INDIANAPOLIS—Electric cooperative cybersecurity professionals in search of “out-of-the-box training” should follow Garkane Energy’s Kaber Esplin to New York’s remote Plum Island this fall for a boots-on-the-ground drill with real pressure to defend a working grid.

At NRECA’s Co-op Cyber Tech earlier this month, the Loa, Utah-based co-op’s IT manager shared his recent experience participating in Liberty Eclipse, the full-scale exercise organized by the Department of Energy in which utility teams battle to defend against cyberattacks.

Esplin said he plans to go back when Liberty Eclipse runs its first “co-op week” Sept. 29-Oct. 2 and encouraged other co-op professionals to join him.

“It’s out-of-the-box training,” Esplin told attendees. “It’s all very real; it’s not a tabletop. You’re living on the grid you’re working on. You make real decisions on how your grid works. There were some real ‘aha’ moments.”

The Liberty Eclipse exercise takes place on the DOE Office of Cybersecurity, Energy Security, and Emergency Response’s live, islanded grid developed by the Defense Advanced Research Projects Agency off of Long Island. CESER’s 840-acre training testbed consists of about a dozen substations with power box cabinets and relay boxes with current vendor equipment used by co-ops.

The island system’s supervisory control and data acquisition (SCADA) system’s cybersecurity is also familiar to co-ops, making it particularly instructive to see how the attacking “red team” of hackers found system vulnerabilities, said Esplin.

To heighten the exercise’s mayhem, cyberattack scenarios changed twice a day and communications were degraded.

“You get a front seat to see what they do; then you see if you can defend against it,” said Esplin, who worked alongside Con Edison, the giant New York investor-owned utility. “It’s real decisions; real pressure.”

He said he quickly saw the importance of cross-training security operations center staff, which hunt the adversary, and operations staff, which keeps the lights on.

“[Security Operations Center] and [Operations] speak different languages,” he said. “The SOC saw the alert. Ops didn't know what it meant for the grid. You have to figure out how to work together.”

Another key takeaway: The goal is to learn, not to win.

Discovering how the red team located holes and exploited the system “is where the value lives,” said Esplin. “It was a real-time learning experience.”

DOE’s CESER and four national laboratories plan and execute Liberty Eclipse. At its conclusion, they explain what took place and answer questions from participants about why certain procedures or policies failed or succeeded.

“Liberty Eclipse has room for every type of training,” said Esplin, adding that the exercise provides the opportunity to make key contacts who can help weather a cyber emergency.

“If you have that connection set, you’re not in the middle of a cyber event and asking, ‘Who do I call?’ You already have those connections.”

Co-ops interested in the Liberty Eclipse co-op exercise Sept. 29-Oct. 2 should contact the NRECA cybersecurity team’s Carter Manucy (Carter.Manucy@nreca.coop) or Ryan Newlon (Ryan.Newlon@nreca.coop) for more information. There are limited spaces available.