Physical Security Threats and the U.S. Power Grid

Recently, physical security of the electrical power grid was thrust into the national limelight largely due to news media reports about the April 16, 2013 sniper attack on Pacific Gas & Electric’s Metcalf Substation in San Jose, California. This well-orchestrated, strategic attack, which included disabling of telecommunications prior to shots being fired, lasted nearly 20 minutes with the last shots being fired 12 seconds after law enforcement arrived. The result of the attack is estimated to be $16 million in damages and a substation rendered inoperative for 27 days. No group has taken credit for this attack and law enforcement has very few leads. This event, coupled with former Federal Energy Regulatory Commission (FERC) Chairman Jon Wellinghoff’s comments about the event being considered domestic terrorism, caught the attention of lawmakers. On March 12, 2014, the Wall Street Journal published an article by energy reporter Rebecca Smith highlighting the risk to the U.S. power grid if only nine of the country’s 55,000 electric substations were to be knocked out by terrorists during a hot summer.1

While these recent events have played heavily into the FERC Order RD14-6-000, Directing Filing of Standards (issued March 7, 2014), to the North American Electric Reliability Corporation (NERC), these were only the most visible and highly publicized. The Wall Street Journal reported that there were 274 significant instances of vandalism or deliberate damage to electric infrastructure in the last 3 years. Most of the events were mainly linked to metal thieves; however, disgruntled employees and hunters also contributed to these incidents.

More notable events include the deliberate attacks of suspect Jason Woodring on Entergy and First Electric Cooperative in Arkansas. Woodring was indicted by a Federal Grand Jury on November 6, 2013 for his alleged attacks. From August to October of 2013, Woodring systematically sabotaged transmission and distribution facilities owned by Entergy and First Electric Cooperative. While these events, allegedly carried out by Woodring, are well known and reported on by the media, there have been many more attacks that the industry is unaware of. These attacks typically have occurred on the oil and gas pipelines and because they are outside of the electric industry, they are not as widely known or highly publicized. The targeting of this critical infrastructure is meant to cause not only physical damage and disrupt economic commerce, but to make political statements.

With all this attention placed on physical security by lawmakers and regulatory agencies, what exactly does physical security mean and what does it entail?
Physical security is concerned with physical measures designed to safeguard personnel; to prevent unauthorized access to equipment, installations, material, and documents; and to safeguard them against espionage, sabotage, damage, and theft.2 In a nutshell, physical security describes measures to prevent or deter physical attacks and how to design facilities to be resilient or resistant to attack.

With mounting pressure for lawmakers, the FERC mandated NERC develop a mandatory and enforceable physical security reliability standard, CIP-014 (Standard), for the protection of critical facilities. In Docket No. RD14-6-000, FERC laid out the basic premise of the standard. It requires a three step process to physical security which consists of the following:

1. Perform a risk assessment of their system to identify facilities that, if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation, or cascading failures of the Bulk-Power System;
2. Critical facilities must evaluate potential threats and vulnerabilities to those facilities; and
3. Develop and implement a security plan to address potential threats and vulnerabilities.

Additionally, FERC ordered NERC to develop a procedure for keeping this information confidential while allowing those entities who require access and appropriate oversight to ensure compliance.
NERC has 90 days from posting in the Federal Register to develop and submit the proposed Standard to the FERC. In order to meet the quick deadline, the Standard Drafting Team (SDT) requested and was granted a waiver of certain provisions of the Standard development process, specifically a reduction in the comment and balloting period. In addition, the SDT held a technical conference in Atlanta on April 1, 2014 to get industry input. The SDT applied this input in development of the Standard throughout the remainder of the week. Additional steps taken by the SDT to ensure timely development of the Standard include:

1. Specific focus on items in the order itself;
2. Utilize existing documentation or standards as an initial screening criteria; and
3. Synergies in process (such as combination meeting and drafting team development).

The SDT developed a draft Standard in advance of the April 1, 2014 meeting. The main items addressed in the draft Standard include:

1. Bright line criteria for what elements need to be evaluated
2. Requirement to perform, at least every 30 months, a risk assessment of its transmission substations, through a transmission planning analysis, to identify:
3. Require a Transmission Owner to notify a Transmission Operator of a Control Center that has been determined to operationally control a substation that has been deemed critical that is not operated by the Transmission Owner
4. Require a 3rd party verification of the risk assessment performed
5. Require any identified substation and/or Control Center to be evaluated for potential physical threats and vulnerabilities
6. Develop and implement a physical security plan for identified assets
7. The physical security plan must have an independent 3rd party review
8. Implementation of procedures to protect sensitive and confidential information is required as well

While it is impossible to predict the exact content of the Reliability Standard, it is very clear entities will need to assess their Facilities to determine if they qualify as a critical facility. Items utilized in the determination of the criticality of the Facilities include: instability, uncontrolled separation, and cascading failures that have critical impact on the operation of the interconnection. If criticality is determined, development of a physical security plan to defend against threats of attacks, actual attacks, and vulnerabilities is required.

Most electric utilities have performed Risk Based Assessments (RBAs), as part of NERC Reliability Standard CIP-002, that take into account items utilized in the determination of critical facilities including stability and power flow. For utilities that have undergone these types of assessments, they should now consider refreshing the results of those assessments as part of an evaluation process to determine physical security criticality. If a physical security criticality is determined, the electric utility should pursue additional studies that may also include Protection System coordination efforts.

While the FERC does not foresee a large number of entities’ facilities falling into the critical facility classification, it is still prudent to evaluate your facilities’ vulnerabilities to attacks and develop a physical security plan as part of best practices and enhanced reliability for the retail customers the utility serves.

References:

1. Smith, R. (2014, March 12). U.S. Risks National Blackout From Small-Scale Attack, Federal Analysis Says Sabotage of Nine Key Substations is Sufficient for Broad Outage. The Wall Street Journal. Retrieved from https://online.wsj.com
2. Department of Defense Dictionary of Military and Associated Terms. Joint Publication 1-02, 8 November 2010 (As Amended Through 15 March 2014), p. 205.’

For more information or to comment on this article, please contact:
John Pasierb, Senior Project Manager | CONTACT
GDS Associates, Inc. – Marietta, GA
770.799.2380
About the Author
John Pasierb is a Senior Project Manager with GDS Associates. Mr. Pasierb has extensive experience in access control, security monitoring, operations security, perimeter security, risk assessments, and security surveys. He is a certified law enforcement officer with 14 years law enforcement experience. Mr. Pasierb has attended law enforcement classes on terrorism and homegrown threats.