Government Security News: New CIP standards provide a catalyst to unite security with operations in electrical utilities

By March 10, 2015 April 7th, 2015 QTSI News

MarkTinker_headshotgovernment security newsAs published in Government Security News

By Mark A. Tinker, Ph.D.

In late 2014, the Federal Energy Regulatory Commission (FERC) outlined new rules, which take effect in 2016, requiring electrical utility companies to determine the key electric transmission stations and substations that could have large scale impact on the US electrical grid.

Heading into 2015, those tasked with securing the national electrical grid must proactively enhance their security posture to address these critical infrastructure protection guidelines. However, large power corporations are starting to realize it is possible to capitalize upon compliance by leveraging security investments across other departments. Enhancing security not only has the desired effect, but when done from an holistic perspective, it can actually improve operations, increase asset resilience, and improve rate payer value. In other words, security is no longer a line item in a budget, but a critical element of corporate performance.

According to an article in the Wall Street Journal in November 2014, large power companies such as PG&E and Dominion Resources plan to invest hundreds of millions of dollars to alleviate current weaknesses that incidents like Metcalf exploited. Among the vulnerabilities common to electrical transmission substations were remoteness of assets, security operators lack of confidence in alerts, and the image quality from cameras, especially in darkness or difficult weather conditions.

Addressing these vulnerabilities means proactively turning operator intuition into intelligence. Intelligence stems from validated alerts that lead to action, whether by operator initiative or automatically by the security system. This leads to proactive deterrence.

Shift from Reaction to Deterrence

Since 9/11, reaction became the dominant element of the new security paradigm. Today, while reaction is still a common and necessary requirement, a new theme is appearing, which is deterrence. It is now possible to model how modern perimeter intrusion systems can significantly increase the probability of deterrence. As utility companies strengthen their security posture, they seek to deter or delay threats before they can act. A driver for deterrence capability is having space and time available for intercession.

The technologies that enable deterrence also add value to business operations and resilience. Operators can now confirm with security if they are witnessing an anomaly and if so, begin to take necessary actions.

Integrated Security Enabling Defense in Depth

What is most intriguing are emerging new technologies that can single-handedly do much more than ever before, yet when integrated with other technologies or existing systems provide superior intelligence that can be integrated into operations or other non-security functions. For example, new, concealed seismic sensors are able to detect and classify complete threat profiles such as vehicle activity, pedestrian activity, gunfire, even lightning, in non-line-of-sight conditions. Validating the results with other sensors allows the security operator to confidently and quickly act, or the system automatically employ reactive measures, such as audible or visual warnings directed at the possible intruder. Even more impressive is how integrated architectures can even ascertain intent within a broad awareness zone outside the fence, all from sensors at or inside the fence line. For example, is the gunfire a legal hunter or actual threat?

The North American Electric Reliability Corporation (NERC) sets out best practices for delivering early warning and opportunities for rapid response. With these new technologies, the tip of the security spear has pushed the boundary of the awareness zone farther out in distance and time. Potential threats such as gunshots can be detected and classified outside the perimeter sooner and with greater accuracy. This ability to reach beyond a perimeter, such as a fence or property line, provides a significantly increased level of situational awareness, increasing time and space in which to act.

Collaboration between Security and Operations

In light of instances such as the Metcalf attack and burglary incidents which often go unreported, leading utilities see the financial and operational benefit of achieving fewer intrusions, suffering fewer losses that derail safety, or reducing expensive system redundancies. Collaboration between security, IT, and operations yields reduced operational expenses and affords increased uptime. In the event of an incident, be it security or otherwise, the additional data may provide forensic information for later understanding, criminal prosecution, or system efficiency improvement.

With 2016’s new rules for electrical utilities as a catalyst, there is a growing understanding among energy company leaders that increased collaboration between security and operations yields reduced operational expenses and results in increased uptime. The reaction culture remains ever important, but now we can validate our intuition and intercede as necessary, all with a high level of confidence. Leveraging the security awareness zone and the intelligence it provides is just the beginning.

About Mark Tinker

Mark Tinker, PhD, is the CEO of Quantum Technology Sciences, a science and engineering company delivering real-time situational awareness solutions around critical infrastructure assets to expand and enhance physical security.