Author: Joe Oliveri, Vice President, General Manager, Security, Johnson Controls’ Building Technologies & Solutions, North America
Published: Thu, Jul 20, 2017
Before moving forward with this post, please read my most recent blog post, which provides background on the Critical Infrastructure Protection (CIP) standards and why we need them.
For background, on April 16, 2013 snipers opened fire on an electrical substation in Metcalf, California. After 19 minutes of shooting, they knocked out 17 giant transformers, and caused serious headaches as officials worked for 27 days to get the substation back to working order.
This was a wake-up call to the industry. Many utility organizations had security measures set up to protect should someone penetrate the perimeter, but threats from outside hadn’t been considered.
Utility engineering and project management teams that are already deep into the process of remediation are exploring technological and operational means of implementing solutions more rapidly. The combined factors of working in high voltage areas, coupled with the layers of site design and construction amid equipment upgrades and high security implementation, are stretching the boundaries of even the most adept and coordinated teams. Thus, they are struggling to deploy rapidly and meet CIP deadlines.
Advancing technologies, templating of best practices and refined program management, can all contribute to continuous improvement. Because utility providers are a tight knit group, they are all seeking to piggyback on what each has learned, but the nuances of each organization’s challenges leave each to carve their own unique path. This maximizes the need for uniquely qualified partners in every area.
At Johnson Controls we believe utility companies should take a layered approach to securing their critical infrastructure. We’ve encouraged our customers to think beyond someone penetrating the perimeter, and have helped to identify several types of technology that work together to provide a comprehensive solution. Every organization’s situation is unique depending on the setting and vulnerabilities identified, and a tailored solution is essential. Below are some areas to consider.
Intrusion protection is a serious component to work into a security solution. Advancements in fencing have been made to avoid situations like the one that happened in Metcalf. Fences have transitioned from your standard chain-link to metal panels, and now, fences for areas like this typically consist of 12 feet high concrete barriers, similar to what you see on the highway.
Another item to consider are thermal cameras, which outperform a visual camera in dark scenes and are a great tool for detecting people and objects in 24/7 surveillance. These cameras are less sensitive to problems with light conditions, such as shadows, backlight, darkness and camouflaged objects. By coupling these with analytics, organizations have another layer of proof.
Finally, lighting should be considered from an intrusion protection perspective. In addition to ensuring the area is clearly lit, new technology can strobe to disorient or get the attention of someone approaching the perimeter. Depending on how populated the area is, automation can be added, and the lights can be triggered once someone enters the designated area.
Controlling who has access to the area is another essential component. Multi-factor authentication – such as requiring a card and pin for access -- is an easy way to ensure only designated individuals can access the area, and they provide a clear log of who was there and when. By coupling this with awareness cameras, organizations can verify who was on site should an incident occur.
Utility organizations should look to create Security Operations Command Centers (SOCC) for these pieces of critical infrastructure. These SOCCs are typically in a central location and enable the staff to supervise the site using data processing technology. Officials can monitor activity from all solutions at once, closely manage access credential administration for employees and contractors and manually let individuals in and out of the perimeter when the need arises.
Everyday burgeoning technologies come to market. By partnering with a company like Johnson Controls, organizations can rest assured that their partner is always keeping an eye out for a way to incorporate new technologies to help improve processes. For some a ground-based radar solution may make sense for their substations. Radar systems are a cost-effective way to monitor perimeters. They easily integrate into existing security systems, and can be automated with technology, like security cameras, to provide complete perimeter protection. Additionally, these devices have no moving pieces, so they are easy to maintain and are robust.
Others may consider seismic detectors, which monitor the vibration and temperature of the protected surface and can detect all known types of intruder attacks, such as sledge hammers, diamond head drills, explosives, hydraulic pressure tools and thermal tools.
Finally, there are also shot detection solutions that should be considered. These solutions identify the sound of a shot and alert the appropriate officials while automating necessary security technologies. They provide an extra layer of proof should an organization not have staff at the facility.
There are a lot of sophisticated solutions on the market, but it’s important to have a qualified partner who can optimize these and help build a robust, tailored security plan for critical infrastructure. At Johnson Controls we are well versed on CIP and have helped numerous organizations navigate the waters towards compliance.