Industry insights

How to strengthen the perimeter of electric utilities

To ensure the reliability of the North American power grid, the North American Electric Reliability Corporation (NERC) has developed a defense-in-depth systems approach to managing intrusion.

Derek Arcuri
Team Lead, Industry & App Marketing, Marketing

The current challenge

Electric utilities around the world have been experiencing a rise in intrusions. Copper theft, which costs U.S. businesses nearly $1 billion in losses each year, according to the U.S. Department of Energy, is one cause for the rise.

Copper is an incredibly valuable commodity—frequently earning the highest price per pound of all scrap metals—and it is endlessly recyclable. It can be melted down and remade into anything from plumbing materials to fiber optics. 

Because it’s so valuable, people are willing to take risks to get it. In 2018, a 41-year old man died during an attempted robbery at a substation in New Brunswick, Canada. In addition to being dangerous, this type of reckless action can also negatively impact surrounding communities. In early 2019, thieves stole copper from a substation just outside of Halifax, Nova Scotia. The theft caused more than 5,000 customers to lose power.

But theft isn’t the only threat to electric utilities. In 2013, gunmen fired on 17 electrical transformers near San Jose California, causing $15 million in damage. While the attack had minimal impact on the station’s power supply, officials had to reroute power from Silicon Valley plants to avoid black-outs. It’s not clear why the attackers chose this power station or what their end goal was, but the incident highlighted just how vulnerable some stations are.

Electric Utilities, Genetec inc.

Regulations designed to mitigate risk

North America has had a regulatory body working to protect the power grid since 1968. Today, that body is the North American Electric Reliability Corporation (NERC), a nonprofit organization whose mission is to ensure the reliability of the North American power system. 

As part of its mandate, NERC has established a series of standards that are aimed at encouraging steps that utilities can take in order to protect their environments and operations.

NERC’s systems approach to managing intruders

Rather than dictating how each utility must secure its stations, substations, and transfer stations, NERC suggests an approach that allows individual utilities to tailor their solutions to their own specific needs. It’s a defense-in-depth systems approach to managing intrusion that looks at zones of protection over large areas rather than focusing on creating a single, strong line.

This approach leaves utilities to develop their own strategies under NERC’s watchful eye. It’s important to remember that, regardless of the strategies they implement, utilities can always be subjected to NERC audits and face heavy fines for non-compliance. NERC penalties can be up to $1 million per day per violation.

So, what does this systems approach look like? It has 6 steps that utilities can address according to their budgets and needs and includes various technologies that can be employed to discourage, prevent, or respond to unauthorized access. It lets individual utilities establish how best to follow these steps.

Managing intruders in 6 steps

The six components of a systems approach, Genetec inc

  Detect

The first step is to detect possible unauthorized intrusions beyond the perimeter. This can be done with a variety of sensors, including Restricted Security Area (RSA) devices, thermal and video analytics. One of the challenges associated with detection is that it can produce nuisance alarms. Your security platform should have a rules engine to correlate events and reduce nuisance alarms so operators are only notified of genuine threats.

  Deter

In this step, the idea is to discourage people who don’t have authorization from accessing the utility. This can include physical deterrents, like lighting, walls, and fences. Or, it could involve surprising or aggressive actions initiated by the security system. For example, once a system detects activity, it can automatically turn on strobe lights or play an MP3 on a networked horn or loudspeaker. 

  Delay

The goal here is to install security measures that delay physical access. This can include chain link fences that are incredibly time-consuming to cut through. One of the benefits of this step is that it provides security personnel with time to evaluate and prepare to respond to incidents.

  Assess

During this step, security operators evaluate the incident to determine what is happening and then identify the actions necessary to respond to the situation. Assessing an incident at a fence or other restricted area is made much easier if security operators have “eyes on the scene.” This can include accessing nearby cameras or, in some cases, dispatching a drone to capture footage in real-time.

  Communicate

For this step, utilities have to think about how security operators are going to communicate information and to whom. Command centers need to be able to share information with mobile operators who may also need to share information.

  Respond

Security operators need to take the appropriate measures to apprehend an intruder. This last step is made much easier, and frequently unnecessary when the earlier steps have been followed. But, if the situation requires that security operators take action, utilities need to ensure that they have established standard operating procedures that can help guide responses.

Demonstrating compliance

Finally, having established requirements and responses that suit their needs, utilities must be able to demonstrate that events have been managed according to their security plan and that they are in compliance with NERC regulations. At this point, the ability to generate comprehensive reports as well as incident management audits is key. These can show compliance and can be extremely valuable during forensic investigations.

Want to learn more about protecting electric utilities or the defense-in-depth approach?

Sign up for our 20-minute on-demand webinar.

Share
Derek Arcuri

Derek Arcuri, Team Lead, Industry & App Marketing, Marketing, Genetec Inc.

Related content

UGI energy services logo
Energy Services provider upgrades video surveillance systems

UGI Energy Services, LLC (UGIES) is an integrated energy company operating throughout the United States. The company upgraded to the Omnicast IP video surveillance system of Security Center to better secure utilities and energy sites.

Energir logo
Powering innovation forward with unified security

Énergir, the main natural gas distributor in Quebec, Canada, employs over 1,500 people and has over $8 billion in assets. To keep its people and properties safe, the company upgraded to Genetec Security Center and now manages security across its sites from one single platform.  

manitoba hydro logo
Manitoba Hydro achieves NERC compliance with unified security

Manitoba Hydro is the major energy utility company for the province of Manitoba, Canada. The utility company recently achieved NERC-compliance across 80+ critical sites after upgrading to Genetec Security Center for video surveillance, access control, and intrusion detection.