Safeguarding the Power - Providing protection for some of the nation’s most valuable assets

Safeguarding the Power

Providing protection for some of the nation’s most valuable assets

You are on duty at a large power station when you hear a gunshot coming from the South side of the facility. This shot triggers your security systems sniper detection alarm. The camera quickly turns its focus to the sniper’s location. Once the sniper’s location is noted, the monitoring center calls local law enforcement with the information and the threat is mitigated. Without a security system, detrimental damage could have occurred, leaving thousands of people without power.

IMPORTANCE OF SECURITY IN THE UTILITY MARKET

Recent events have highlighted the necessity for security in order to reduce risks at a utility facility. An increased threat level or higher probability of hostile actions towards a facility’s assets, operations, or staff raises a financial risk for a utility facility along with an increased risk to public safety. An integrated security solution provides the means to manage potential risks by reducing them to acceptable levels or removing them completely.

Security in the utility market is being used to provide protection for our nation’s most valuable assets and to increase the overall detection, assessment, communication, interdiction, and potentially, neutralization abilities of the utilities against any threats posed to a critical facility. Common risks and threats include terroristic activity and copper thefts. Protection is accomplished through a combination of physical protection barriers, security technology, remote monitoring, manned security and procedural changes.

To help minimize risk and threat levels of the valuable assets held in these facilities, mandatory rules and regulations have been put into effect. Rules and regulations may vary depending on facility and vertical including NERC/CIP compliance standards, NRC Security Regulations and DHS CFATS. Many services are offered by security firms to assist in meeting these compliance and regulation standards. The best defense is a mixture of the following: risk and threat consulting, man guarding, design and engineering, technology integration and implementation, procedural development, training and system performance testing.

In addition to mandatory compliance and regulation standards, most utility facilities strive to work with an experience security organization to put an effective and reliable security system in place in fear of potential harm to employees and personnel, a negative impact to the environment and disablement or disruption of plant/system operations. By enhancing a facility’s security and defensive posture, the security organization ensures that current threats are mitigated and increased employee and public safety is accomplished. This type of protection also improves the public’s perception in local communities around these utility facilities. This type of investment shows that the utility is putting forth the effort to reduce the risks to their community by eliminating potential targets for hostile actions.

DETERMINING THE BEST SOLUTION

Utility companies design their security systems around a threat/risk assessment and regulatory compliance standards. The assessments lay the foundation for what risks need to be addressed and evaluated to determine what level of security is required to mitigate those risks while meeting or exceeding the regulatory standards. Once assessments are completed, the utility company often works with a systems integrator to design a plan for their facility moving forward based on criticality, accessibility, recoverability, vulnerability, effect and the ability to be recognized. This plan is often used for corporate security standards across a utility’s fleet. Standardization of solutions across a fleet provides efficiencies for security operations for system monitoring, system training, maintenance and spare inventory of replacement parts.

STEP-BY-STEP DEVELOPMENT

Every security organization has its own detailed implementation plan. An example of a phased implementation approach when working with a customer to find a customized solution is as follows:

  • Conduct a risk/threat assessment
  • Develop a design plan—choose technologies
  • Review/test selected products
  • Finalize systems/technologies in the design
  • Deploy and install the system
  • Train and create procedures and system performance testing

The first and most crucial step in this approach is to conduct a risk/threat assessment. The assessment identifies current and past events that could pose a threat to the company’s employees, assets, and operations. To complete this phase, there is a close partnership that needs to be established between various organizations to ensure that all of the essential information is gathered.

Once the proper information has been collected and the threat has been identified, the chosen Systems Integrator develops conceptual designs, utilizing various technologies to provide the adequate protective strategy and measures to mitigate the threat. During this phase, cameras can be lifted to their potential locations and screen shots will be taken, showing customers potential fields of view. Cameras are then laid out on a geospatial map to show areas of coverage.

Before installation occurs of any of the chosen systems, quality assurance tests are conducted to ensure the products meet the design specifications. All components are tested according to the design, quality assurance and compliance standards. After the systems pass the tests they are then finalized in the design space and factory acceptance tested for system deployment. The system is then installed into the specified facility and tested again using similar factory acceptance testing criteria. The final stage of the phased implementation approach is accomplished by providing training in security operations, IT, engineering, and maintenance, through the creation of procedures and system performance testing.

UPGRADING AND INSTALLMENTS

As threat levels rise, facilities are increasing their defense by adding additional rings of security, specifically walls and fences around the perimeter. In addition to physical barriers placed around facility perimeters, many facilities are increasing their defense strategies through technologies such as thermal cameras, video analytics, and intrusion detection systems. The installation of these systems assists utility facilities in providing increased exterior detection, assessment, communication, and interdiction.

Securing a facility tends to start from the outside, working inward. It is crucial to have a secure perimeter in order to protect the assets inside. In order to enhance facilities physical security systems and defense-in-depth, utility facilities are implementing visitor/identity management systems, outward looking thermal camera systems, radar, intrusion detection, gunshot detection, access control systems as well as PA systems and lighting.

Often times utility facilities will have security systems already in place, but they are no longer meeting compliance regulations or are simply no longer working for the task at hand. The most common system upgrades facilities are seeking assistance with are intrusion detection systems, video management systems, access control systems, PSIM and cyber security systems.

SECURITY CHALLENGES

In today’s world, there are greater risks than ever before. Security organizations are capable of providing the most cutting-edge and in-depth solutions on the market but, like most organizations, utility facilities are faced with the challenge of budget constraints and lack of resources. To offset budget challenges, Utility Facilities can work with multiple divisions within a facility including Security, IT, Operations, Project Development, and many more to provide a multi-departmental work/ budget share. Enhanced security technology and systems not only increase security countermeasures, but can also provide upgraded IT infrastructure and operational enhancements for the facility. By linking the multiple company divisions, a facility can strategically upgrade in a single project, rather than multiple capital expenditures. This creates a “win-win” strategy for the entire organization.

Another challenge facilities face is a lack of understanding government regulation requirements Compliance standards and regulation requirements can have some fuzzy areas and it can be hard to gauge if a particular rule applies. Teaming up with a seasoned security integration team or organization can be greatly beneficial. Their knowledge and experience from previous projects can clear up blurred areas and help mitigate the chance of misinterpreting any regulatory requirements.

A NEED FOR INCREASED SECURITY– REAL-WORLD EXAMPLE

The energy sector’s significance is undeniable to enhancing the connectivity, function, and advancement of today’s modern world. Energy infrastructures are crucial to maintaining the basic operations and safety of citizens in today’s societies. When faced with the reality of attacks and the potential for widespread disruption or termination of energy services for hundreds of thousands of people, the need to secure these facilities with multi-layered protections and lines of defense is drastically elevated.

This held true for a world leading energy and utility company. Considering their broad range of services and number of customers spread across the country, the organization required a comprehensive, multi-layered integrated physical security system that would not only provide robust protection for its services, but would meet all present and future government mandates set for the energy and utility industry. Their customers rely on the power they provide, so physical security is crucial.

They sought the assistance of an experienced integrator to design and implement the necessary upgrades required to meet NERC CIP regulatory standards under CIP Version 5 for compliance. Although their current system was working, they were aiming to increase detection and enhance response time by upgrading technologies and including thermal cameras. There was also a necessary shift from the DVR platform to an NVR solution. The project began with upgrading the existing access control systems and closed circuit television systems, with plans to create a single, centrally monitored and administered electronic access control system and video management system across service territories.

The resulting system designed and engineered by their chosen integrator is focused on strengthening reliability and efficiencies for customers, providing the highest level of employee safety and asset protection and maintaining both companies’ commitment to leading-edge defense technologies and services. Within the total integrated solution, each platform is designed to manage risks, protect people and valuable assets, reduce costs, and optimize the security process, should there ever been a disaster or attack on any critical structures or facilities.

In partnership with their integrator, this energy/utility company is poised to set a new global standard of innovation, increasingly responsive protocols, improved capabilities and operations in the energy and utility industry. Supported by the flexible, powerful, multilayered integrated security platform, they can face the increasingly high-risk future of the energy industry with confidence, remaining committed to quality, uninterrupted services.

LOOKING TO THE FUTURE

As technology changes on an almost daily basis, so does the threat. To ensure a facility is providing an ample level of protection to negate these ever changing threats, the security organization must constantly reassess it security plan.

In the past, the traditional concern existed around the physical perimeter. There are ongoing physical protection system upgrades to meet various compliance standards and each utility is implementing the most up-to-date technology to deter, detect, and delay the various threats. As mentioned earlier, these technologies include gunshot detection systems, acoustic sensors, thermal cameras with analytic detection envelops and geospatial mapping systems.

Today the threat of a cyber-attack is just as real and dangerous as those in the physical security realm. Utilities are implementing traditional security measures, leveraging new technology, and most importantly treating their digital infrastructure as an integral part of their protection strategy. At the same time the digital assets and technology that drive the physical security systems are being incorporated into the overall IT management with domain integration, antimalware, hardening, and centralized logging becoming common place. System manufacturers are responding to these changes. Where a security appliance was previously treated as a “black box,” now it offers support for anti-malware, firewalls and other technologies.

This article originally appeared in the February 2016 issue of Security Today.

If you like what you see, get more delivered to your inbox weekly.
Click here to subscribe to our free premium content.

comments powered by Disqus

Digital Edition

  • Security Today Magazine - October 2018

    October 2018

    Featuring:

    • Streamlined for Success
    • Making Your Expertise Unique
    • An Eye on the Campus
    • Solving Problems
    • Enhancing Security

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • School Planning & Managmenet
  • College Planning & Management
  • Campus Security & Life Safety