Despite warnings about the risks that electric substations face from lack of updated physical security, electric utilities seem stuck in a rearview mindset, believing that facilities that have not been sabotaged in the past will not be sabotaged in the future. The attack on two substations in Moore County, NC, a few weeks ago proves that this is not the case.
Although electric utilities have invested millions of dollars in cybersecurity threat elimination and cybersecurity phishing campaigns, they have all but ignored physical security enhancements. In our last article, we outlined five steps to create sabotage resilient substations. In addition to these steps, electric utilities must recognize that all the information potential saboteurs need to cause severe damage to electric power grid infrastructure is right at their fingertips: online.
In this article, we take a closer look at several different substations with varying degrees of security. To emphasize the risks associated with readily available information, we have provided images of three regional substations, including satellite views, street level views, and transmission line maps for each substation. Before we jump into these substation images, let’s review NERC Reliability Standard CIP-14.
NERC Reliability Standard CIP-14
Electric substations are classified as regional substations and neighborhood substations. The North American Electric Reliability Corporation (NERC) has promoted Reliability Standard CIP-14 for critical, regional substations with this stated purpose:
“To identify and protect Transmission stations and Transmission substations, and their associated primary control centers, that if rendered inoperable or damaged as a result of a physical attack could result in instability, uncontrolled separation, or Cascading within an Interconnection.”
In practice, adherence to NERC CIP-14 is only required for major regional substations with significant interconnection operations. This means that of the 79,687 substations listed in the Homeland Infrastructure Foundation-Level Database (HIFLD), less than 1,000 are equipped with robust physical security.
Shortfalls of CIP-14
Neither electric utility regulators nor governmental agencies provide any further regulations for physical security requirements for neighborhood substations or “less critical” regional substations. This lack of regulation leaves the vast majority of substations vulnerable to sabotage.
Knowledgeable, well-armed paramilitary groups can locate every regional and neighborhood substation anywhere in the U.S. in less than one hour using open source data. With a quick Google search, they can obtain images of critical components that are placed in every substation, thereby gaining an understanding of how to disable a substation.
This risk must be recognized and addressed at the state level. Every state needs to develop physical security requirements for all substations, including those that power neighborhoods.
Substation 1: Minimal Physical Security
The regional substation presented in Figures 1-3 does not have updated physical security requirements per NERC Reliability Standard CIP-14 because, if sabotaged, it does not present a risk to interconnection operation. However, despite this substation not meeting NERC requirements for updated physical security, updates should still be made.
The images of this open-air, regional substation located in Mid-America, shown in Figures 1-3, are easily accessible via a quick Google search. The street and satellite views are easily found through Google Maps, while the transmission line map is available on the HIFLD database. As the street view shows, this substation has minimal physical security.
Figure 1 shows the street view of an open air, regional substation located in Mid-America.
Figure 2 shows the satellite view of an open air, regional substation located in Mid-America.
Figure 3 shows the transmission line map for an open air, regional substation located in Mid-America.
Substation 2: NERC CIP-14 Security Requirements in Place
The open air, regional, east coast substation in Figures 4-6 below has been upgraded to NERC CIP-14 requirements. Though it is more secure than the substation above, improvements could still be made to enhance the physical security. Images were found using the same means as Figures 1-3 above.
Figure 4 shows the street view of an open air, regional substation on the east coast.
Figure 5 shows the satellite view of an open air, regional substation on the east coast.
Figure 6 shows the transmission line map for an open air, regional substation on the east coast.
Substation 3: Indoor, Easily Secured
The regional substation in Figures 7-9 below is indoors and could be easily secured with a few strategic enhancements. Indoor substations are recommended because of the ease with which they can be secured, as well as the discrete nature of their appearance on the outside.
Figure 7 shows the street view of an enclosed, regional substation on the west coast.
Figure 8 shows the satellite view of an enclosed, regional substation on the west coast.
Figure 9 shows the transmission line map for an enclosed, regional substation on the west coast.
Update Physical Security Standards Now
Physical security enhancements are vital for the continued reliability of electric substations across the U.S. It is likely that potential saboteurs will become more aware of the ease of access to information about substations online. As awareness increases, so too does the risk of a substation attack.
Furthermore, as regulated monopolies, electric utilities need to recognize physical security as part of their corporate social responsibility. Increased physical security should not increase consumer costs. This is possible, despite nay-sayers from within the industry.
Do you have questions about enhanced physical security? Are you looking to increase the security of your grid infrastructure? Contact us, we are happy to help. And check out our security blog collection for more information.