Cybersecurity is arguably the most commonly thought of method to protect our national grid. Cyberattacks are low cost and high impact, can be executed from anywhere and are hard to trace.
Editor's note: This is the first in a three-part series.
Show us a 10-foot fence and we will show you an 11-foot ladder.
For several years the North American Electric Reliability Corporation (NERC) and the Federal Energy Regulatory Commission (FERC) have focused on the security of the national grid from a very cybercentric model. Much of the country's threat data pointed to cyberattacks, and why not? They are relatively low cost and high impact, can be done from anywhere in the world, and generate very little personal risk to the hacker. In light of this, the focus as an industry and nation was on securing the national grid from a cyberattack. Then someone showed up with an 11-foot ladder.
In April 2013 individuals using rifles engaged a substation near San Jose, Calif. The original thought was that this was another case of vandalism. But as the story unfolded it became very evident that this was a planned event at a specifically chosen substation. No power was lost in the surrounding area, but to many in the security industry the specifics of the event pointed to a coordinated, planned attack. In just 19 minutes the shooters knocked out 17 transformers, which took the utility nearly a month to repair. As of this writing, no one has been arrested, no one has claimed responsibility and, luckily, no one was injured. But the event has served to awaken the power and transmission industry to the emerging threats, the risk they pose and vulnerabilities that can be exploited at critical infrastructure sites.
This event was unique and important; however, the media has reported it in overly alarmist tones. The Wall Street Journal reported, "The U.S. could suffer a coast-to-coast blackout if saboteurs knocked out just nine of the country's 55,000 electric-transmission substations on a scorching summer day." This may be feasible to prove through pessimistic system modeling (worst-case day and conditions, with everything going wrong, and a coordinated and expertly executed terrorist attack at the exact right time). But in reality the chances are similar to being hit by a meteor - twice. Realistically, it would take a coordinated, simultaneous attack on hundreds of substations to blacken the entire country.
Not all substations are equal in their value to the grid, or as potential targets. A spider web is a good analogy for the electric transmission grid. Each string of the web represents a transmission line in the grid. The connection points between those strings represent a substation. From the web in Figure 1, you can see that if you cut a 115-kV string, only that string is lost in the web. If you cut a 230-kV string, more of the web is lost. If you cut a 500-kV string, a good portion of the web will fail. Likewise, taking out a single 500-kV/230-kV substation will have a much more drastic effect than a single 230-kV/115-kV substation. If enough 500-kV/230-kV substations are removed, then the entire web will fall.
In light of these events, utilities across the country are significantly increasing spending on physical security improvements at substations. Many utilities are looking at the physical security of these sites from a different perspective, the perspective of terrorism versus that of a copper thief, including threat vectors such as vehicle-borne improvised explosive devices, assets shooting, as well as coordinated assaults to measure the resilience of their stations. The goals are to improve the physical security, avoid negatively affecting the operational tempo of the organization, and keeping costs under control. These goals are accomplished by understanding the threats, the risks they pose and the potential vulnerabilities that can be exploited to generate desired consequences.
The consequences from shutting down a power plant are much less likely to have a cascading effect than the loss of a critical substation. Nonetheless, the need for reliable power plant operations exist and these entities can benefit from understanding the attack on PG&E Corp.'s Metcalf Transmission Substation and the threats their stations face.
As a direct result of the Metcalf attack, NERC proposed a new regulation, Physical Security Standard CIP-014. This will be discussed in detail in part 2 of this series in the December 2014 issue of TechBriefs.
About the Authors
Robynn Andracsek, PE, is an associate environmental engineer in the Burns & McDonnell Environmental Studies & Permitting Group. She specializes in air quality regulations.
R.J. Hope, CPP, ABCP, is a security consultant in the Global Security Service Group at Burns & McDonnell. He is a certified protection professional, an associate business continuity planner and holds multiple additional security certifications.