Cybercriminals don’t care whether a utility serves ten million people or ten thousand. The grid is one interconnected system — and a breach anywhere can ripple everywhere. That reality is reshaping this year’s GridEx exercise, where for the first time small municipal utilities and rural cooperatives are joining the nation’s biggest power companies in preparing for large-scale cyberattacks.
GridEx — the biennial simulation run by the North American Electric Reliability Corporation (NERC) — has traditionally been dominated by major utilities and regional grid operators. But this year looks different. Rural electric cooperatives, small-town municipals, and even Canadian power companies are taking their places in a training environment once reserved for industry giants.
Think of GridEx as a massive multiplayer war game, except the attacks are real-world cyber threats that could shut down power systems. For years, the exercise resembled an exclusive club where only the largest players had seats at the table. The wider participation reflects a sobering truth: in a grid this interconnected, a successful attack on the smallest utility can cascade quickly, knocking out power far beyond its borders.
Small utilities have long operated on the margins of cybersecurity discussions, often without the budgets or specialized staff their larger counterparts rely on. A rural cooperative serving 10,000 customers doesn’t have the same security infrastructure as a utility serving millions. Yet their substations, control systems, and communication networks are equally exposed — and sometimes more vulnerable due to limited resources.
Bringing them into GridEx isn’t symbolic. It’s strategic. Grid security is only as strong as its weakest link, and attackers know it. When cybercriminals target critical infrastructure, they exploit gaps wherever they exist, regardless of company size or market capitalization.
A Continental Defense Effort
The inclusion of Canadian utilities adds another layer to this year’s exercise. Electricity doesn’t observe national borders; power routinely flows back and forth between the U.S. and Canada. A cyberattack that disrupts Canadian generation or transmission can immediately affect American consumers — and the reverse is equally true.
This cross-border coordination mirrors the physical reality of the grid. When Texas experienced its devastating winter storm in 2021, the failures demonstrated how regional vulnerabilities can have national implications. Cyber threats operate the same way: they require cooperative defense strategies, not isolated responses.
Canadian participation also introduces different regulatory frameworks and emergency procedures that must be reconciled during crisis scenarios. GridEx offers a rare space to test how these systems function together — and to reveal gaps before attackers find them.
The Expanding Cyber Ecosystem
Perhaps the most telling shift is the involvement of participants outside the traditional electricity sector. Modern grid operations rely on an intricate ecosystem of vendors, technology providers, and service companies. Cyberattacks often penetrate through these third parties — a lesson underscored by the Colonial Pipeline ransomware attack, which began with compromised administrative systems rather than pipeline controls.
GridEx now includes natural gas suppliers, telecommunications firms, equipment manufacturers, and other partners whose systems intersect with grid operations. Their presence creates a more realistic simulation and helps build the relationships that matter during real emergencies. In an actual cyber incident, seconds matter — and knowing who to call, and how to coordinate, can determine whether damage is contained or allowed to spread.
What This Means for Energy Consumers
For consumers, the evolution of GridEx brings both reassurance and urgency. The growing participation of small utilities signals that cybersecurity awareness is no longer confined to major companies. Your local cooperative or municipal utility is thinking about cyber risks — and preparing for them.
At the same time, the expansion underscores the seriousness of the threat. Utilities are not participating in these simulations for theoretical practice. Cyberattacks on infrastructure are widely considered inevitable. The real question is how quickly and effectively utilities can respond when an attack comes.
The broader GridEx network helps ensure that response is stronger, faster, and more coordinated. A small municipal utility in Montana can tap expertise from larger grid operators. A major transmission provider can gain visibility into vulnerabilities in smaller systems they depend on. The entire industry benefits from a more integrated understanding of the grid’s cyber landscape.
As the grid becomes more digital and more interconnected, exercises like GridEx are no longer optional. They are foundational. Protecting power lines and substations remains essential — but so is defending the digital systems that make the modern grid work.
Cybersecurity is now part of keeping the lights on. And for the first time, the full spectrum of utilities is training to meet that challenge together.
