New NERC rules govern emerging physical threats in the wake of 2013 event in California.
Not long ago, when people discussed risks to substation security, they mostly meant the cyber variety.
But an event in April 2013 at Pacific Gas & Electric's Metcalf Substation near San Jose, Calif., changed the conversation. In less than 20 minutes, people with firearms did substantive damage to the 17 transformers and other substation equipment delivering power to Silicon Valley, setting in motion an industrywide examination of physical security at the nation's 55,000 electric transmission substations. During the incident, system operators were alerted and shut down the substation, rerouting power and preventing loss of supply to customers.
"The attention for electrical grid protection has always focused on robust requirements for cybersecurity," says Keegan Odle, Burns & McDonnell project manager. "That's because industry professionals have long believed the primary threat to the electric grid was from someone with a computer who could hack into the controls of the system.
"The attention has now shifted to include potential physical vulnerabilities," Odle says.
To maintain a stable and reliable supply of electricity, the grid has been designed so that the power lines of any given supply source are interconnected with those of other sources. If one line has a problem, power can be rerouted from elsewhere while the damaged line is repaired. Transmission substations play an important role in this process, connecting these lines and converting transmission voltages.
"We are a ‘plug-in' nation dependent on an unwavering power supply," Odle says. "Electricity is not a convenience, it's a necessity."
Given that importance to the nation's operation and the size of the potential threat, the Federal Energy Regulatory Commission (FERC) in March gave its standards board, the North American Electric Reliability Corp. (NERC), 90 days to develop new physical security standards for substations. From the FERC order, NERC has produced draft standard CIP-014-1 addressing physical security. The draft was adopted by the NERC Board of Trustees on May 13 and was filed with FERC on May 23.
Rethinking Substation Design
"Whatever the final standards turn out to be, the next step will require utilities to retain third-party security professionals to complete a full risk assessment that evaluates the vulnerability of their critical facilities," says Shaun Tweed, regional practice manager for Burns & McDonnell in Richmond, Va.
The assessment will be followed, when necessary, with the development and implementation of security plans that harden the perimeter and protect these facilities against physical attacks.
Until now, the physical security at most substations has consisted primarily of chain-link fences topped with barbed wire. "The fences are designed to deter against theft and to protect the public from the dangers inside the substation, rather than to protect a substation itself from physical attack," Tweed says. The new focus on physical security could have wide-ranging implications on substation design.
"Historically, substation designs were based on space and functionality," says R.J. Hope, manager of Global Security Services for Burns & McDonnell. "They will now focus on enhancing physical security."
That includes blocking the public's line of sight to critical assets and increasing capabilities for detecting, assessing and responding to threats.
Solutions for Compliance
"While it is impossible to reduce the risk to zero, there are things that can obscure or shift attention away from a facility's critical assets," Hope says. Those changes vary from one substation to the next. "Security is not a one-size-fits-all proposition. That approach is expensive and the least functional."
Because of their size or location, in fact, most existing substations may require few, if any, changes to comply with the new standards. Only a small number of critical facilities are expected to require substantial upgrades.
And at least some of those utilities aren't waiting for the final standard to get started, Tweed says. "There are utilities that have developed their own extremely robust security programs that are expected to go over and above whatever standards NERC introduces," he says. "They'd rather be safe than sorry."