perimeter security for electric utility...
TRANSCRIPT
![Page 1: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/1.jpg)
Perimeter Security for Electric Utility Substations
Jim MillerNovember 16, 2011© 2011 NiSource Corporation
![Page 2: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/2.jpg)
Copper Theft
• Copper near historic highs• Driven by BRIC demand &
currency risk• High prices = many places
to sell scrap• Stealing infrastructure
![Page 3: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/3.jpg)
At these prices it is hard to keep the honest people honest…
![Page 4: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/4.jpg)
• Quickly converted to cash• Closely tied to drug usage (meth)• Enough cash for a quick fix• Extremely dangerous
– Thieves– Utility Personnel
Copper Theft
![Page 5: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/5.jpg)
Identified Four Types of Theft
– Drug Motivated – Looking for enough $ for next fix• Copper ground wires removed• Smash and grab type incidents
– Commodity Theft – Larger, more daring thefts• Cable from Roxana breakers• Multiple reels of cable from substations or LOA
– Opportunity – Workers leaving copper unsecured• Thefts from new subdivisions, copper left near roadway• Clean-up substations, remove construction debris• Prevent or limit employee parking inside substations
– Internal – Theft of material by employees
![Page 6: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/6.jpg)
Copper Theft
• 138kv breaker shorted (138,000 volts!!!)
• Explosion drove ceramic into steel!
• Direct Cost - $250k• Indirect - > $2m
![Page 7: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/7.jpg)
![Page 8: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/8.jpg)
Electric Substations
• NERC Critical Infrastructure Protection Standards (CIP)
• DHS Critical Infrastructure/Key Resources (Tier 2)
![Page 9: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/9.jpg)
Electric Grid
• Risk is in the corn fields!– Transmission Substations– 100kv and above– Thousands in the U.S.– $2m-$3m/18 mos.
![Page 10: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/10.jpg)
Electric Grid
$2m - $3m + 18 Months…!!!
No electricity x ? Weeks = CHAOS??Coordinated attack = 19th Century
![Page 11: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/11.jpg)
What should we do?
• Best Defense is a good Offense• We must get into a proactive posture to prevent
incidents versus finding out on Monday morning.• Real-time remote monitoring• Exception-based – only deal with problems• Virtual perimeters/video analytics• Thermal imaging
![Page 12: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/12.jpg)
What should we do?
• Comprehensive vulnerability and risk assessment• Determine where our key assets are• Determine level of risk they are under• Create a program to mitigate this risk• Address sites according to overall risk level as
capital funding becomes available
![Page 13: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/13.jpg)
Security Risk Assessment
RISK = C x T x V• Consequence – How important is the facility to your
system? The nation’s infrastructure? Loss of life? Feed key facilities?
• Threat – How likely is it to be targeted? Look at theft, vandalism, & terrorism. Are there active threats?
• Vulnerability – If targeted, how easy is it to attack? Pre-operational surveillance? Protection measures? Detection?
![Page 14: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/14.jpg)
Physical Security Measures
• Deter • Delay• Detect• Response
• Deny is fourth “D” designated for military/law enforcement situations
![Page 15: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/15.jpg)
Physical Security Measures
• Deter – make them look somewhere else• Delay – slow them down long enough to…• Detect – sensors which detect intrusion attempts
and transmit to central monitoring• Response – systems and procedures that allow for
quick reporting of incidents, in real-time, to local law enforcement
![Page 16: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/16.jpg)
Trying to make them go down the street…
• If they decide to hit us, we want them to have a bad day
![Page 17: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/17.jpg)
The Definition of a BAD DAY!
![Page 18: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/18.jpg)
Physical Security Measures
• Perimeter Protection– Fencing– Barricades
– Intrusion Detection – fiber, microwave, laser
![Page 19: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/19.jpg)
Physical Security Measures
• Access Controls– Card Access– Gates
• Monitoring– Thermal imaging– Cameras– Video analytics– Virtual perimeters
![Page 20: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/20.jpg)
Recommended Approach
• Categorized transmission substations into three groups:– Tier 1 – High Risk– Tier 2 – Medium Risk– Tier 3 – Medium to Low Risk
• Physical security measures designated for each risk level• Applied to substation based upon ranking in vulnerability & risk
assessment
![Page 21: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/21.jpg)
Range of Options
• Dual perimeter• 12’ Steel Fence
– Concrete curb– Razor wire
• Intrusion Detection• PTZ verify
![Page 22: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/22.jpg)
![Page 23: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/23.jpg)
![Page 24: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/24.jpg)
![Page 25: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/25.jpg)
![Page 26: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/26.jpg)
Range of Options
• Virtual Perimeter– FLIR imagers
• VideoIQ• FLIR dual head PTZ
![Page 27: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/27.jpg)
Range of Options
• FLIR thermal cameras• VideoIQ encoders• Mounted on existing
structures• Focused on key components• Smaller sites, not 100%
coverage
![Page 28: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/28.jpg)
All Monitored Remotely
• Exception-based– Only handle real issues
• Assess situation• Determine response
– Software allows you to respond to an incident the same way EVERY time
– Audit trail of EVERY action• Dispatch assistance/law enforcement
– Transition from reaction to ACTION!
![Page 29: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/29.jpg)
Real-Time Impact
• Copper thieves entered our 24/7 service facility
• Immediately spotted by remote monitoring
• Police dispatched• Arrested in-the-act• Jail time!• Intruders were armed
![Page 30: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/30.jpg)
Summary of Options
• Highest probability of prevention is to harden the exterior perimeter and do some monitoring
• Virtual perimeters provide very good detection, but do not prevent entry and damage.
• What level of security risk are we comfortable with?
![Page 31: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/31.jpg)
Other Prevention Activities
• Replace stolen grounds with copper weld• Purchase new cable with unique identifiers• US Atty Office – Prosecute vigorously• FBI – Investigate upstream• DHS – Changed IN state statute• Communicate to customers – eyes & ears
– Consider rewards for successful prosecution
![Page 32: Perimeter Security for Electric Utility Substationsdownload.101com.com/gig/pdf/govsec2012sessions/NC-5_Miller.pdf · • Real-time remote monitoring • Exception-based – only deal](https://reader036.vdocuments.net/reader036/viewer/2022071015/5fce537f235051302d3e77f5/html5/thumbnails/32.jpg)
Other Prevention Activities
• Provide security at large job sites• Properly secure and track materials• Do not take large amounts of cable to site• Keep vehicles out of substations• Increase lighting at subs• Signage• New Construction – Build in security!