Protecting the Cyber Side -- Security Today

Protecting the Cyber Side

Companies required to manage property access, as well as secure facilities

By Andy Hilverda
Jun 01, 2009

Vandalism, theft and acts of terrorism in recent years have motivated the electric generation and transmission industry to seek viable security solutions. Companies must secure their facilities and protect their physical and electronic assets while managing access to their properties state-to-state over geographically widespread regions.

Recognizing the serious impact to the local and national economy, and to people's lives, when the power goes off, ITC Holdings makes it a priority to protect the transmission grid and provide efficient, reliable energy to its customers. ITC's vision is to have highly effective processes and procedures in place that meet or exceed the new government security standards.

A New Approach

Robert Blickensdorf, ITC's security manager, is responsible for project management as it relates to the installation, maintenance and operation of physical security at ITC facilities. He serves as the liaison between ITC, local law enforcement and other security organizations within the industry.

"ITC corporate leaders realize the importance of protecting our physical and electronic assets, and have been very supportive of our security initiatives," Blickensdorf said.

Facing an overwhelming array of choices and costs, ITC developed a risk-based methodology for pursuing a balanced approach to their security goals. ITC had to determine the type of physical security that would best serve each location, install and integrate the necessary security devices, and maintain and monitor the effectiveness of the system.

Facing threats of vandalism and theft due to the high price of copper and other metals on the open market, ITC adopted measures to prevent someone from accessing one of its sites with the intent of stealing metal and, in the process, causing damage that affects the reliability of the system or the safety of employees and contractors. Vulnerability is heightened at ITC's remote sites because of their isolation. In an effort to address these concerns, the company installed security equipment to prevent vandalism or theft at these sites.

"We do not want to give any individual or organization the opportunity to sabotage the system, because the impact is too far reaching," Blickensdorf said.

ITC's physical security projects encompass ITC headquarters, substations and warehouses. In addition to the live cameras and alarm system, the company has installed perimeter fence intrusion monitors, photobeam towers, infrared illumination devices, motiondetection towers and other physical security equipment at strategic locations. It also has an integrated online access card system installed throughout its facilities. Alarm information is quickly transmitted to the security command center for action.

Meeting the Standards

The Federal Energy Regulatory Commission and the North American Electric Reliability Corp. have established security standards to prevent electronic and physical attacks that could cripple the energy industry, which is a critical part of the nation's infrastructure.

In January 2008, critical infrastructure protection reliability standards were approved for the purpose of protecting the physical security of critical cyber assets. CIP Standard 006-1 "requires a responsible entity to create and maintain a physical security plan that ensures that all cyber assets within an electronic security perimeter also reside within an identified physical security perimeter. The physical security plan ... must contain processes for identifying, controlling and monitoring all access points and authorization requests. The logging of physical access must occur at all times, and the information logged must be sufficient to uniquely identify individuals."

Logistic challenges confronted ITC in developing a strategy for meeting the CIP Reliability Standards. As officials began to tackle these issues, they looked for a secure access control system that would provide the flexibility they needed. Most importantly, the company needed a system that could bring key control and an audit trail to its remote sites without requiring power at the lock.

"We required a system that could eliminate the risks associated with the duplication of keys and assist us with CIP compliance by tracking contractors and employees that go into locations that contain critical cyber assets," Blickensdorf said.

They were looking for a product that also could be integrated with the security equipment and systems they already had in place. The use of the electronic key has eliminated issues that ITC experienced in the past with mechanical keys.

"With the new restrictive electronic key in the field, we have accountability and an electronic record of where the key has been used, how it has been used and by whom," Blickensdorf said.

Each electronic key is set with an automatic expiration date to reduce the risks associated with lost keys. If a key is missing, ITC can quickly deactivate the key or let the key automatically expire.

The Key to Security

"Everyone in the industry is working toward CIP compliance," Blickensdorf said. "The electronic lock system assists us with compliance to CIP standards by tracking people who go into locations that contain critical cyber assets."

An electronic lock allows officials to download information about the lock and determine who recently accessed it. Each authorized user's key is programmed to access selected locks at specific locations and only during certain times of the day. The electronic locks and keys audit openings and attempts to enter areas that protect electronic data and equipment.

"The electronic lock system provides a two-pronged approach to controlling physical access to our electronic assets," Blickensdorf said. "First, we can control who we issue a key to and how the key is to be used by that person. Second, we can track that person's activity at the different sites."

By partnering with a capable access control system integrator and taking advantage of today's advances in security technology, ITC has integrated security systems that will continue to provide the physical security and accountability it requires. As government standards evolve and new security threats emerge, ITC is in a strong position to respond quickly and decisively.

This article originally appeared in the issue of .

National Monitoring Center Secures Updated TMA Installation Quality (IQ) Certification
04/24/2024
PSA TEC 2024 Runs May 13-17 in Dallas
04/24/2024
Hanwha Vision Announces Support for Genetec Security Center SaaS Unified Solution
04/24/2024
ISC West 2024 Welcomed More Than 29,000 Attendees
04/17/2024
Evolon Introduces AI-Powered Video Monitoring Service 
04/17/2024
Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution
04/15/2024
Allegion US Features Interoperability, Mobile Credentials and More at ISC West
04/10/2024
Altronix Showcases Products to Protect Critical Infrastructure at ISC West
04/10/2024

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
New Research Shows a Continuing Increase in Ransomware Victims

GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now
- Cybersecurity
OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now
- Cybersecurity
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules, ZeroEyes

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Arcules

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

ComNet CNGE6FX2TX4PoE

The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3
ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3