How security technology can be used to safeguard power grids
Power grids are responsible for providing electrical power across cities and provinces.
Although we don’t often consciously think about the importance of power until it’s unavailable, so many of our daily needs rely on electrical power such as heating, cooling, cooking, and powering computers and mobiles devices — which means they also rely on power grids.
With a wide range of important responsibilities, it’s no surprise that power grids are considered critical infrastructure. However, with most power grids in open facilities, there are increasing concerns over how they’re being physically secured.
The known vulnerabilities of power grids
Power grids are designed to help ensure we are protected against failure. If one line becomes damaged, then another line has the ability to take over. Unfortunately, in the event of a natural disaster, rerouted lines are also at risk, causing a more widespread problem, as initial failures that are close together are most susceptible to larger cascades, such as blackouts.
When a grid fails, it comes at a high price. Transformers are expensive and difficult to replace because there are only a few manufacturers of transformers in the world, with each costing around one million dollars and weighing up to approximately 500,000 pounds. In Canada, one of the most well-known power grid failures was the Northeast blackout of 2003 that knocked out power for 50 million people in Ontario and Quebec, and parts of the Northeastern and Midwestern United States for up to two days.
The event cost an estimated US$6 billion according to the final report from the North American Electricity Reliability Council (NERC).
More recently, Puerto Rico experienced severe consequences from the high price of restoring their power grid when Hurricanes Irma and Maria brought catastrophic damage to the country beginning in September 2017; and as of March 2018, the country had still not returned to full power.
Lack of money and supplies are a huge reason for the delay of rebuilding efforts, especially because the hurricanes hit the generation, transmission and distribution of the power grid – meaning the country is forced to rebuild their power systems from scratch.
After any failure, utility companies need to assess the damage to prioritize the weak links in the grid to improve resiliency in the future. The northeast Blackout of 2003 assessment found the culprit to be a high-voltage power line brushing against overgrown trees in northern Ohio and, eventually, the vulnerable links in Puerto Rico’s power grid will need to be analyzed once the country reaches one hundred percent power to help prevent a similar incident in the future. Protecting against natural disasters that penetrate power grids is something that has always been top of mind, however it’s the unexpected attacks against the perimeter that have become a more prevalent issue.
Protecting power grids from the unknown
The heightened awareness of the need to protect power grids from unknown attacks jolted into government officials and law enforcements minds in 2013, when snipers opened fire on an electrical substation in Metcalf, Calif., and knocked out 17 huge transformers in charge of directing power to Silicon Valley. Electric grid officials had to reroute power around the site and ask power plants in the area to produce more electricity to help avoid a complete blackout. The substation took utility workers 27 days to get it back up and running properly. The incident was an enormous wake up call for the industry as it exposed serious holes in the power grid and critical infrastructure in North America.
Before Metcalf, threats of an attack coming from outside of the perimeter hadn’t been a major area of focus. Security measures were more concentrated on protecting a facility in the event of a natural disaster. The incident opened the eyes of regulators, including the NERC, that additional measures are required to help protect power grids and other critical infrastructure from a potential coordinated attack.
An integrated approach to securing power grids
According to the Canadian Electricity Association, the North American power grid consists of over 35 electric transmission interconnections between the Canadian and United States power systems, forming a highly integrated grid. Canada and the U.S. work in conjunction to develop best practices and institutions in support of a safe, secure and reliable electricity system. The cross-border partnership has served Canadian and American communities and business for over one hundred years.
Prior to the Northeast blackout of 2003, the North American Electricity Reliability Council (NERC), set voluntary standards for protecting power grids. Following an extensive investigation, the joint U.S.-Canada Power System Outage Task Force recommended that appropriate branches of governments in the United States and Canada make reliability standards mandatory and enforceable.
These standards covered training and tools to prevent blackouts and made it mandatory to keep trees clear of transmission lines, but the rules didn’t address the need for protection against the unknown like in Metcalf.
However, after the Metcalf incident, Critical Infrastructure Protection (CIP) Standards were created for the North American power system. The CIP standards and requirements address the security of perimeters and the protection of critical assets, including training, security management and disaster recovery planning. They embody all utilities that contribute power to critical sections of the national grid and requires them to provide a plan to secure their Tier One and Tier Two assets. The guidelines provide details around what elements may be included within these assets, but still, the directions for protection are rather broad.
With technology integrations on the rise, utility companies should consider taking advantage of the advanced systems at their disposal and create a comprehensive plan. The following security solutions all have integration capabilities that meet CIP requirements and address protection needs.
Perimeter protection, like concrete barriers and metal panels, is typically the first level of protection installation for critical infrastructure. It’s an important security component to help prevent against physical damage that could occur, although it serves an even bigger purpose as the foundation for technology integration. Without having to start from scratch, the existing infrastructure can act as the catalyst for smarter security implementations.
Similar to perimeter protection, lighting is another existing infrastructure that can be connected with future security applications, lighting and non-lighting related. In terms of lighting, advanced features, such as strobes, can be installed and programmed to flash during an intruder situation to disorient trespassers and alert security that someone is approaching the perimeter. Lighting automation is another addition that can be connected with existing lighting systems in place to help illuminate designated areas upon entry.
Thermal and visual camera surveillance
Video surveillance is a traditional security method that plays an important role in ensuring the safety of power grids. Cameras can be placed on top of perimeter protection and lighting fixtures to monitor people and objects around the power grid 24/7.
Along with visual cameras, thermal cameras can outperform typical video surveillance in dark scenes as they’re less sensitive to problems with light conditions, such as shadows, backlight, darkness and camouflaged objects.
To detect threats farther away from the perimeter, drone technology can be stationed on lighting structures where they are charged and protected by their hub. The drones can help identify intruders by using their own lights with voice messaging to alert the appropriate parties. In the event of an attack on the grid or natural disaster, the drone lights and voice messaging can also help guide people in surrounding areas to the safest evacuation routes.
Controlling who has access to the power grid is an essential component of a security plan. A multi-factor authentication can be installed which requires a pin and a card for access. This is an easy way to help control who can access the area, and can also provide a clear log of who was there and when. To further access control capabilities, they can become more powerful when paired with cameras, to assist officials in verifying who was on site should an incident occur.
Radar systems are a cost-effective way to monitor perimeters. They easily integrate into existing security systems, and can be automated with technology, like security cameras, to another level of perimeter protection. Additionally, these robust devices have no moving pieces, so they are easy to maintain.
To help further leverage data collected through the aforementioned applications, organizations can tie in analytics for another layer of security. Utility organizations should look to create Security Operations Command Centers (SOCC) for these pieces of critical infrastructure. Typically, SOCCs are centrally located and enable the staff to supervise the site using data processing technology. Officials can monitor activity from all solutions at once, closely manage access credential administration for employees and contractors and manually let individuals in and out of the perimeter when the need arises.
While these technology integrations can help utility providers address CIP requirements and protect power grids, the technology is only successful if it is installed, maintained and updated regularly and correctly. Enlisting a qualified security partner who can support security efforts on critical infrastructure sites may be the most valuable resource in protecting power grids.
Bill Maginas is area vice-president and GM, Canada, for Johnson Controls (www.johnsoncontrols.com).
This article originally appeared in the June/July 2018 issue of SP&T News.
4th Annual Mission 500 Hockey Classic
February 21, 2019
Security Career Expo
March 7, 2019
Canadian Technical Security Conference
April 2-4, 2019
ICT Canada — Presented by BICSI
April 8-11, 2019
April 10-12, 2019
Security Canada East
April 24, 2019