The electric energy grid is an essential lifeline in today’s society. So why is physical security for grid infrastructure, especially substations and the components within, often considered a less important item on the To Do list? Perhaps it’s because attacks on grid components are rare, though not unlikely. Or perhaps it’s because upgrading physical security is thought to be too expensive.
Contrary to this belief, securing the electric energy grid can be completed in a cost effective manner when vulnerabilities are assessed and risk tolerance is quantified. This article outlines practical methods to do so.
Power Outage Vulnerability by Customer
Physical security expenditures must consider the consequences of a lengthy power outage on customers. Table 1 illustrates various customers’ vulnerability to power outages of varying lengths. The vulnerability level of each category is driven by a variety of expectations, including lost revenue, health hazards, and environmental consequences. Most customers are willing to accept infrequent or occasional power outages. After all, they lose power when storms occur. No customer is willing to accept a power outage that persists for days.
Category 1 – Highest vulnerability. This category includes hospitals, police stations, sewage treatment plants, and water treatment plants.
Category 2 – High vulnerability. This category includes high rise office buildings, amusement parks, and grocery stores.
Category 3 – Moderate vulnerability. This category includes industrial parks, shopping malls, high rise apartments and condos.
Category 4 – Some vulnerability. This category primarily consists of residential neighborhoods.
Risk Tolerance by Threat Actor Type
Risk tolerance is a function of criticality. Regional substations require strong physical security. Neighborhood substations require less physical security. The amount and type of physical security measures must be specified by transmission system planners who understand the consequences of threat actor attacks.
In addition, threat actor type contributes to risk tolerance. Prescient has identified three types of threat actors: Truculent, Malicious, and Exploitive.
Truculent - individuals or groups who aggressively compromise electric facilities to create civil unrest to achieve their goals.
Malicious - individuals or groups who desire revenge and compromise electric facilities to punish electric utilities.
Exploitive - individuals or groups who exploit weaknesses.
All threat actors will surveil facilities, hide in the shadows, and continue compromising electric facilities until they are apprehended. Truculent threat actors will develop action plans that have a high likelihood of success. Malicious threat actors will act impulsively. Exploiters are opportunistic. Table 2 illustrates a method of quantifying risk tolerance as a function of the motivation of threat actors.
No – No risk tolerance. Highest levels of physical security are essential.
Low – Low risk tolerance. High levels of physical security are necessary.
Moderate – Some risk tolerance. Moderate physical security is important.
Sufficient – Acceptable risk tolerance. Base-level physical security is important.
Improve Grid Physical Security Measures
Most substations and power lines in today’s electric energy grid are soft targets for threat actors. They are visible, unmanned, and located in remote areas. Fences can be breached in less than a minute. Components can be damaged beyond repair in ten minutes. Exterior physical security, while necessary, can’t compensate for facilities that are soft targets.
Historically, the primary security measure was a chain link fence with razor wire between the public zone and the controlled zone at substations. Today, substation security zones include the public zone, company owned zone, critical zone, and secure zone, as illustrated in Figure 1. Physical security at critical regional substations has been upgraded to include high security fences, cameras, motion detection, and key card access.
Figure 1 shows substation security zones.
Physical security measures for neighborhood and regional substations must be enhanced so that all substations are hardened against threat actors. Recommended physical security improvements are listed in Table 3. Levels of security and cost to implement are adjusted based on the substation criticality – Neighborhood, Critical Neighborhood, Regional, and Critical Regional.
The Path to Secure Facilities
Once vulnerability and risk tolerance have been assessed, the path to creating secure electric grid facilities is straightforward. Initially, electric utilities must recognize that security enforcement officers need time to react. At the same time, the security team must develop design base threat scenarios.
Electric utilities must construct less visible facilities and specify components that can withstand motivated threat actors. Requiring physical separation of redundant components and hardening of difficult-to-replace components are essential steps. Finally, electric utilities must conduct intrusion drills to verify that security response time is adequate for design base threats.
To learn more details about these steps, check out 10 Steps to Create Stronger, Cost Effective Substation Physical Security.
Interested in having your system’s vulnerability and risk tolerance professionally assessed? Prescient offers Power System Physical Security Analysis as one of our many services. Our expert staff will evaluate your current physical security practices and provide a report outlining the level of risk at your grid components. Contact us for a free, in depth whitepaper or consultation.