Embed Size (px)
Citation preview
Perimeter Security for Electric Utility Substations
Jim MillerNovember 16, 2011© 2011 NiSource Corporation
Copper Theft
• Copper near historic highs• Driven by BRIC demand &
currency risk• High prices = many places
to sell scrap• Stealing infrastructure
At these prices it is hard to keep the honest people honest…
• Quickly converted to cash• Closely tied to drug usage (meth)• Enough cash for a quick fix• Extremely dangerous
– Thieves– Utility Personnel
Copper Theft
Identified Four Types of Theft
– Drug Motivated – Looking for enough $ for next fix• Copper ground wires removed• Smash and grab type incidents
– Commodity Theft – Larger, more daring thefts• Cable from Roxana breakers• Multiple reels of cable from substations or LOA
– Opportunity – Workers leaving copper unsecured• Thefts from new subdivisions, copper left near roadway• Clean-up substations, remove construction debris• Prevent or limit employee parking inside substations
– Internal – Theft of material by employees
Copper Theft
• 138kv breaker shorted (138,000 volts!!!)
• Explosion drove ceramic into steel!
• Direct Cost - $250k• Indirect - > $2m
Electric Substations
• NERC Critical Infrastructure Protection Standards (CIP)
• DHS Critical Infrastructure/Key Resources (Tier 2)
Electric Grid
• Risk is in the corn fields!– Transmission Substations– 100kv and above– Thousands in the U.S.– $2m-$3m/18 mos.
Electric Grid
$2m - $3m + 18 Months…!!!
No electricity x ? Weeks = CHAOS??Coordinated attack = 19th Century
What should we do?
• Best Defense is a good Offense• We must get into a proactive posture to prevent
incidents versus finding out on Monday morning.• Real-time remote monitoring• Exception-based – only deal with problems• Virtual perimeters/video analytics• Thermal imaging
What should we do?
• Comprehensive vulnerability and risk assessment• Determine where our key assets are• Determine level of risk they are under• Create a program to mitigate this risk• Address sites according to overall risk level as
capital funding becomes available
Security Risk Assessment
RISK = C x T x V• Consequence – How important is the facility to your
system? The nation’s infrastructure? Loss of life? Feed key facilities?
• Threat – How likely is it to be targeted? Look at theft, vandalism, & terrorism. Are there active threats?
• Vulnerability – If targeted, how easy is it to attack? Pre-operational surveillance? Protection measures? Detection?
Physical Security Measures
• Deter • Delay• Detect• Response
• Deny is fourth “D” designated for military/law enforcement situations
Physical Security Measures
• Deter – make them look somewhere else• Delay – slow them down long enough to…• Detect – sensors which detect intrusion attempts
and transmit to central monitoring• Response – systems and procedures that allow for
quick reporting of incidents, in real-time, to local law enforcement
Trying to make them go down the street…
• If they decide to hit us, we want them to have a bad day
The Definition of a BAD DAY!
Physical Security Measures
• Perimeter Protection– Fencing– Barricades
– Intrusion Detection – fiber, microwave, laser
Physical Security Measures
• Access Controls– Card Access– Gates
• Monitoring– Thermal imaging– Cameras– Video analytics– Virtual perimeters
Recommended Approach
• Categorized transmission substations into three groups:– Tier 1 – High Risk– Tier 2 – Medium Risk– Tier 3 – Medium to Low Risk
• Physical security measures designated for each risk level• Applied to substation based upon ranking in vulnerability & risk
assessment
Range of Options
• Dual perimeter• 12’ Steel Fence
– Concrete curb– Razor wire
• Intrusion Detection• PTZ verify
Range of Options
• Virtual Perimeter– FLIR imagers
• VideoIQ• FLIR dual head PTZ
Range of Options
• FLIR thermal cameras• VideoIQ encoders• Mounted on existing
structures• Focused on key components• Smaller sites, not 100%
coverage
All Monitored Remotely
• Exception-based– Only handle real issues
• Assess situation• Determine response
– Software allows you to respond to an incident the same way EVERY time
– Audit trail of EVERY action• Dispatch assistance/law enforcement
– Transition from reaction to ACTION!
Real-Time Impact
• Copper thieves entered our 24/7 service facility
• Immediately spotted by remote monitoring
• Police dispatched• Arrested in-the-act• Jail time!• Intruders were armed
Summary of Options
• Highest probability of prevention is to harden the exterior perimeter and do some monitoring
• Virtual perimeters provide very good detection, but do not prevent entry and damage.
• What level of security risk are we comfortable with?
Other Prevention Activities
• Replace stolen grounds with copper weld• Purchase new cable with unique identifiers• US Atty Office – Prosecute vigorously• FBI – Investigate upstream• DHS – Changed IN state statute• Communicate to customers – eyes & ears
– Consider rewards for successful prosecution
Other Prevention Activities
• Provide security at large job sites• Properly secure and track materials• Do not take large amounts of cable to site• Keep vehicles out of substations• Increase lighting at subs• Signage• New Construction – Build in security!
