Author: Joe Oliveri, Vice President, General Manager, Security, Johnson Controls’ Building Technologies & Solutions, North America
Published: Fri, Jun 30, 2017
It was just before 1 a.m. on April 16, 2013, when snipers opened fire on an electrical substation in Metcalf, California. After shooting for 19 minutes, they knocked out 17 giant transformers that funnel power to Silicon Valley. The snipers fled the scene prior to police showing up.
To avoid a blackout, electric grid officials rerouted power around the site and asked power plants in Silicon Valley to produce more electricity to accommodate for the loss. It took utility workers 27 days to make repairs and bring the substation back to working order.
The Metcalf incident was a wake-up call to many as it exposed the vulnerabilities of our power grid and critical infrastructure. While many utility organizations have security measures set up to protect anyone who penetrates the perimeter, threats from outside the perimeter hadn’t really been considered.
Many of our power grid’s systems sit out in the open, exposed to numerous threats. They often are in remote locations, protected by little more than cameras and chain-link fences. Transmission substations, like the one in Metcalf, are critical links in the grid. They make it possible for electricity to move long distances, and serve as the hub for intersecting power lines. Therefore, a substation going down can cause serious issues to cities throughout the area it’s located in.
In addition to the headaches this can cause to the utility company and energy consumers, transformers are extremely costly and difficult to replace. There are only a few manufacturers in the world, and each transformer costs around $1 million dollars and can weigh up to 500,000 pounds.
As a result of the Metcalf incident, the Critical Infrastructure Protection (CIP) Standards were created. The CIP plan consists of nine standards and 45 requirements covering various levels of the North American power system, including the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning.
All utilities that contribute power to critical sections of the national grid were required to provide a plan to secure their Tier 1 and Tier 2 assets. Plans were officially due in April of 2015. These plans were to accord with CIP requirements. While the standards do provide a broad level of detail as to what elements may be included to secure these vital assets, the guidelines are very broad in nature. As a result, major public utilities are addressing this challenge in a variety of ways. The greatest challenge is to compose a design for physical security elements that meet or exceed the requirement, in a manner that accords with corporate security processes, with a view to operational efficiencies.
In some respects, this is the classic approach of striking the balance between the amount of money invested, versus level of risk posed by the perceived threat to be mitigated. Since substations vary in location from urban to suburban, and even very remote rural locations, design challenges are pulling on the latest technologies to meet geographical, topographical, communication and notification challenges.
Check back for my next blog post, which will explore best practices for securing this critical infrastructure.