​By Kevon Storie 

Grid security represents a significant challenge, not only for the electricity industry in general, but also for the installations charged with protecting our nation.

As a federal power marketing administration and wholesale power provider, WAPA is subject to  mandatory regulatory requirements for both cybersecurity and physical security. With other members of the electric sector, WAPA engages with the Departments of Energy and Homeland Security, electric utilities and other federal agencies to share appropriate information and develop strategies for critical infrastructure protection. WAPA participates in Electricity Subsector Coordinating Council meetings as well as other industry groups with a focus on improving, mitigating and staying ahead of cybersecurity and physical security risks.

“These collaborative activities further WAPA’s commitment to sharing threat and vulnerability information across the industry,” said Acting Senior Vice President and Sierra Nevada Regional Manager Dawn Roth Lindell. 

Studying gaps, preparing for challenges 

The Office of Security and Emergency Management completed a number of actions and initiatives to improve security and resiliency of the bulk electric grid in 11 states and at unmanned and manned facilities in 15 states. About 74 all-hazard physical security risk assessments were completed in 2017 to determine weaknesses and gaps at critical electric facilities, particularly substations. Based on deficiencies in the assessments, OSEM created about 80 remediation plans and implemented 366 individual actions.

WAPA began these assessments in 2014 and between then and April 2018 has completed more than 270 security assessments, resulting in 225 completed remediation plans and the procurement of five mobile surveillance trailers that can be rapidly deployed to monitor facilities.

WAPA also awarded a five-year security contract to assist with installing physical security enhancements at critical energy infrastructure sites.

At the manned facilities, WAPA conducted live and tabletop active shooter exercises to prepare employees and leadership for the physical, mental and emotional challenges these situations create.

WAPA also participated in a national industry-led exercise called GridEx, involving more than 200 utilities, regulatory agencies, law enforcement and other entities. GridEx tests participating organizations’ incident command system, emergency operations centers and continuity of operations plans during multiple coordinated cyber and physical attacks against the electric grid and manned facilities operating the grid.

Roth Lindell noted that the tests give WAPA the opportunity to strengthen valuable relationships with other federal agencies, customers and industry groups and gain greater understanding of partners’ needs.

Building internal capabilities

In the cybersecurity realm, WAPA resolved 99.6 percent of incidents and reports within three days in 2017 and did not experience a single significant cyber event. The goal for 2018 is to resolve 90 percent of cybersecurity incidents and reports within two days.

Aggressive education and training programs continue to strengthen employees’ ability to recognize and defend against phishing, the primary technique used by hackers to access secure systems. The Cyber Security office proactively designs homegrown phishing attacks to challenge employees’ knowledge and understanding of these threats.

WAPA’s asset management system has matured over the past several years to help WAPA identify investment and risk mitigation strategies based on the health and criticality of specific transmission assets. The asset management strategy allows WAPA, in coordination with customers, to make risk-informed decisions for 10-year capital investment plans that will result in a resilient, reliable and sustainable grid of the future.

WAPA also implemented the lifecycle strategy for information technology assets in 2017 to ensure funding is available to replace and upgrade outdated equipment. By keeping pace with changes in technology, WAPA will also keep pace with changing security requirements and fixes.

Ensuring reliability for military installations

One key factor of resiliency is redundancy in the power system. Redundancy allows for continued operations even if certain elements are taken out of service. WAPA has embarked on a number of public-private partnerships to improve redundancy, and by extension resiliency, in the Southwest U.S. and in northern California transmission systems. 

Recovery is also a key component of resilience, and WAPA must be prepared to restore normal business operations in the event of a worst-case scenario. In 2017, WAPA developed a transformer sparing strategy to expediently replace equipment that experiences catastrophic failures due to a widespread natural disaster or attack.

WAPA is responsible for long-term power contracts and power delivery for more than 30 military installations and national laboratories in its entire 15-state power marketing territory. This at-cost, reliable power ensures the critical missions at these installations can continue without interruption or concern over their power supply. WAPA is in regular contact with these critical customers to ensure their power needs are met in a cost-effective and efficient manner.

“Reliable electrical service is essential to these installations being able to perform their mission,” said Roth Lindell. “Continuing to improve the grid’s ability to recover from disturbance is in everyone’s interest.”

Note: Storie is a technical writer who works under the Wyandotte Services contract.

Last modified on October 3rd, 2023