Substation physical security back on the front burner

Physical security for electrical substations has acquired new urgency and requires fresh thinking.

10/23/2012


In the past, fences and locked doors prevented unauthorized access to power grid substations as much for public safety as physical security. This strategy worked to ensure that simple mischief didn’t end badly in a high-voltage environment.

In a world with heightened concerns about terrorism and, thus, cyber security, and in tough economic times when the theft of valuable materials is more frequent, physical security for electrical substations has acquired new urgency and requires fresh thinking.

First, let’s consider theft, probably the more frequent and ubiquitous challenge. The high price of copper and steel have created a significant issue for the protection of substations, which incorporate substantial amounts of both materials. Theft of the copper ground wire, for instance, compromises the integrity of the substation, creates a safety hazard for thief, public and utility workers alike and incurs significant costs.

On the cyber security side, the old adage has it that presented with electronics and time, a hacker will prevail.

The consulting engineer needs to be aware that in this environment, physical security will need to be more sophisticated than in the past. Fences and locked doors may need to incorporate more robust designs and strategies and be augmented by closed-circuit video monitoring, intrusion detection devices, tampering alarms, and the like. Obviously, those remote devices communicate back to security personnel, effectively marrying physical security to cyber security.

Positive identification and electronic access control, governed by IEEE Standard P1402, currently under revision, is now the established, minimum requirement for security at power substations. It describes the requirements for positive access control, monitoring of facilities, and delay/deter features. Formerly, IEEE P1402 was a “guideline” but, due to increased intrusion, theft, and the threat of terrorism, it is being upgraded to a standard. According to this standard, the degree of monitoring and access control must be designed to match the nature of the threat.

It should come as no surprise that the convergence of physical and cyber security means that IEEE Standard P1402 also is referenced in cyber security requirements. In fact, virtually all cyber security standards reference physical security.

Cyber security systems govern communications, access to intelligent electronic devices (IEDs) and to human machine interfaces (HMIs). Security depends on the timely detection of malevolent activity. If unmonitored access is allowed at a substation, the cyber hacker’s threat to the grid’s integrity increases by the minute.

Finally, not only must the engineer design physical security features into the substation, just as importantly, they must address security during the construction phase when valuable materials are vulnerable. In this regard, a traditional notion had it that one could achieve “security via obscurity”–that is, that a substation and/or its construction site were most vulnerable near population centers and safer if they were in the proverbial boondocks.

No longer. While a substation may be seldom seen, an obscure location also gives cover to determined perpetrators.

In physical and cyber security terms, that means keeping up your guard. Vulnerable attack vectors may be inadvertently created by fuzzy thinking about the apparent obscurity of a substation location, when that is precisely the sort of location that a terrorist or thief would choose to exploit.  


Sam Sciacca is an active senior member in the IEEE and the International Electrotechnical Commission (IEC) in the area of utility automation. He has more than 25 years of experience in the domestic and international electrical utility industries. Sciacca serves as the chair of two IEEE working groups that focus on cyber security for electric utilities: the Substations Working Group C1 (P1686) and the Power System Relay Committee Working Group H13 (PC37.240). Sciacca also is president of SCS Consulting. 



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Learn how to create value with re-use; gain productivity with lean automation and connectivity, and optimize panel design and construction.
Go deep: Automation tackles offshore oil challenges; Ethernet advice; Wireless robotics; Product exclusives; Digital edition exclusives
Lost in the gray scale? How to get effective HMIs; Best practices: Integrate old and new wireless systems; Smart software, networks; Service provider certifications
Fixing PID: Part 2: Tweaking controller strategy; Machine safety networks; Salary survey and career advice; Smart I/O architecture; Product exclusives
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Look at the basics of industrial wireless technologies, wireless concepts, wireless standards, and wireless best practices with Daniel E. Capano of Diversified Technical Services Inc.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.