In the wake of
increased infiltrations and surveillance of the nation’s electrical
infrastructure, Western is proactively assessing the security of its
transmission stations, substations and primary control centers in advance of a
new reliability standard anticipated to take effect this winter.
The North American
Electric Reliability Corporation developed Critical Infrastructure Protection
014 to lessen the overall vulnerability of the bulk electric system, or BES, to
physical attacks. The Federal Energy Regulatory Commission is expected to
approve the new reliability standard soon, making its six requirements
mandatory within 90 days.
“We recognized a need
to identify our current physical security posture in 2013 and began to develop
a holistic approach to physical security assessments and mitigation strategies
that we would apply to all Western’s sites before NERC even began drafting CIP
014,” said Director of Security Keith Cloud.
NERC CIP 014’s six
new requirements essentially boil down to three steps utilities must take:
Identify critical facilities on the BES
Evaluate threats on those facilities
Develop and implement plans to protect critical facilities against those threats
“Our goal is to reduce Western’s overall
physical security risks for all sites based on sound assessment and mitigation
strategies,” said Cloud.
“It is not primarily
our assets I worry about at night,” added Administrator and CEO Mark Gabriel.
“It is the fear that one day, a Western employee will stumble upon some
criminal activity at a site. We need to make sure we are adequately protecting
our critical sites for employees and the reliability of the grid.”
ahead of the game
After NERC drafted
CIP 014, the Office of Security and Emergency Management hired a contractor in
2014 to begin assessing all 300 sites across Western, starting with the sites
covered under CIP 014. The assessments evaluate the current security posture
and identify threats and additional countermeasures that either are required by
Western or Department of Energy policy or recommended by the contractor.
“Western determined several of its
transmission station, substations and primary control centers fell under CIP 014
and completed assessments for those sites and 21 others in 2014,” said
Headquarters’ Physical Security Specialist Jaime Kirchue.
There is not an exact
formula for determining a critical site. All facilities rated at 500-kilovolt
and above automatically fall under CIP 014. The others are determined by
transmission system planners using load studies that then must be confirmed by
a neutral third-party reviewer. Bonneville Power Administration serves as
Western’s reviewer to evaluate both the load studies and the resulting physical
security and remediation plans.
“Once the physical
security risk assessments and remediation plans are reviewed and approved by
Western, the plans are released to the applicable region to either implement
the remediation plan or accept the risk if not implementing certain security
measures,” said Kirchue, who has worked with physical security risk assessments
for the federal government for the past 10 years. “The plans are designed to
allow regional and maintenance managers to make risk-based decisions on what
countermeasures to implement based on their needs and available funding.”
include all physical threats, like natural disasters and criminal activity,
outlines best practices in physical security and provides Western and DOE
security policy. For example, Western’s policy requires that all sites have a 7-foot
fence around the perimeter and door locks.
Retrofitting a site
could cost as much as $500,000 or could cost nothing if the recommendations
focus on personnel practices and administrative procedures, like not tailgating
into a site or removing transmission maps from plain sight. New sites will be
assessed as they are built, removing the need for expensive retrofitting after
Western will assess
75 noncritical sites each year through 2019 to complete initial assessments at
all 300 sites. “These initial assessments will serve as a baseline for the
recurring assessments that we will do to ensure our plans are up to date with
current threat information,” said Kirchue.
CIP 014 mandates a
review period for risk assessments. Western will re-evaluate its critical sites
every 30 months and noncritical sites every 60 months to make sure plans have
the most up-to-date threat information and best countermeasures.
utility an island
OSEM has taken steps
to improve Western’s communication and information sharing when there are
incidents at sites. One of the chief obstacles to effective security response
and awareness in the energy industry is the difficulty utilities have sharing
information with one another and with counterintelligence agencies. The problem
is due both to a lack of communication protocols and appropriate infrastructure
for sharing information and a self-inflicted fear of communicating incidents
because of, ironically, security concerns.
is a vital part of incident reporting. Western has taken steps to communicate
with industry partners on incidents to promote information sharing. We have
recently updated our reporting procedures to identify specific roles and
responsibilities and ensure proper incident notifications to agency
stakeholders, law enforcement, State Fusion Centers and Electricity Sector
Information Sharing and Analysis Center,” said Cloud.
Western is also
participating in Project Power Surge, a collaborative group of Department of
Energy organizations that are trying to standardize the risk assessment
approach for the industry. The initiative’s goal is to develop an all-hazards
process that will cover both cyber and physical security and identify different
levels of security standards for critical and noncritical sites.
“Our primary concern
over physical security is the impact to our staff and others who may be injured
as a result of a physical security incident,” said Cloud. “Western takes the
safety of staff and others very seriously and is taking every attainable
measure to protect our employees from a potential incident.”
What is a critical facility?
NERC defines a critical facility as “one that, if
rendered inoperable or damaged, could have a critical impact on the operation
of the interconnection through instability, uncontrolled separation or
cascading failures on the Bulk Electric System.”