Controlled chaos

Minnkota and its members recently participated in GridEx VIII, a nationwide event that simulates physical and cyber mayhem.

Ben Fladhammer

December 19, 2025

On a calm November morning, the hallways inside Minnkota’s headquarters were humming with a kind of purposeful chaos. Phones buzzed with urgent updates. Teams huddled over maps and monitors. Across conference rooms, more than 100 people – including cyber specialists, operations crews, communicators and many others – braced themselves for an escalating series of grid emergencies.

None of the threats were real. But the pressure sure was.

Theresa Allard, Minnkota compliance manager and GridEx co-organizer, sends out new information to the players, known as injects, to keep the game moving forward. (Minnkota/Michael Hoeft)

The name of the game is GridEx VIII, and Theresa Allard, co-organizer and Minnkota compliance manager, said the goal is to create realism but also simulate stress during the two-day exercise.

“We want them engaged through each step of the exercise, and we also want them to feel a little bit of pressure,” Allard said. “There’s a lot being thrown at them at one time. It’s hard to get it exactly right, but we have fun trying.”

Representatives from Minnkota’s member cooperatives play the game together in a conference room, which helped them collaborate on complex scenarios. (Minnkota/Michael Hoeft)

GridEx is one of the world’s largest grid security exercises organized by the North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC). For Minnkota and its members, it was the most expansive and collaborative version of the event the cooperative has ever undertaken. Together they faced simulated cyber intrusions, malware outbreaks, terrorist activity, supply disruptions, misinformation campaigns and even fictional grid attackers with chainsaws. The onslaught of challenges pushed the GridEx players to practice what they hope they never face: a cascading grid crisis with real-world consequences.

A storyline set in reality

For 2025, NERC’s E-ISAC delivered a scenario that felt uncomfortably realistic. Global political tensions simmered. A hostile nation-state known as “Crimsonia” unleashed sophisticated malware – called Icy Gunk and Group Think – while fueling a wave of misinformation and coordinating physical threats across the country.

Troy Karlberg (foreground) reviews documentation on his laptop. Karlberg represented the Young Station’s safety and physical security team. (Minnkota/Michael Hoeft)

The scenario even tied into the upcoming North American World Cup, which will be hosted in the United States, reflecting how geopolitical events can ripple into grid security.

“This was one of my favorite GridEx storylines,” Allard said. “It’s fairly relevant to what we’re actually seeing globally.”

For co-planner Brandon Trontvet, Minnkota’s Senior Manager of System Operations and Operational Technology, the storyline’s realism was striking.

Brandon Trontvet, a GridEx co-organizer, addresses the crowd during a hotwash – a time to gather and collectively share information and lessons learned. (Minnkota/Michael Hoeft)

“E-ISAC really put some thought into this,” he said. “They’re incorporating what’s happening in the geopolitical world and making it realistic. There’s a real preparedness we’re trying to get toward as an industry.”

Building the playbook

Minnkota’s GridEx planners began preparing for the exercise back in January, long before the fictional adversary made its first move. E-ISAC provides the overarching narrative and a master inject list – a library of potential scenarios planners can use. Minnkota’s planning team customized the national scenario into something that hit home for the players protecting assets in North Dakota and Minnesota.

“We take the framework and customize it specifically to Minnkota and our co-ops,” Trontvet explained. “This year we brought in controllers (subject matter experts) to help tailor the injects. They were integral in putting the finer details in.”

Minnkota’s Matt Odermann (left) and Dan Inman have a passing conversation during the exercise. (Minnkota/Michael Hoeft)

Those details matter. As the scenario unfolded, the tempo quickened. Multiple attacks layered on top of one another. Communications systems faltered. Equipment alarms sounded. Misinformation spread.

Minnkota’s member distribution cooperatives, who provide retail service to the end-use consumer, had about 30 staff members onsite to participate in the exercise with Minnkota personnel. The members embraced the pressure.

“The experience was incredibly fast-paced, much like what a real crisis would feel like,” said Angela Lyseng, Beltrami Electric Cooperative’s communication specialist. “Keeping up with multiple unfolding scenarios at once was challenging, but it made the training meaningful.”

Beltrami Electric’s Angela Lyseng reviews plans on her laptop during the exercise. (Minnkota/Michael Hoeft)

For Wild Rice Electric’s Tommy Houdek, director of member services and communications, the intensity forced creativity.

“We had to think both critically and creatively as we responded,” he said. “Whether managing limited communication channels or adapting to rapidly evolving circumstances, it kept us alert and engaged.”

As chaos ensues, Wild Rice Electric’s Tommy Houdek makes a call to Minnkota’s control center. (Minnkota/Michael Hoeft)

The exercise scenarios became storytelling sessions in real time, with co-ops learning from each other’s lived crises. Many aspects of the exercise had happened in real-life – even the chainsaw attacks to power infrastructure.

“Bringing that experience forward so others can prepare – that’s literally what we’re trying to do,” Trontvet said.

Strengthening relationships

One of Minnkota’s goals this year was strengthening internal and external relationships. Creating connections before the crisis happens can help improve the response when a threat occurs in real life. That meant involving agencies directly in the simulation.

This year’s exercise included partners from Oliver County (N.D.) Emergency Management, North Dakota State & Local Intelligence Center (NDSLIC), Midcontinent Independent System Operator (MISO), Otter Tail Power Company, ACES and the Grand Forks Air Force Base.

“In the past, we might have said, ‘We’ll call county emergency management,’ but we didn’t actually do it,” Allard said. “This time, not only did we call them – they were actually here.”

No matter how well GridEx is scripted, its success hinges on the people responding to it.

“Experiences shared by other co-ops and agencies offered perspectives we might have missed on our own,” Houdek said.

(Left to right) Neil Kramar, Brandon Zinne and Casey Axtman from Minnkota’s Milton R. Young Station team collaborate on a scenario. (Minnkota/Michael Hoeft)

Nikki Carson-Marquis and Andy Fuhrman from Minnkota’s compliance team review “Aha!” cards, which were designed for players to quickly jot down lessons learned and other takeaways. (Minnkota/Michael Hoeft)

What comes next

With the 2025 exercise complete, Minnkota planners are sifting through over 80 “Aha!” cards – handwritten reflections from participants capturing areas for improvement — as well as a post-exercise survey.

“A lot of the items are very achievable,” Allard shared. “Documentation, coordination, developing criteria and processes. We’ll turn these into actionable tasks.”

The planners expect to wrap up their analysis in January, then take a brief breath before planning begins anew for GridEx IX in 2027.

Through it all, the focus remains clear.

“We want to keep getting better,” Trontvet said. “The point of these exercises is preparedness, and we’re committed to strengthening that every time.”

MAIN IMAGE: Dan Inman, Senior VP of Power Delivery and Chief Information Technology Officer, addresses the more than 100 GridEx players representing Minnkota and its member cooperatives during a designated debrief session.

Tags:

Beltrami County Electric Cooperative