Last November, the North American Electric Reliability Corporation reported that electric grid security planning was not adequate. The companies partook in a drill known as Gridex II to test physical and cyber security avenues. The report had little details, so as to not assist potential threats in knowing their shortcomings, but they are working to resolve issues with each utility provided. Everything was kept pretty secretive as to obscure all the issues as they work to fix them.
After the drill there was an attack on a California substation, which caused more concern about vulnerabilities. They have planned for hurricanes, earthquakes, strangers, etc. but yet the policies in place are not adequate. They also needed to work on their cyber security, by “developing mechanisms to preserve evidence and collect forensic data following a suspected physical or cyberattack”.
I thought it interesting that, this being our national power grid, to have such terrible policies and drills in place to respond and have accurate reports of issues. This impacts the lives of almost every person in the U.S, and, for the government/grid companies to be dropping the ball like this, is unacceptable.