Protecting the Bulk Power System a Connection at a Time

Electricity is essential to modern living.  Without it, we wouldn’t have easy access to our money, we would be unable to communicate quickly across long distances, and there would be no Internet, water treatment, or fuel for transportation. Healthcare would be primitive. Highrise buildings would empty without elevators and air handling to make them livable.

The modern economy wouldn’t work, and unemployment would rise sharply. Because of its primacy, electricity is also the most heavily regulated of all the critical infrastructure sectors. 

The North American power grid is a network of networks that encompasses power generation, transmission to communities, and distribution to commercial and residential customers. Referred to within the industry as the Bulk Power System, it is overseen by an Electric Reliability Organization (ERO) called the North American Electric Reliability Corporation (NERC). 

Subject to oversight by the U.S. Federal Energy Regulatory Commission and Natural Resources Canada, NERC helps to protect the safe and reliable supply of electricity through development and enforcement of standards and sharing of threat information through the Electricity Information Sharing and Analysis Center (E-ISAC).

The day-to-day work of protecting the grid starts with the asset owners and operators. In cyberspace, state-sponsored actors and criminal hackers attack the grid literally millions of times per year. Monitoring, preventing, and responding to this onslaught is an around-the-clock responsibility.

While the attack tempo is not as high as in the cyber world, the consequence of failure can be immediately fatal.

In the physical world, the distribution networks in communities are often targeted by thieves, looking for copper to sell to recyclers, or tools and equipment. Prevention of this criminal activity requires the full range of physical security skills: threat and vulnerability assessments, security measures planning, security operations management, law enforcement coordination, response planning, and working with other utilities, trade associations, and government. 

While the attack tempo is not as high as in the cyber world, the consequence of failure can be immediately fatal. Copper theft from transmission and distribution substations is an extraordinarily dangerous activity and the prevention of its theft is seen as a safety priority for that reason. The victims are usually the thieves but may also include utility workers who are unaware that the equipment they are working on my have had its grounding cables removed. Innocent bystanders can also be affected.

The E-ISAC Physical Security Team collects statistics on incidents and sorts them by type, severity, and impact to the grid. There are well more than 1,000 physical security incidents reported to the E-ISAC each year, and they include theft, vandalism, sabotage, intrusion, surveillance, suspicious activity, ballistic damage, and threats. Of the sites targeted, the most popular target remains substations and the most common activity is theft—usually of copper cable used in equipment grounding or electricity supply.

Information on cyber and physical threats to the North American grid is shared widely within the electricity sector community. Organizations involved (other than the asset owner/operators and NERC) include trade associations, such as the Canadian Electricity Association's Security & Infrastructure Protection Committee, the Edison Electric Institute, the CEO-level Electricity Sector Coordinating Council, law enforcement and intelligence organizations like the Royal Canadian Mounted Police's Critical Infrastructure Team, the FBI's INFRAGARD, the Canadian Centre for Cyber Security, state and provincial law enforcement agencies, ASIS International's Utilities Security Community, and many more.

Both cyber and physical security follow the same three-part strategy: 1) Harden the security posture through technology and policies; 2) Increase security awareness for all employees, contractors, and visitors so they can participate in protecting the grid; and 3) Transition from reactive to proactive through the sharing of threat information and best practices, development of response plans, and coordination with organizations you may need to rely on in an emergency.

Emerging technologies play a role in the protection of the grid. Cybersecurity tactics, tools, and techniques are improving every day, and the success of the cybersecurity effort reflects this. In the physical world, better information sharing and substation security is reducing the success of intruder's efforts.

Sound risk management practices ensure that successful security measures are applied to the most important stations first. This has the effect of pushing crime down to the smaller substations where the consequence of an attack will be less severe from a grid and community perspective. The power may still go out, but it will have an impact on fewer people. As sensors improve in capability and come down in price, this technology will be pushed down to the smaller substations as well, reducing even more the impact of crime on the community.

In substations, technology which can detect and classify an intrusion swiftly is key. The aim is to reduce the amount of time between detection of an intruder and the initiation of a response.  Sensors which can categorize movement as human versus animal or tree branch and provide a clear enough image for the operator to assess an intruder's intentions will give the operator options. If the intruder is not yet into the substation, then a verbal warning from the security operator and flashing lights will usually be enough to deter the attack. If the intruder is inside the substation, then the police are called immediately. Either way, sensor data is stored for use in prosecution, security measures development, and training.

Organizations everywhere are cutting costs, and security departments are not spared from this pressure. Our greatest cost is people. Improvements in security technology are allowing us to cover more assets more effectively with the same number of people, which delivers effective service to our organizations at a reasonable cost. The one great certainty in the electricity sector is that the demand for electricity will continue to increase, and along with it, the need for cost-effective and capable security technology.

Ross Johnson, CPP, is the president of Bridgehead Security Consulting, Inc. Prior to Bridgehead Security, Johnson worked in a variety of security-related positions. He served in the Canadian Forces as an infantry and intelligence officer for 24 years. Since leaving the service in 2001, Johnson has been employed in several security-related leadership positions in aviation security, the offshore oil industry, and the electricity sector. Johnson is a strategic advisor for infrastructure advisor for Awz Ventures, a North American hub for cybersecurity, intelligence and physical security technologies and solutions from Israel. He is also a security consultant to the Canadian Electricity Association. Johnson is currently the co-chair of the NERC Electricity Information Sharing and Analysis Center’s Physical Security Advisory Group (PSAG). The PSAG consists of a group of subject matter experts who support the E-ISAC in advising electricity industry participants and governmental agencies on threat mitigation strategies, incident prevention and response, training, emerging security technologies, and other relevant topics to enhance electricity industry physical security and reliability. He is also the author of Antiterrorism Planning and Threat Response, a book on the prevention of terrorist attacks.