Last week, we questioned whether the attack on two Moore County substations that led to a days-long blackout for tens of thousands would prompt utilities to update their physical security standards for electric power grid infrastructure, including critical and neighborhood substations.
Though innovation assassins employed at electric utilities continue to claim that improving physical security is too costly, other industries have already implemented the techniques outlined in this article. The issue of cost is really an issue of time: will utilities invest in better physical security before an attack and prevent a potentially massive wide area blackout, or will they wait until the attack occurs and spend the money to repair damaged components while customers sit in the dark?
For utilities looking to preemptively update their physical security measures, implementing these five steps can create sabotage resilient substations:
Conducting a threat assessment.
Deciding which assets to protect.
Hardening perimeter and interior designs.
Improving intrusion detection.
Creating a response plan.
Let’s take a closer look at each of these steps. We’ll also take a deep dive into bolstered threat action requirements and notification strategies.
Prescient’s Background in Physical Security
Prescient’s staff has worked in a variety of places with varying degrees of protection from sabotage and attack:
Military bases, including Andrews Air Force Base in Maryland, Fort Belvoir in Virginia, Joint Base Lewis McChord in Washington, and others.
Nuclear power plants, including Palo Verde, Arizona; Diablo Canyon, California; Bruce, Canada; Fitzpatrick, New York, Susquehanna, Pennsylvania, South Texas, Texas, and others.
Regional and neighborhood substations across the U.S., in states such as Pennsylvania, Delaware, Maryland, New Jersey, New York, Illinois, Oregon, California, and others.
Because of these experiences, we are aware of differences in Department of Defense (DoD), Nuclear Regulatory Commission (NRC), and North American Electric Reliability Corporation (NERC) physical security requirements. We see the need to blend DoD and NRC perspectives into NERC Reliability Standards and the need to establish requirements for neighborhood substations.
Create Sabotage Resilient Substations in 5 Steps
By implementing the 5 steps outlined below, electric utilities can increase the resilience of their substations against acts of sabotage, vandalism, and theft.
1. Conduct a Threat Assessment
Electric utility security and operating staffs need to decide what threats they want to protect against. Threats may include:
Intrusion
Weapon fire
Forced entry (vehicle)
Bomb assault
Sabotage
Insider action
Electric utilities and their partners (NERC and political entities - mayors, governors, and regulatory agencies) need to agree on the risk threats that electric utility infrastructure should be protected against.
2. Decide Which Assets to Protect
Electric utilities need to decide what assets they want to protect: selected components, such as transformers, circuit breakers and control buildings; regional substations; or neighborhood substations.
Utilities may decide to harden physical security at all locations, those considered to be most vulnerable, or those that are most critical to grid and neighborhood reliability. Additionally, utilities may consider installing extra measures of protection for components with limited spares or components with long delivery times.
3. Harden Perimeter and Interior Designs
After the threats are defined, electric utilities need to decide if they want to construct indoor substations or open air substations. In both cases, they need to provide a means to deter the threat. Hardened designs should be required in all regional substations, and for selected components in neighborhood substations.
Hardened designs include fences, barriers, or walls that are robust enough to prevent intruders from climbing to gain entry and to withstand small arms fire. Hardened barriers should be strong enough to prevent forced entry using weighted trucks, such as was used in the 2020 Nashville communications center bombing. Sally ports can be used to prevent unauthorized entry when a gate is open.
4. Improve Intrusion Detection
After robust perimeters are established, electric utilities need to detect intruders and perimeter damage, and communicate intrusion to security personnel, who will contact law enforcement and substation technicians.
Intrusion detection should be focused on specific threats to specific components. It must be able to detect and track intruders, and enable security personnel to determine if intruders are on site when first responders arrive. The substation should be monitored for small arms fire from nearby areas and for projectile impacts within the substation.
5. Create a Response Plan
Security personnel should respond to threats first and establish incident command. They will determine if intruders are vandals, thieves, or saboteurs. When sabotage is suspected, security personnel should notify law enforcement.
At the same time, substation technicians should be on standby, nearby, until security personnel determine that it’s safe for them to enter the substation. This will prevent substation technicians, who are not trained first responders, from potentially being in harm’s way.
Once law enforcement arrives or saboteurs have left the substation, substation technicians can assess the damage to critical components. When substation technicians arrive, they must be equipped with patch kits to seal leaks, secure doors, etc. If intruders remain on site, substation technicians should escort and advise law enforcement.
Security personnel should be able to monitor multiple substations and determine if intruders remain inside. As the situation unfolds, security personnel should continue to notify law enforcement and substation technicians of continuing risks.
Create a Plan Before a Threat Occurs
While all steps above are important, step 5 is critical for increasing substation resilience. Table 1 provides threat action requirements of the Department of Defense (DoD), nuclear regulatory authorities, and NERC for critical, regional substations.
NERC's requirements should be updated to more closely resemble those of DoD and NRC. Threat action requirements should also be developed for neighborhood substations. Force on Force (FoF) drills are simulated intrusions by paramilitary personnel who have experience scaling fences, disabling cameras, etc.
Table 2 lists alert notifications based on observations of security personnel at their central office. Green indicates that it is safe for substation technicians to respond immediately. Yellow indicates that substation technicians should wait in a nearby area until law enforcement arrives. Red indicates that law enforcement should be prepared to meet resistance by intruders. White indicates that no alert would be issued to that entity. When alerts are broadcast, utility personnel should not enter substations unless intruders have left the facility or law enforcement has arrived onsite.
Like Saboteurs, Electric Utilities Must Learn from Others
Saboteurs are learning from others. The Moore County, North Carolina substation attack was more effective than the Metcalf, California substation attack in 2013. Like saboteurs, electric utilities need to learn from others. They need to understand DoD requirements at embassies and NRC requirements at nuclear power plants.
Updates to Power Grid Physical Security are Essential
By following the five steps outlined above, electric utilities can enhance the physical security of existing substations and create new substations that are sabotage resilient. It is essential that electric utilities update their physical security standards before another act of sabotage creates a wide area blackout.
To check out Prescient’s ideas for improved physical security for the electric power grid, see our security blog collection. Or contact us to learn more.
Comments