Substation physical security back on the front burner

Physical security for electrical substations has acquired new urgency and requires fresh thinking.


In the past, fences and locked doors prevented unauthorized access to power grid substations as much for public safety as physical security. This strategy worked to ensure that simple mischief didn’t end badly in a high-voltage environment.

In a world with heightened concerns about terrorism and, thus, cyber security, and in tough economic times when the theft of valuable materials is more frequent, physical security for electrical substations has acquired new urgency and requires fresh thinking.

First, let’s consider theft, probably the more frequent and ubiquitous challenge. The high price of copper and steel have created a significant issue for the protection of substations, which incorporate substantial amounts of both materials. Theft of the copper ground wire, for instance, compromises the integrity of the substation, creates a safety hazard for thief, public and utility workers alike and incurs significant costs.

On the cyber security side, the old adage has it that presented with electronics and time, a hacker will prevail.

The consulting engineer needs to be aware that in this environment, physical security will need to be more sophisticated than in the past. Fences and locked doors may need to incorporate more robust designs and strategies and be augmented by closed-circuit video monitoring, intrusion detection devices, tampering alarms, and the like. Obviously, those remote devices communicate back to security personnel, effectively marrying physical security to cyber security.

Positive identification and electronic access control, governed by IEEE Standard P1402, currently under revision, is now the established, minimum requirement for security at power substations. It describes the requirements for positive access control, monitoring of facilities, and delay/deter features. Formerly, IEEE P1402 was a “guideline” but, due to increased intrusion, theft, and the threat of terrorism, it is being upgraded to a standard. According to this standard, the degree of monitoring and access control must be designed to match the nature of the threat.

It should come as no surprise that the convergence of physical and cyber security means that IEEE Standard P1402 also is referenced in cyber security requirements. In fact, virtually all cyber security standards reference physical security.

Cyber security systems govern communications, access to intelligent electronic devices (IEDs) and to human machine interfaces (HMIs). Security depends on the timely detection of malevolent activity. If unmonitored access is allowed at a substation, the cyber hacker’s threat to the grid’s integrity increases by the minute.

Finally, not only must the engineer design physical security features into the substation, just as importantly, they must address security during the construction phase when valuable materials are vulnerable. In this regard, a traditional notion had it that one could achieve “security via obscurity”–that is, that a substation and/or its construction site were most vulnerable near population centers and safer if they were in the proverbial boondocks.

No longer. While a substation may be seldom seen, an obscure location also gives cover to determined perpetrators.

In physical and cyber security terms, that means keeping up your guard. Vulnerable attack vectors may be inadvertently created by fuzzy thinking about the apparent obscurity of a substation location, when that is precisely the sort of location that a terrorist or thief would choose to exploit.  

Sam Sciacca is an active senior member in the IEEE and the International Electrotechnical Commission (IEC) in the area of utility automation. He has more than 25 years of experience in the domestic and international electrical utility industries. Sciacca serves as the chair of two IEEE working groups that focus on cyber security for electric utilities: the Substations Working Group C1 (P1686) and the Power System Relay Committee Working Group H13 (PC37.240). Sciacca also is president of SCS Consulting. 

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Choosing controllers: PLCs, PACs, IPCs, DCS? What's best for your application?; Wireless trends; Design, integration; Manufacturing Day; Product Exclusive
Variable speed drives: Smooth, efficient, electrically quite motion control; Process control upgrades; Mobile intelligence; Product finalists: Vote now; Product Exclusives
Machine design tips: Pneumatic or electric; Software upgrades; Ethernet advantages; Additive manufacturing; Engineering Leaders; Product exclusives: PLC, HMI, IO
This article collection contains the 5 most referenced articles on improving the use of PID.
Learn how Industry 4.0 adds supply chain efficiency, optimizes pricing, improves quality, and more.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security