in New Orleans in 2011, and covered topics such as SCADA, industry control systems training and certification, hacker exploits, electricity sector cybersecurity guidelines, CIP standards, best practices on grid security, legislative updates and vulnerability research.
This year’s conference would have been the 11th instead of the 10th, except that the conference was not held in 2020 due to COVID-19 concerns.