EPE’s NERC CIP Program Manager, Darrel Grumman, shared his thoughts on physical security of transmission stations and substations in light of the recent substation attack in North Carolina:
Transmission lines and substation ownership in the United States is a mix of regulated and unregulated entities including investor-owned utilities (IOUs), municipalities, cooperatives, and federal PMAs with IOUs accounting for more than 80% of transmission. These entities are responsible for the security of the electric grid in the United States which includes over 60,000 transmission substations.
While the high level of interconnection within the electricity grid helps minimize the risk of major failures, a single equipment failure is unlikely to have a cascading effect on the entire system. However, it can have significant impact on a region as evidenced by recent substation attacks. Despite measures to improve grid reliability to better control critical infrastructure assets, the number of threats and executed attacks continue to grow as well as an increased risk of failures.
The environment that utilities operate in is constantly changing, which increases the risk of disruptions in the supply of electricity. It’s vital for the industry stakeholders to continuously develop and implement strategies to improve security both physical and cyber.
About NERC Critical Infrastructure Protection (CIP)
Grid reliability is inextricably linked to national security, and it’s vital for utilities to prioritize physical security. In addition to utilities, other organizations are also working to improve the security of the electricity supply by developing and implementing effective measures to prevent the loss of power. The North American Reliability Corporation (NERC), the regulatory authority for the electricity supply in the United States, is responsible for ensuring the reliability of the system.
Through the authority granted by NERC, the agency has been able to create Critical Infrastructure Protection (CIP) standards that help guide the activities and planning of utilities to address the various threat profiles that are prevalent in the electricity industry. Although cybersecurity is still considered a leading aspect of electric utility security, the focus has shifted to the need for more effective physical security measures.
The US government’s approach to protecting the nation’s critical infrastructure was first established through the National Infrastructure Protection Plan. The plan aims to provide a framework for the private and public sectors to work together to manage the risks associated with the critical infrastructure sector.
NERC CIP-014 Physical Security
The goal of CIP-014 is to identify and protect critical Transmission stations and Transmission substations, and their associated primary control centers, that if rendered inoperable or damaged as a result of a physical attack could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection.
The standard requires Transmission Owners to conduct a risk assessment over specific intervals and complete a physical security implementation plan to ensure stability and avoid uncontrolled separation. But it is important to note that CIP-014 only applies to those qualifying critical stations and substations; meaning more than 50,000 stations and substations are note required to comply with the CIP-014 standard.
Based on recent events, we believe real change can be driven by the industry stakeholders that are on the front line managing the day-to-day access to these sites. While we cannot plan for and implement security controls for every known threat, we can create a greater level of security across the spectrum with a focused effort towards identifying the most common threats and re-evaluating many of the existing methods and “truths” that are deployed for transmission stations and substations.
Whether you are a utility, developer, or generation owner, prioritizing physical security is vital to protecting your assets and ensuring the power stays on for customers. We are the catalyst of change and the future security of the Bulk Electric System.
If you’re interested in learning more about NERC & Regulatory Compliance, please contact us to schedule a consult.