National Grid Meets NERC CIP and TWIC

National Grid Meets NERC CIP and TWIC

More than 300 sites get newly-required secure applications

National Grid is an international electricity and gas company with 95 percent of its activities in regulated businesses. As the largest utility in the UK, it delivers gas to 11 million homes and businesses. In addition, National Grid is the second largest utility in the United States. It delivers electricity to approximately 3.3 million customers and distributes natural gas, serving 3.5 million customers in Massachusetts, New Hampshire, New York and Rhode Island.

National Grid’s many types of facilities include:

  • Operational facilities that manage administrative functions;
  • a large number of control centers that operate, control and maintain the electric distribution system including the electric transmission system, natural gas distribution system and natural gas transmission system;
  • many electric generating facilities including power plants that make electricity;
  • several liquid natural gas (LNG) plants that have the giant tanks on the properties; and
  • a large number of critical facilities that manage the distribution of electric and gas throughout all the different regions.

Having numerous and diverse facilities to secure, National Grid needed a higher level of security to insure its vast infrastructure of buildings were protected. They needed a way to track access to their sites, process over 156,000 cardholder transactions daily, and monitor who entered and exited their plants, operating yards and substations.

Command Center as the Solution

National Grid sought the flexibility to control all aspects of security right down to the individual user’s access rights, so they selected a Symmetry Security management system from AMAG Technology.

“National Grid uses this specific access control to control and protect assets based on who should be in certain locations at what point in time,” said Thomas Palermo, president of Alliance Systems Integrators Inc.

All employees use a smart card to gain access to the designated facilities where they work, and to the areas within the building where they have been authorized. Each department individually controls its list of employees and their access rights. Contractors also are provided badges on an as-needed basis. In addition, the access control system is used to monitor more than 4,000 alarm points to protect the many different types of facilities that comprise National Grid.

Streamlining operations. National Grid streamlined their security operations when they combined their two command centers and recently built a state-of-theart security operations center to encompass all security: access control, video, intrusion, perimeter and their NERC CIP sites for their New York City, Long Island, New Hampshire, Massachusetts and upstate New York facilities. The new command center allows the security department to be independent and manage all operations for their more than 300 sites throughout the Northeast. This enables all facilities to be monitored at the new command center.

Manned and unmanned facilities. National Grid has a combination of manned and unmanned facilities. Unmanned facilities are visited by staff daily, weekly or monthly, depending on which type of facility and function it serves. If there is a breach in security at an unmanned facility, an alarm will pop up in the alarm screen at the command center. The security operator can decide what course of action to take based on the alarm.

“We have a large number of intrusion detection systems and we tie those systems into Symmetry for the purpose of monitoring alarms,” said Wendel Steenbuck, national grid manager for National Grid Global Security in the Security Technical Support Unit. “Symmetry provides centralized alarm handling and reporting making it easy to manage alarms from different sources.”

Video. Cameras positioned at all facilities record activity. If there is an alarm, Symmetry provides an output which becomes an input to Verint’s Nextiva video system. The input will prompt the camera associated with that alarm to automatically move and zoom in or out to where the alarm is occurring. More than 2,500 cameras monitor events while Verint encoders create an IP stream back to the Nextiva system.

“When we have an intrusion alarm, our cameras react and move so security operators can see what caused the alarm,” Steenbuck said. “Symmetry’s trigger commands automatically control the cameras and give them that direction.”

Perimeter security. Multiple microwave perimeter detection devices are tied into the software and working properly. Thermal imaging cameras are tied to Symmetry through the VMS and then back to Symmetry via a hard wire connection, all of it functioning seamlessly.

Transportation Workers Identification Credential (TWIC)

All National Grid facilities that “conduct commerce on the waterway,” including fuel barges for power plants, must be TWIC complaint as mandated by the Transportation Security Administration (TSA) to gain unescorted access to secure areas of Maritime Transportation Security Act (MTSA)-regulated facilities. Presently, TWIC compliance is completed manually and locally at each site with human intervention. Card readers have been placed in TWIC-restricted areas, and access to those readers is tightly controlled. Only certain individuals have TWIC cards and are granted access through those readers. Access is denied for everyone else.

A Facility Security Officer (FSO), who by federal statute is directly responsible to the Coast Guard and the Department of Homeland Security, is designated and assigned at each TWIC facility. The FSO identifies the specific, secure restricted areas at their facility. If a person needs access to a restricted area, they first have to apply to get a TWIC card and get authorization from the FSO to gain access. Individuals who do not have a TWIC card must be escorted into the area under the direction of the FSO.

Steenbuck is considering installing biometric readers; however, he is waiting for direction from the government on the regulation. All card readers would be connected to Symmetry. At that point, a person would go through a turnstile or gate with a valid TWIC card that has been validated via biometrics. When the validated card is presented to the TWIC reader, an input is supplied to Symmetry where a positive validation is made through the biometric and image to prove he or she is the person on the card. Access is granted upon receiving positive validation.

North American Electric Reliability Corporation (NERC) Standard

National Grid must also comply with the NERC standard, which ensures the reliability of the bulk power system in North America. NERC develops, releases and maintains the Critical Infrastructure Protection (CIP) Cyber Security Standards that are designed to provide the necessary assurances of protection for the equipment that monitors and controls the generation and distribution of power through the grid in North America.

Symmetry provides National Grid a feature-rich, security management system that allows them to meet NERC compliance in securing the physical perimeter of each of their many facilities. Since Symmetry is a cyber-asset, it must meet minimum standards for such a system and that includes having unique logon credentials, a recovery plan that follows conventional business continuity and disaster recovery practices, and TWIC compliance as mentioned above.

“Symmetry really fit their needs to meet the NERC/CIP compliance,” Palermo said. “Symmetry provided the lock-down capability they needed for potential cyber terrorism issues. National Grid received the necessary support and didn’t need to do anything at the locations that had card access. For those that didn’t have card access, the software was added easily, and they achieved their compliance quickly.”

Ensuring Compliance

National Grid installed more than 2,000 Symmetry 823 and 843 Smart Card Readers. Both readers are designed for companies that need to adopt federal personal identity verification standards. They meet the requirements of Government Smart Card Interoperability Specification GSC-IS v.2 and the Smart Card Enabled Physical Access Control Systems Technical Implementation Guidance PACS v2.2.

The Symmetry 843 Smart Card reader allows authorized people to initiate conditional commands to the Symmetry Security Management System. Used primarily in the NERC facilities, authorized individuals use the keypad and star commands to arm and disarm the intrusion system.

Alliance Systems Integrators

Alliance Systems Integrators is a fullservice integrator that designs security command centers, control centers, enterprise access control and enterprise video surveillance for critical infrastructure, providing its clients with a full-range of services from planning and design to engineering, maintenance and installation. They employ a full-time NERC data analyst and IT senior systems engineer to offer their customers superior customer service and support.

“Alliance considers itself an extension of National Grid’s global security staff and works closely with National Grid to ensure they are in compliance with CFAT regulations, NERC CIP regulations and to protect its critical infrastructure and vulnerabilities,” Palermo said.

National Grid will be upgrading its security management system, which will allow them to have one single cardholder database for their 25,000 cardholders, yet segregate the hardware and servers from the rest of the system to meet NERC CIP and TWIC standards.

Having so many cardholders, alarms and alarm points, National Grid’s Steenbuck chose to install a NEC Fault Tolerant Express Server to use in conjunction with NEC Express Cluster with Symmetry Global. The NEC FT Servers are designed to provide extreme availability by using fully redundant system components and can provide continuous availability, even in the event of a system failure. Fault-tolerant systems can provide up to 99.999 percent uptime, which equates to just a little more than 5 minutes of downtime per year.

This article originally appeared in the issue of .

Digital Edition

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety