State of the Interconnection 2025

Security

Physical Security Intrusions

There were 220 physical security intrusions in the Western Interconnection reported to DOE in 2024, more than double the number reported in 2023. Although very few of these incidents resulted in loss of load or otherwise affected the grid, the increase in these attacks forces entities to devote more resources to combating them.

Cybersecurity Incidents

The number of cybersecurity incidents rose in 2024 as hackers deployed AI to increase the precision and speed of their attacks, using the technology to outsmart traditional security measures and target more victims. This trend is expected to accelerate in 2025. One element to combat cybersecurity threats is education and information sharing through events like GridSecCon, GridEx, and WECC's Power Systems Security Conference. These types of events foster the collaboration that is key to keeping the system secure.

220 physical security intrusions reported, 13th annual GridSecCon Security Conference, 4 Cyber incidents reported.

Power System Security

white and black camera on tripod

Physical Security Update

In 2024, there were 220 physical security incidents in the Western Interconnection reported through Department of Energy form 417 (DOE-417). While the 2024 number is more than double the number of incidents reported in 2023 (107), the increase can largely be attributed to a big increase in the number of minor incidents reported by a single entity. The 220 incidents include assaults, ballistic damage, intrusion, vandalism, theft, and suspicious activity.

The Electricity Information Sharing and Analysis Center (E-ISAC) collects physical security incidents as well, using a different classification system that ranks the risks from Level 0 to Level 3. The vast majority of events in 2024 were Level 1, criminal activity with no impact on the grid. Much less than 1% were classified as Level 3.

Colorful software or web code on a computer monitor

Cybersecurity Update

In 2024, in the Western Interconnection, there were four cybersecurity intrusions reported through the Electric Emergency Incident and Disturbance Report (DOE-417). These attacks can cause system interruptions and loss of load while diminishing resilience and recovery measures. Nearly half of the risks listed in the WECC Risk Register are related to cybersecurity, including risks related to insider threats, malware, phishing, and artificial intelligence. Through monitoring and enforcing Critical Infrastructure Protection standards, training and educating entities about best practices, and sharing information about events and threats, WECC and the ERO Enterprise help entities address this risk.

E-ISAC launches educational partnership to combat security threat

In December 2024, E-ISAC bolstered its cybersecurity efforts by partnering with the SANS Institute, the world’s largest global provider of cybersecurity training, certification, and research. This partnership is designed to provide E-ISAC members with free access to the SANS Institute’s electric-sector specific content, including white papers, webcasts, and webinars.

The partnership, through the E-ISAC Vendor Affiliate Program, will also provide discounted access to SANS Institute’s cybersecurity training and courses.

The SANS Institute specializes in training cybersecurity practitioners and leaders. Its work with E-ISAC will bring world-class cybersecurity expertise to the electric sector, providing real-time technical insights and access to a range of courses, certifications, content, and events.

aerial photography of city during night time

DOE Energy Threat Analysis Center

Recognizing the threat that cyberattacks pose to the energy sector, Congress directed DOE to develop a program to mitigate the risk as part of the Bipartisan Infrastructure Law in 2021. As a result, DOE launched the Energy Threat Analysis Center (ETAC) as a pilot in 2023, and it became fully operational in October 2024. Led by the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), ETAC uses a collaborative approach with experts from the federal government, national laboratories, and the energy industry working together to protect critical infrastructure and respond to threats to the bulk power system.

The Center's Goals

ETAC's Goals are to improve the understanding of the national security risks associated with the energy sector, develop a better understanding of the tactics, capabilities and activities used to by those who conduct cyber attacks, increase sharing and analysis of actual likely cyber threats, develop actionable threat information and share insights and mitigation efforts.

2024 Security-focused Events

Power Systems Security Logo

WECC Power Systems Security Conference

WECC's second annual Power Systems Security Conference took place in Salt Lake City in August 2024. The three-day event featured panelists sharing information on cyber- and physical security threat vectors, detection, management, and industry best practices. Presenters came from a range of agencies, including Department of Homeland Security, FBI, Idaho National Laboratory, and the Cybersecurity and Infrastructure Security Agency.

The Power Systems Security Conference is scheduled for August 12-14, 2025 in Salt Lake City.

GridSecCon 2024 Logo

GridSecCon

The 13th annual GridSecCon security conference occurred over three days in October 2024 in Minneapolis, bringing together a cross section of representatives from industry and government to discuss grid security threats and planning. The event featured:

  • Education and training to promote the reliability of the bulk power system
  • Cutting-edge discussions on security threats, vulnerabilities, and lessons learned from senior industry and government leaders
  • Sharing security best practices for reliability concerns, risk mitigation, and cyber- and physical security threat awareness

WECC is co-hosting GridSecCon 2025 with NERC and E-ISAC October 7-10, 2025 in Las Vegas.

GirdEX VII Logo

GridEx VII Report

In April 2024, NERC released the GridEx VII Lessons Learned Report. The report provides a detailed review of the GridEx VII exercise, which occurred in November 2023. More than 15,000 participants from approximately 250 North American organizations participated in the virtual exercise. The report provides recommended actions for industry, policy, and government partners, E-ISAC, and other stakeholders to prepare for and respond to security incidents that affect the bulk power system, including:

  • Electric utilities should increase coordination with non-federal government partners
  • The ability to communicate accurate and timely information to stakeholders when responding to events is critical

The GridEx VIII exercise is scheduled for November 18-19, 2025 across North America.

TopBuilt with Shorthand