A delay, detect, respond strategy is no longer effective as the only means of power system security. We need to move beyond the NERC CIP-14-1 recommendations and use a delay, harden, and assess approach. Additionally, we must reevaluate common electric utility practices that result in elevated risk levels when security breaches are considered. Only by taking a holistic approach can we prevent single failures from leading to statewide blackouts.
Prescient offers security assessments and conclusive reports that identify specific risks and intrusion timelines, as well as the extent of damage if a facility is compromised. We take many factors into account when performing risk assessments and therefore have myriad recommendations to improve critical facilities beyond traditional security concerns.
We recommend starting with these three items:
Bolstered perimeter security strategies to prevent intruders from entering critical facilities.
Focused intrusion detection to detect potential threats and inform law enforcement rapidly.
Reinforced interior security to protect critical components.
By implementing these recommended enhancements, the risk of intruders damaging facilities that are essential to the electric power grid can be significantly reduced. Let’s take a look at how it works.
Bolstered Perimeter Security
Perimeter security strategies should deter potential intruders from accessing critical facilities, whether on foot, in a vehicle, or with weapons or explosives. During Prescient’s assessments, specific areas would be analyzed and scored, with the scores indicating the extent of updates necessary to secure the perimeter of critical facilities. There are several enhancements that can be made to current perimeter security systems to bolster their effectiveness, including:
All points of entry and vulnerable points on the outside of a facility should be reinforced to deter unauthorized access. Ideally, all new substation facilities would be housed in warehouses and surrounded with chain link fences. Points of entry must be limited.
Gates and doors must be equipped with a combination of smart locks, contact alarms, and closed-circuit television (CCTV). Gates should also be adequately lit and should remain locked and/or guarded.
Time to climb ratings will be used to determine the extent of updates required to secure a facility’s exterior walls or fencing. Most chain link fences topped with razor wire can be climbed in 20 seconds by a determined intruder. When a second fence with razor wire struts is placed inside the perimeter fence, an intruder may be forced to seek a different point of entry.
Enhancements to exterior walls based on runaway vehicle ratings should be implemented to secure facilities against runaway vehicles. This would prevent a domestic terrorist from loading a truck with sandbags and crashing it through the fence at a critical facility. Enhancements including bollards, jersey barriers, large rocks, and security barricades, a.k.a. King Tut blocks, should be installed to stop the truck before it crashes through the fence.
Drop down ratings would reveal any updates necessary to prevent an angry customer or employee from throwing things into a switchyard from overhead locations, such as a bridge or parking garage.
Blast walls designed to resist direct weapons fire should be installed to protect a facility from bombs or other weapons. Key places to implement blast walls are around critical components, such as large power transformers, control houses, and standby generators. Blast ratings and nearby land features should be evaluated before considering blast walls.
Newly constructed facilities can incorporate these enhancements into their initial designs. At existing facilities, the measures outlined above and more can be implemented to achieve greater levels of security.
Focused Intrusion Detection
Enhancing perimeter monitoring strategies will provide focused intrusion detection. This means updating cameras and other intrusion detection surrounding critical equipment and routing images to security control centers for processing.
To enhance these security methods, updates must be made to CCTV and other video surveillance methods. Motion sensing cameras must be installed. Cameras should have overlapping views to sense potential intruders so that the threat can be assessed. Vibration detectors should be placed throughout the facility. Periodic, unannounced entries must be performed to assess the effectiveness intrusion detection.
Area lighting should be motion activated to be directed at intruders. Adding protective lighting is an inexpensive deterrent to crime. When used in tandem with cameras monitoring, motion detecting lights can illuminate or delay a potential threat. Cameras should be coordinated with local law enforcement for their immediate notification and response.
Reinforced Interior Security
To protect critical components, electrical facilities should be placed in secure, unmarked buildings. Parking garages should be provided for company and contractor vehicles. Sally ports should be installed between electrical and parking garages.
All access to critical areas must be through sally ports equipped with smart locks, contact alarms, and CCTV. Temporary sally ports with guards should be used when oversized loads are moved.
When personnel enter the facility, strict guidelines should be enforced. No one should be allowed to enter an unmanned control house unless they are accompanied by a co-worker. Whenever a single individual is inside a critical facility, an alarm must be initiated, and local police should be alerted.
All cabinets and enclosures in critical areas must be equipped with smart locks, contact alarms and tamper proof hardware. Opening a cabinet door without an employee badge should generate an alarm that can only be cleared by a supervisor.
Enhancements are Essential
Electric utility companies must take proactive steps to prevent worst-case scenario situations, like the Nashville communications center bombing and the Metcalf attack, from happening at other locations. Prescient’s security assessments may reveal the need for more updates than those outlined above. By implementing the enhancements outlined above and more, a potential attack or intruder can be stopped before the power grid is threatened, and critical facilities are damaged.