Annually, AVANGRID participates in and hosts a number of internal and external cyber and physical security exercises to help the organization prepare for cyber and physical security threats and incidents. These exercises allow us to identify gaps and further strengthen or harden our security posture at a corporate, business and functional level.
The 2020 COVID-19 pandemic allowed AVANGRID to utilize the security command system that spans across a wide variety of technical and operational departments and create a communication flow from the very top executive down through the first responders working critical positions. While no one was prepared for the pandemic to impact the nation the way it did, AVANGRID quickly formed a team to collaborate and respond to the growing threat in the early months of 2020.
Lessons learned from the previous year’s security exercise allowed us to identify ahead of time that we needed a mass communication system for employees and to ensure that the company had enough bandwidth and licensing to allow for employees to connect efficiently from remote locations, utilizing their business continuity plans.
We conducted benchmarking across all levels of the business, and maintaining internal and external communications was critical to mitigate both safety and security concerns for both employees and company assets.
CYBER AND PHYSICAL SECURITY EXERCISE
In the fall of 2020, the Corporate Security team conducted a live drill exercise to assess manual operations and restoration efforts resulting from simulated physical and cyber-attacks on the organization with the goal of involving more areas of the business.
Deploying field crews to electrical substations, natural gas facilities and a wind farm, the exercise involved 125 employees in various roles including planners, first responders and incident responders.
During the simulation, the control centers and operations centers lost connectivity, remote visibility and communication with these facilities, driving staff to manual operations and maintaining communication with those out in the field and the reliability coordinators within the regions.
Other scenarios included vendor impacts, critical system outages, ransomware throughout our Customer Care Centers, substation physical attacks and a Personal Identifiable Information (PII) data breach involving vendors and employees’ sensitive data.
As a result of the drill, we gained valuable lessons learned related to security training for field personnel and other staff members who can serve as alternates for their departmental incident responders during crisis response.