Modernizing Perimeter Protection with the Defense in Depth Method

As US utilities face 60 new vulnerabilities daily, a defense-in-depth strategy is essential to protect aging infrastructure from physical attacks.

• By Alex Reichard
• Mar 06, 2026

As the lines between cyber and physical security continue to blur, the threats to utilities increase. The North American Electric Reliability Corporation (NERC) currently estimates that the U.S. power grid's electrical networks add approximately 60 new vulnerable points each day. And in 2022, NERC also reported approximately 2,800 reported incidents of gunfire, vandalism, and other physical attacks on electrical networks.

Even more alarming is the aging of said infrastructure.  percent of the U.S. power grid is more than 25 years old, and as the grid ages, so do the perimeters designed to protect it. Fences rust, cameras lose resolution, and outdated access control systems fail. While firewalls and firmware receive regular updates, the same urgency is rarely applied to physical systems.

This imbalance leaves critical sites vulnerable to low-tech, high-impact attacks. A modern, layered physical security strategy is the only effective way to close these gaps.

Renewables face challenges different from their fossil-fueled friends. Solar and wind farms were often built quickly in the rush to meet new green initiatives. This meant physical security was frequently an afterthought. Still, the risks remain much the same.

Whether it be theft, vandalism, or something far more sinister, preventing such physical threats starts by securing the perimeter.

Applying a Layered Approach

Once someone physically breaches the perimeter, they could launch an attack within minutes. But in the absence of real-time detection solutions, a threat actor could go undetected on site for hours. This is especially true of remote sites occupying a few hundred acres.

Therefore, you should layer security solutions that allow you to deter, detect, and respond to potential threats. This is the defense-in-depth strategy.

Deter
Fences, walls, and lighting are common physical deterrents among utility facilities. But to be effective, these measures must be adequately maintained. Consider conducting regular perimeter walks to check for any new gaps or holes. Alarming sounds and lights initiated by the security system may also scare off casual intruders and slow down determined ones.

Detect
Detect threats by using sensors to identify potential intruders. This could include Restricted Security Area (RSA) devices, thermal imaging, radar, 3D LiDAR, and video analytics. These sensors alert to various objects and actions, enabling a quicker response. Further ensure your security platform uses a rules engine to reduce false alarms.

Respond
Even the most sophisticated detection and deterrent tools will not stop a determined attacker. Those charged with responding to incidents, whether on-site or remote, require the proper tools to do so effectively. This includes a centralized security platform that streamlines communications between monitoring centers, field teams and first responders in real time.

NERC emphasizes a defense-in-depth approach in its Critical Infrastructure Protection (CIP) framework. NERC CIP is the gold standard for power systems, but most renewable and water facilities fall outside its regulatory requirements. Still, it provides a baseline for other utilities looking to modernize their physical security infrastructure.

Defense-in-Depth in Action

In addition to layering security solutions, people, policies, and technologies also need to be considered as part of a comprehensive plan.

For example, a long-range radar detects movement beyond the perimeter. This detection triggers a nearby camera to automatically focus on (and potentially deter) the suspected intruder. If other sensors are triggered, such as video analytics or thermal imaging, these inputs can collectively confirm the threat and trigger an alert.

Within a centralized security platform, an operator can review the live feed and all applicable alerts. Using available tools and context, they can determine if the movement is a valid threat.
With clear standard operating procedures (SOPs) integrated into the platform, the operator can then take the appropriate action. This could mean alerting on-site security, calling local police, or using two-way audio to scare off the intruder.

In this way, each layer reinforces the next. Technology automates detection and validation. Trained personnel make informed decisions. Embedded policies and procedures ensure the appropriate response. And when integrated with strong cyber hygiene, the result is a resilient physical security posture.

A Unified Platform for Defense-in-Depth Deployment

If the above workflow seems out of reach, start by determining your facility’s acceptable risk. If your facility is close to a law enforcement agency, you may not require on-site guard services. And if a swift, staffed response is not feasible, detection and deterrence layers must compensate.

The benefit of a unified security platform is that it empowers organizations to make the most of available resources. Operators can access live feeds, SOPs, and sensor alerts all in one place. This saves them time and keeps them from switching between different systems.

Modern systems also support automation. When certain thresholds are met, such as simultaneous motion detection and unauthorized door access, the system alerts the appropriate team, resulting in a significant reduction in false alarms.

These efficiencies make it easier for teams to maintain 24/7 oversight.

The Imperative of Integrated Security

Few industries blend cyber and physical security as much as critical infrastructure. You see this in the rise of network-connected cameras and IoT-based sensors. The potential consequences of a successful attack are exponential.

By adopting a unified yet centralized approach, utilities can better protect their aging infrastructure and rapidly evolving facilities from today’s increasingly sophisticated threats.

This article originally appeared in the March/April 2026 issue of Security Today.