As our energy systems transition to become cleaner and more sustainable, they must remain resilient and secure so they can not only withstand disruptions, but also recover from them without issue.
Office of Cybersecurity, Energy Security, and Emergency Response
January 9, 2024
minute read time
As our energy systems transition to become cleaner and more sustainable, they must remain resilient and secure so they can not only withstand disruptions, but also recover from them without issue. The need for better, smarter, and stronger cybersecurity measures that support these new technologies and interconnected networks rises in tandem with this transition. Preparedness exercises, like the Liberty Eclipse Full-Scale Exercise (FSE), help ensure that our systems, our technology, and most importantly, our people are ready for anything.
Conducted by the Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) in October 2023, Liberty Eclipse convened security operations center and operational technology (OT) experts from six utilities to test their cybersecurity plans in a state-of-the-art cyber-physical range. This FSE was not a virtual simulation of a cyberattack. Using the fully energized cyber-physical range built with commercial protection and control devices using systems commonly found in utility substations across the country, participants could experience the actual indicators and effects from realistic attacks, without the risk of disruption to production systems or the utility’s safe and reliable power to actual customers. Read on to explore some of the unique aspects of this annual FSE.
“We feel confident that we were successfully able to exercise our architecture in the way that we intended.”
Alex Waitkus, a participant from Southern Company’s Power Delivery Cybersecurity Team.
Shared Learning for Defense and Resilience
Liberty Eclipse emphasizes interdisciplinary collaboration during an immersive hands-on multi-day live exercise. In the exercise, the Blue Team, consisting of utility participants, worked to maintain reliable electric power to their customers while defending their systems against attacks from the Red Team, participants from DOE’s National Laboratories playing the adversaries. Different from the competitiveness of most other red versus blue exercises, Liberty Eclipse’s objectives focus on learning and understanding how the attacks occur and how they can be more effectively identified, remediated, and prevented in the future. “Winning” at Liberty Eclipse means leaving with deeper knowledge and understanding, not the result of a red-blue competition.
The exercise is designed to be a no-fault environment where participants are welcome to share ideas, openly discuss, and professionally disagree without real-world consequences. Following periods of adversary activity, the Red Team discussed their approach, actions, and what the utilities saw and how they responded in a discussion with the Blue Team. Participants get to hear what really happened from each team’s perspectives, enabling everyone to learn from successful or failed defense strategies.
Participants can apply these lessons learned from Liberty Eclipse directly to their real-world environment. They were able to bring and validate their own hardware and software configurations in the cyber-physical range and improve incident detection and response processes against realistic adversary activity not available in their own environments.
Bridging the Team Siloes
Utilities are complicated and require teams with distinct skills and capabilities, and it’s common that these teams do not interact often, much less practice collaborative problem solving together. The Liberty Eclipse FSE serves as a driver for practitioners from OT, cybersecurity, engineering, and operations to come together to tackle cybersecurity challenges that impact the entire organization. This kind of coordination and cross-team engagement makes Liberty Eclipse uniquely valuable for participants.
Utilities participating in the Liberty Eclipse 2023 FSE come from across the nation, each with their own strengths and challenges. The exercise environment fosters an open exchange of good practices, knowledge, and support that is richer than and complementary to the industry collaboration on cybersecurity taking place in other venues. The mutual assistance mindset inherent in the backbone of the utilities promotes growth and support across all the participants.
New Partners in 2023
In addition to Federal agencies, DOE National Labs, and private and publicly owned utilities, CESER also invited National Guard soldiers and airmen from multiple states to observe the Liberty Eclipse 2023 FSE. They got a close-up perspective on the exercise play, participating in tailored educational sessions with utilities and national lab staff throughout the week. This experience provided direct exposure to OT and the electric industry, complementing the National Guard cyber units’ primary mission focus on information technology environments.
Want to learn more about Liberty Eclipse and DOE’s other preparedness exercises? Visit CESER’s Exercise and Training Library.