In 2023, ENCS developed, together with member organizations, a series of scenarios to be used during a tabletop exercise. The objective of this exercise is to go through the incident response processes with all the roles involved in it to practice them and to test that the process works as intended.
The processes involve both security experts (such as SOC and CSIRT staff, and security officers) and operational grid specialists (such as control center operators, substation engineers, and crisis managers). It is important that everyone involved knows their responsibilities, and who they should communicate with in case of an incident.
This document outlines the scenario of a physical break-in in a high-voltage substation in which the intruders have tampered with digital equipment. Member organizations can use this scenario as a baseline and use their incident response processes to guide the expected answers during the exercise.
Menu