National Grid Meets NERC CIP and TWIC
More than 300 sites get newly-required secure applications
- By Kim Rahfaldt
- Jan 01, 2015
National Grid is an international electricity and gas company with
95 percent of its activities in regulated businesses. As the largest
utility in the UK, it delivers gas to 11 million homes and businesses.
In addition, National Grid is the second largest utility
in the United States. It delivers electricity to approximately 3.3
million customers and distributes natural gas, serving 3.5 million customers in
Massachusetts, New Hampshire, New York and Rhode Island.
National Grid’s many types of facilities include:
- Operational facilities that manage administrative functions;
- a large number of control centers that operate, control and maintain the electric
distribution system including the electric transmission system, natural gas
distribution system and natural gas transmission system;
- many electric generating facilities including power plants that make electricity;
- several liquid natural gas (LNG) plants that have the giant tanks on the properties;
and
- a large number of critical facilities that manage the distribution of electric and
gas throughout all the different regions.
Having numerous and diverse facilities to secure, National Grid needed a higher
level of security to insure its vast infrastructure of buildings were protected.
They needed a way to track access to their sites, process over 156,000 cardholder
transactions daily, and monitor who entered and exited their plants, operating
yards and substations.
Command Center as the Solution
National Grid sought the flexibility to control all aspects of security right down to
the individual user’s access rights, so they selected a Symmetry Security management
system from AMAG Technology.
“National Grid uses this specific access control to control and protect assets
based on who should be in certain locations at what point in time,” said Thomas
Palermo, president of Alliance Systems Integrators Inc.
All employees use a smart card to gain access to the designated facilities where
they work, and to the areas within the building where they have been authorized.
Each department individually controls its list of employees and their access rights.
Contractors also are provided badges on an as-needed basis. In addition, the access
control system is used to monitor more than 4,000 alarm points to protect the
many different types of facilities that comprise National Grid.
Streamlining operations. National Grid streamlined their security operations
when they combined their two command centers and recently built a state-of-theart
security operations center to encompass all security: access control, video,
intrusion, perimeter and their NERC CIP sites for their New York City, Long
Island, New Hampshire, Massachusetts and upstate New York facilities. The new
command center allows the security department to be independent and manage all operations for their more than 300 sites
throughout the Northeast. This enables
all facilities to be monitored at the new
command center.
Manned and unmanned facilities.
National Grid has a combination of
manned and unmanned facilities. Unmanned
facilities are visited by staff
daily, weekly or monthly, depending
on which type of facility and function
it serves. If there is a breach in security
at an unmanned facility, an alarm will
pop up in the alarm screen at the command
center. The security operator can
decide what course of action to take
based on the alarm.
“We have a large number of intrusion
detection systems and we tie those
systems into Symmetry for the purpose
of monitoring alarms,” said Wendel
Steenbuck, national grid manager for
National Grid Global Security in the
Security Technical Support Unit. “Symmetry
provides centralized alarm handling
and reporting making it easy to
manage alarms from different sources.”
Video. Cameras positioned at all
facilities record activity. If there is an
alarm, Symmetry provides an output
which becomes an input to Verint’s
Nextiva video system. The input will
prompt the camera associated with that
alarm to automatically move and zoom
in or out to where the alarm is occurring.
More than 2,500 cameras monitor
events while Verint encoders create an
IP stream back to the Nextiva system.
“When we have an intrusion alarm,
our cameras react and move so security
operators can see what caused the
alarm,” Steenbuck said. “Symmetry’s
trigger commands automatically control
the cameras and give them that direction.”
Perimeter security. Multiple microwave
perimeter detection devices are
tied into the software and working
properly. Thermal imaging cameras
are tied to Symmetry through the VMS
and then back to Symmetry via a hard
wire connection, all of it functioning
seamlessly.
Transportation Workers
Identification Credential
(TWIC)
All National Grid facilities that “conduct
commerce on the waterway,” including
fuel barges for power plants,
must be TWIC complaint as mandated
by the Transportation Security Administration
(TSA) to gain unescorted access
to secure areas of Maritime Transportation
Security Act (MTSA)-regulated
facilities. Presently, TWIC compliance
is completed manually and locally at
each site with human intervention. Card
readers have been placed in TWIC-restricted
areas, and access to those readers
is tightly controlled. Only certain
individuals have TWIC cards and are
granted access through those readers.
Access is denied for everyone else.
A Facility Security Officer (FSO),
who by federal statute is directly responsible
to the Coast Guard and the
Department of Homeland Security, is
designated and assigned at each TWIC
facility. The FSO identifies the specific,
secure restricted areas at their facility.
If a person needs access to a restricted
area, they first have to apply to get a
TWIC card and get authorization from
the FSO to gain access. Individuals
who do not have a TWIC card must be
escorted into the area under the direction
of the FSO.
Steenbuck is considering installing
biometric readers; however, he is waiting
for direction from the government
on the regulation. All card readers
would be connected to Symmetry. At
that point, a person would go through
a turnstile or gate with a valid TWIC
card that has been validated via biometrics.
When the validated card is presented
to the TWIC reader, an input is
supplied to Symmetry where a positive
validation is made through the biometric
and image to prove he or she is the
person on the card. Access is granted
upon receiving positive validation.
North American Electric
Reliability Corporation
(NERC) Standard
National Grid must also comply with
the NERC standard, which ensures the
reliability of the bulk power system
in North America. NERC develops,
releases and maintains the Critical Infrastructure
Protection (CIP) Cyber
Security Standards that are designed
to provide the necessary assurances of
protection for the equipment that monitors
and controls the generation and
distribution of power through the grid
in North America.
Symmetry provides National Grid a
feature-rich, security management system
that allows them to meet NERC
compliance in securing the physical perimeter
of each of their many facilities.
Since Symmetry is a cyber-asset, it must
meet minimum standards for such a
system and that includes having unique
logon credentials, a recovery plan that
follows conventional business continuity
and disaster recovery practices, and
TWIC compliance as mentioned above.
“Symmetry really fit their needs to
meet the NERC/CIP compliance,” Palermo
said. “Symmetry provided the
lock-down capability they needed for
potential cyber terrorism issues. National
Grid received the necessary support
and didn’t need to do anything at
the locations that had card access. For
those that didn’t have card access, the
software was added easily, and they
achieved their compliance quickly.”
Ensuring Compliance
National Grid installed more than
2,000 Symmetry 823 and 843 Smart
Card Readers. Both readers are designed
for companies that need to
adopt federal personal identity verification
standards. They meet the requirements
of Government Smart Card
Interoperability Specification GSC-IS
v.2 and the Smart Card Enabled Physical
Access Control Systems Technical
Implementation Guidance PACS v2.2.
The Symmetry 843 Smart Card
reader allows authorized people to
initiate conditional commands to the
Symmetry Security Management System.
Used primarily in the NERC facilities,
authorized individuals use the
keypad and star commands to arm and
disarm the intrusion system.
Alliance Systems Integrators
Alliance Systems Integrators is a fullservice
integrator that designs security
command centers, control centers, enterprise
access control and enterprise video
surveillance for critical infrastructure,
providing its clients with a full-range of
services from planning and design to engineering,
maintenance and installation.
They employ a full-time NERC data analyst
and IT senior systems engineer to
offer their customers superior customer
service and support.
“Alliance considers itself an extension
of National Grid’s global security
staff and works closely with National
Grid to ensure they are in compliance
with CFAT regulations, NERC CIP
regulations and to protect its critical
infrastructure and vulnerabilities,” Palermo
said.
National Grid will be upgrading its
security management system, which
will allow them to have one single
cardholder database for their 25,000
cardholders, yet segregate the hardware
and servers from the rest of the
system to meet NERC CIP and TWIC
standards.
Having so many cardholders, alarms
and alarm points, National Grid’s
Steenbuck chose to install a NEC Fault
Tolerant Express Server to use in conjunction
with NEC Express Cluster
with Symmetry Global. The NEC FT
Servers are designed to provide extreme
availability by using fully redundant
system components and can provide
continuous availability, even in the
event of a system failure. Fault-tolerant
systems can provide up to 99.999 percent
uptime, which equates to just a
little more than 5 minutes
of downtime per
year.
This article originally appeared in the issue of .