In our first Technical Bulletin, we defined the assets into a real property matrix, a physical security asset matrix, and an electronic security asset matrix. And while the identification of threats would result in the creation of a threat matrix, the most important elements reflected in Federal Energy Regulatory Commission (FERC) 18 CFR, Part 40, are that the bulk power distributors and transmission operators provide: (1) objective analysis, (2) technical expertise, and (3) experienced judgment when identifying threats and vulnerabilities; evaluating likely counter-measures possessing good value and features to be employed during modes of threat.
The vulnerabilities to assets are significant and may be listed in matrix format. But following the FERC guidelines and evaluating carefully, we need to successively pare down to “likely” scenarios to address possible threats and potential vulnerabilities, remembering that testing of the installed systems and matching systems with possible intrusion validates selection.
Past experience dictates a wide ranging set of criteria for testing systems employed in both nuclear and airport security. Here are two applicable examples. As it turns out, the use of spheres is common in volumetric protection. In nuclear facility protection, a sphere is used to predict detection of a head within the secure zone while a small ball is rolled into the sterile zone of an airport exit portal to detect weapons passage. It is actually difficult to pass these pie tests matching terrain, environment, human interaction, and deployment with system intercepts.
While nuclear plants now have active defensive positions to deter assault, bulk power transmission owners and distributors have no such threat counter‑measures available, nor warranted.
That is the operative word warranted. It applies to using objective analysis and experienced judgment in combination with technical expertise. Refer to FERC 18 CFR, Part 40, in the link in this Technical Bulletin.
So, what drove nuclear counter-measures over the last 10 years, and how can we apply these lessons learned? For many years, most plants had older legacy security systems. Many were so old and out-of-step that alarm validity was very low. We witnessed one plant that had 30,000 alarms per month. This was for all purposes an act by security personnel that presented the thin veil of preparedness. Unfortunately, this lapse of security was all too common.
So, when a troupe of priests and a nun trespassed into a nuclear target at Oak Ridge Y12 National Security Complex for protesting, the nation was stunned to learn of the ease of perimeter and interior enclosure penetration. In fact, the 85-year-old nun has two more years to serve in Federal custody for trespass and related federal offenses. She could have received six and a half years, displaying no remorse two more years than given.
Clearly, embarrassment followed. This was a PR nightmare. Hence, the regulation to increase detectability inside the perimeter, assuming clear trespass into protected space could be detected sooner than the two hours it took to apprehend the pacifist intruders in Tennessee. But, it was deemed a wake‑up call due to insufficiencies of contract guard services and, quite literally, a visual nightmare with the lamb’s blood they used to write on the walls.
But, it is short‑sighted to assume this protest event or the secretive and inconclusive nuclear generating station breach in South Africa alone spurred improvements to security. It prompted utilities to look at vulnerabilities more closely. Critical nuclear waste was now being stored in pools and thousands of containers, becoming possible terrorist targets. Both the assets and vulnerabilities morphed in the span of 10 years while investment in legacy security system technology was lagging due to nuclear regulatory authority approval and potential costs of improvement.
What then morphed the security profile of transmission facilities to a level of possible inadequacy? Without question, three over‑arching conditions morphed the assets and vulnerabilities of bulk power transmission operators:
- Increased copper value on the black and grey markets
- High-powered assault weapons access
- IEDs with instructions on the Internet
Our first step is to objectively identify threats and vulnerabilities. Vulnerability to copper theft is now a national concern. The threat to active transmission assets, stored product, and even copper grounding, is prevalent. Asset counter‑measures using high fences with detection systems are among the easiest from both an accessibility standpoint and a common technology standpoint. But, simple can be expensive or not; effective or not. Let’s look at the Metcalf Substation attack.
What was not simple was the complexity and preparation that went into this planned attack. Keep in mind not one video image exists of any individual or vehicle, nor were any fingerprints found on shell casings. With this level of preparation, anti‑terrorism task force evaluation resulted in a strong opinion that this was a “trial-run.”
Attacking an Asset
Most people are not aware of the physical assets, detailed photos, and documentation available for criminal intent on the Internet, especially using Google Earth. And while some substations are purposely digitally morphed, many show details that make targeting far too easy. So to counter this threat, do we take into consideration social nuances of this specific situation? Perhaps it provides background in our choosing ballistic fence protection over building walled structures, or simply hardening with locally applied anti‑ballistic protection (Kevlar or equal).
It takes experienced judgment to evaluate the benefits versus disadvantages of a costly integrated anti‑ballistic fence that “integrates” wiring for a property that may be on a mountain and rated as minimal likelihood of threat.
Let’s assume simply is the adverb of choice by the perpetrators and the target is stored copper cable and transformers in a fenced substation yard. These individuals want a simple solution to obtain the asset. What could be the possible solution? The perpetrators have little money, have a vehicle, in this case a pickup truck, and a few basic tools that were stolen or “obtained by borrowing.” The answer is obvious.
Drive a large pickup truck right through the fence, pick up product, and leave the same way out. So, the question becomes, “Should we address this threat with absolutes?” Do you install the absolute costliest fence and detection system, costing over a quarter-million dollars? Perhaps, but in this gutsy move by a “pickup intruder,” a single inexpensive, high tensile strength wound wire inertial assembly with buried piers would destroy, or at least stop the vehicle, protect the facility at less than one-third the cost, and can be installed in one‑quarter the time with less real estate.
Now, let’s evaluate what happened at Metcalf Substation, less than 10 miles from San Jose, California, a sprawling city of diverse ethnicity and higher‑than‑average crime. Do we extrapolate social threats with criminal intent? Criminal intent with terrorist threats? It’s possible another simpler plan was devised, out of spite or retaliation.
The San Jose area has a higher-than-average cost of living, easy availability of high-powered weapons in California, the perfect blend of remoteness and accessibility to the Metcalf Substation, and detailed Google 3D photos on the Internet. By hitting them in the pocketbook by taking out as many transformers as possible may be one theme for the perpetrators in California’s 2013 incident.
Remembering California’s background specifically places social aspects into our vulnerability equation. It was the State of Enron. Power outages planned by Enron’s owners and operators created a public awareness of mismanagement and ill‑gotten gains, along with thousands who lost pensions, jobs, and careers. Today, we’ve got to keep in perspective the number of military training facilities in Southern California and the advanced military tactics that are embedded in both the lexicon and preparation drilled into active and former enlisted service personnel. Opinions will keep surfacing until a break in the case, while the uncertainty can still exist that multiple domestic terrorist organizations were the perpetrators.
This social analysis is not the statistical basis of threat analysis tools available to the security profession. Big data has melded crime, accident, insurance, theft, vandalism, fire, and numerous other data including weapons offenses into a user manipulated resource to establish a baseline for geographic vulnerability based on social history and reliable data.
A Lack of Communication
Let’s drill down a little farther, delving deeper into the Metcalf Substation incident and the series of missteps that took place in order for the destruction and cascading of power interruption to take place. First, police could not enter to investigate. There was no communication supervision and no backup. A simple backup such as cellphone or microwave backhaul could have alerted a monitoring center before the hour it took for load alarms to be addressed and alert a utility crew, which took two hours to arrive at the site after the initial assault.
This is our first clue in identifying threats and vulnerabilities. The offset may be right in front of our eyes. Just as the third party reviewer for CIP-014-1 was created to provide a private public partnership private being the consultant, public being the utility a private public partnership can coexist with local law enforcement, being able to significantly reduce response time.
Simple gunshot detection, fence vibration detection, and other moderate hardening could preempt destruction if given law enforcement response time of less than 10 minutes, and in many urban cases, it is less than four minutes. This would direct the ability to incorporate Anti-Terrorism Task Force (ATTF) cooperation through local law enforcement with utility‑provided advanced training and understanding of the assets. This relies on the fundamental foundation that security systems don’t stop violent perpetrators. They may deter, they may delay, they may detect, and they certainly can record events and provide forensic evidence, but it takes active skilled enforcement to stop an active event.
Concerning ballistics, hardening with a tall virtually impenetrable wall can help; but also Kevlar or ordinary armor protection may work well. In most cases, an armor or even sand/dirt composition shock‑absorbent panel can be fitted relatively inexpensively, and without inducing additional heat for minimum practical dollars.
Technology and Practicality Both End in “y”
Many asset security professionals as owners’ representatives, when shown the latest technical gadgets, will jump at the chance of employing new products like long-range heat identifying cameras, radar imagery, multi-scope cameras with additional high target magnification, and ultra-stabilized digital signal processing to increase heat wave visibility in high temperature environments with natural earth radiation. And, as impressive as analytics can be with thousands of dollars invested for creating possible “learning libraries,” practicality speaks louder than words or new gadgets! How will all these gadgets be tested? Who, when, and how often? How will you know if they stop working? The testing component is as important as the vulnerability and the applied technology. If a technology is little used, it will most often not be useful in an event unless rigorously tested every day.
Experienced judgment is where the rubber meets the road. A well-established third party physical security consulting firm of over one dozen security professionals will have seen more perimeter security and asset protection projects in a year than an owner’s security professional will see in a lifetime. The sheer volume of differences in manufacturers, applications, and important subjects such as licensing, site franchising, and federation fees can be both disturbing (if unaccounted for) and significant to the transmission operator’s pocketbook. The third party consultant should at once be able to address capital costs, operational costs, software service agreements, and licensing fees for a total system analysis.
The next Technical Bulletin, Analyze Benefits/Features, melds the foundation of threats and vulnerabilities with the application of objective analysis of the threat and asset vulnerability, use of experienced judgment in front line determination of cost versus success, and efficacy of monitoring capability versus ability to actually monitor. Finally, we dive deep into the technical expertise needed to provide the longest life cycle cost for the proposed solutions including capital expenditure, operational costs, maintenance costs, and licensing costs.
This CIP START Technical Bulletin was issued by Professional Systems Engineering, LLC and prepared by Jerry ‘Dutch’ Forstater, PE. Mr. Forstater is a Professional Electrical, Electronics, and Communications Engineer licensed in 12 states. The firm has provided independent consulting and security strategy, design, specification, and construction expertise for almost 30 years. He is a graduate of the ASIS International Security Management Program through University of Pennsylvania’s Wharton School of Business; he is a graduate of Worcester Polytechnic Institute, and has been providing significant corporate, utility, industrial, commercial, and related security and public safety programs since 1986. He is co-chair of ASIS International Philadelphia/Delaware Valley Chapter and Board Member of the International Association of Professional Security Consultants. PSE has provided significant physical security, electronic security, security lighting, and public safety 9-1-1/agency monitoring for law enforcement and corporate clients/agencies throughout the United States on installations that are critical to Homeland Security, infrastructure protection, and the public at large.