ICS/OT

Over 370 Organizations Take Part in GridEx VIII Grid Security Exercise

The number of participants in the cyber and physical grid security exercise increased by nearly 50% compared to two years ago.

Power grid security

More than 370 organizations took part this week in the latest edition of GridEx, the largest security exercise dedicated to the electricity industry in North America. 

GridEx, which tests both the cyber and physical security of the power grid, is organized every two years by the Electricity Information Sharing and Analysis Center (E-ISAC) of the North American Electric Reliability Corporation (NERC). 

In 2023, over 250 organizations took part in GridEx VII. This year’s GridEx VIII saw an increase of nearly 50% in the number of participants, partly due to new participation options providing enhanced accessibility.

GridEx VIII tested participants’ emergency preparedness plans and protocols through a scenario that reflected real-world cyber and physical threats.

A report detailing the lessons learned from GridEx VIII is expected to be released in the first quarter of 2026.

“This year, we saw a 70 percent increase in participation by small- and medium-sized utilities and higher participation from our Canadian partners, both of which were recommendations from previous exercise reports,” said Michael Ball, NERC senior vice president and E-ISAC chief executive officer. 

Advertisement. Scroll to continue reading.

“Other critical infrastructure sectors, such as natural gas, water/wastewater, and telecommunications also engaged in the exercise. The increase in participation and these cross-border, cross-industry relationships reflects a high level of engagement and collaboration that supports our collective defense and overall resilience,” Ball added.

It’s not uncommon for cyber threat actors to target North American electric utilities. In one incident this year, Canada’s Nova Scotia Power was targeted in a ransomware attack.

In another attack that came to light this year, China’s Volt Typhoon hackers breached a small public power utility in Massachusetts and dwelled in the US electric grid for 300 days.

Related: Hackers Target Swedish Power Grid Operator

Related: More Solar System Vulnerabilities Expose Power Grids to Hacking

Related: Canadian Electric Utility Says Power Meters Disrupted by Cyberattack

Related Content

Data Breaches

Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information.

Malware & Threats

Dubbed Lotus Wiper, the malware targets recovery mechanisms, overwrites drives, and systematically deletes files.

ICS/OT

Poland’s CERT has published a report on the recent attack, providing new details on targeted ICS and attribution.

ICS/OT

Sandworm/Electrum hackers targeted communication and control systems at 30 sites.

ICS/OT

10 years after disrupting the Ukrainian power grid, the APT targeted Poland with data-wiping malware.

ICS/OT

US officials told The New York Times that cyberattacks were used to turn off the lights in Caracas and disrupt air defense radars.

Data Breaches

The hackers stole information from a file transfer solution and the country’s power supply was not affected.

Data Breaches

Nova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version