The recent cyberattack on the Colonial Pipeline has spurred nationwide discussions on what should be done to strengthen cybersecurity for critical infrastructure. Cybersecurity is a vital aspect of critical infrastructure protection; however, it is not the only security concern.
Physical threats to critical infrastructure, especially to that of the electric power grid, are still a major concern. Though some enhancements were made at critical facilities after the assault on Pacific Gas and Electric’s Metcalf Transmission Substation in 2013, much more needs to be done.
Physical security measures must continuously be considered to prevent significant power system damage caused by vandalism, sabotage, or even domestic terrorism. The electric utility companies monitored by the North American Electric Reliability Corporation (NERC) are unprepared for a sophisticated physical attack, whether perpetrated by a vandal, saboteur, or domestic terrorist group.
By learning from the physical security measures implemented by the nuclear power industry, the electric utility industry can improve physical security measures and prepare for the foreseeable physical attack. Let’s compare the current physical security standards of the electric utility industry with those of the nuclear power industry.
Physical Security Standards in the Electric Utility Industry
When considering physical security, electric utility companies typically focus only on a direct attack on a critical substation by a domestic terrorist, with handheld weapons at the fence line. This is what occurred during the attack at Metcalf Substation, though it was done by a group rather than an individual. As this is the primary consideration, most physical security guidelines for the electric utility industry center around this model of attack.
Of NERC’s Reliability Standards for the Bulk Electric Systems of North America, only one 36-page document addresses physical security standards for critical infrastructure, while 15 standards address cyber security.
On the other hand, the Department of Defense offers a 321-page facilities planning manual that includes strategies for a wide variety of security issues. This type of manual would better prepare facilities that follow its guidance to prevent a physical security breach. However, this manual is not specific to electric power infrastructure.
Physical Security Standards in the Nuclear Power Industry
At nuclear power plants, a variety of physical security threats are considered and addressed in written standards because of the volatile and potentially dangerous nature of materials used in the industry. Physical security threats that are evaluated by the Nuclear Regulatory Commission (NRC) are outlined in NRC Regulations CFR Part 73, and include:
Terrorists with handheld weapons at the fence line or at nearby elevations.
Terrorists with vehicles that are used to breach fences.
Terrorists with explosives.
Disgruntled employees with access to handheld tools and insider knowledge.
Nuclear power plants establish redundant security barriers, which include vehicle intrusion prevention and personnel intrusion detection systems. Armed security guards, whose sole purpose is to provide security to the nuclear power plant, can respond to intrusions within seconds. Plus, important components are placed in secure facilities.
Electric utility companies, on the other hand, install ballistic fences, minimal vehicle intrusion prevention barriers, and limited personnel intrusion detection systems. They rely on local police officers to respond to incidents. Police response may take 15 minutes or more if officers are deployed at another incident such as an automobile accident or a domestic disturbance.
While the nuclear industry is prepared for almost any occurrence, electric utilities tend to underestimate the extent of damage to grid infrastructure, and the negative impact on energy consumers, should a physical security breach occur.
Threats to Physical Security Must be Addressed
Acts of vandalism, sabotage, and terrorism are not new to critical infrastructure or the electric utility industry. The power grid vandalism spree of Jason Woodring in 2013 is an indication of the destructive capabilities of individuals with little electrical knowledge. The attack on the Chicago air traffic control center by Brian Howard in 2014 illustrates the damage that can be caused by a disgruntled employee with insider knowledge.
If a disgruntled power system employee had unrestricted access to a critical substation, they could easily create a multi-state blackout in less than a minute. A sophisticated terrorist could create a multi-state blackout just as quickly, if the terrorist had “line of sight” view to a critical substation.
To remedy these threats, new security protocols must be implemented. For example, if only one person is in the critical substation for more than 30 seconds, security personnel will be notified, and an alarm will sound. This will prevent lone-wolf disgruntled employees from enacting significant damage. Likewise, physical barriers, such as walls that block line of sight, could prevent a terrorist attack from causing significant damage.
It’s also important to note that only a handful of companies manufacture components placed in critical substations. A sophisticated terrorist could search the internet to find weak points in electric facility components and physical security. Google Maps and images display close-up and aerial shots of most critical infrastructure pieces of the power grid, including substations and generating stations.
The Time to Update Physical Security is Now
When assessing physical security, the most important considerations are vulnerability, extent of impact, and recovery. No critical substation should be vulnerable to an attack by a disgruntled employee or a sophisticated terrorist. No major metropolitan area should be vulnerable to grid collapse by sabotage at a single substation.
By performing a power system security assessment for critical infrastructure and addressing significant findings, all vulnerabilities that can lead to wide area blackouts can be eliminated.
Of course, physical security breaches by sophisticated individuals are still possible, even with increased physical security measures in place. Therefore, every electric utility should be prepared to recover their system in less than 24 hours, regardless of the extent of damage at a single substation.
In the next installment in this series on power system security, I’ll discuss recovery strategies and DOD perspectives. If you’d like to dive further into the topic of infrastructure security or schedule a risk assessment for your critical infrastructure, contact us. We’d love to talk security with you.