live webinar: best practices in substation security ...es-isac portal •goals for the es-isac...

Live Webinar:

Best Practices in Substation

Security

November 17, 2014

1

Agenda & Panelists

Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCPEnterprise Security Manager-CSOTri-State Generation & Transmission Assoc.

NERC Reliability Standards, Metcalf - Brian M. Harrell, CPPDirector, ES-ISAC OperationsElectricity Sector Information Sharing and Analysis CenterNorth American Electric Reliability Corporation

Protecting Our Key Electrical Assets - David Batz, CISSPDirector, Cyber & Infrastructure Security at the Edison Electric Institute (EEI)

Substation Physical & Electronic Security - Hamid Sharifnia, P.E.Sr. Substation Technical AdvisorChair, IEEE Physical Security Standards Working Group

2ShotSpotter

Physical Security Update

Brian M. Harrell, CPP

Director, NERC ES-ISAC

November 2014

Over 55,000

Substations

over 100 Kv in

size!

Securing a Remote or Urban Asset!

The Real Challenge…

Metcalf

• 10 of 11 - 500/230kV units damaged

• 3 of 4 - 230/115 kV units damaged

• 6 x 115kV Circuit Breakers received gunshot

damage

Metcalf

Physical Security Standard

CIP-014

• Purpose:

– To identify and protect transmission stations and

transmission substations, their associated primary

control centers, that if rendered inoperable or

damaged as a result of physical attack could result in

widespread instability, uncontrolled separation, or

cascading within an interconnection.

• Applicability:

– Transmission Owners (TO)

– Transmission Operators (TOP)

Physical Security Standard

CIP-014

• FERC Directive to NERC on March 7th

• SDT quickly assembled

• Physical security plan to secure the most critical sub-stations

and primary Control Centers

• Approved by industry on 5/5

• Submitted to FERC on 5/23

• FERC NOPR on 7/17

Information Sharing

ES-ISAC

The Electric Sector Information Sharing and Analysis Center (ES-ISAC) provides a trusted capability for:• Sharing sector specific information

• Collecting, analyzing, and disseminating Alerts and incident reports

• Working with government agencies to ensure sector technical details are accurately understood

• Coordinating with other ISACs and International groups

• Providing for mutual information sharing during disruptions

ES-ISAC Portal

• Goals for the ES-ISAC Portal Extend the functionality and use of the portal

Utilize Microsoft technology and maintain alignment with existing and future information technology (IT) in-house initiatives

Act as the clearinghouse for Registered Entities to securely find, share, and collaborate on critical infrastructure and security related information

Portal will undergo aggressive schedule following several iterations of Design Build Test Promote cycles (see next slide for graphic)

The portal will create the vertical communications that were regarded as lacking

during the GridEx.

Objectives:Portal 1.0 go-live – This will put the portal out of pilot mode and into full production open to all registered entities

HYDRA – This will create a collaborative zone strictly for registered entity HYDRA members

Task Force Collaboration Zones – This will create a collaborative zone strictly for registered entity task forces

Portal 1.5 – This will have a formal feature addition list for the main site as well as HYDRA and Task Forces

Condition Reporting – This will serve as a hub to report one event by the registered entity to various groups such as

CID, SA, EA

Portal 2.0 – Feature and polish incremental release (TBD during design phase)

ES-ISAC Outreach Activities

• GridEx III- November 18-19, 2015

• DHS Energy Sector Road Show Briefings

• Critical Infrastructure Protection Committee (CIPC) Meetings

• One-on-One Outreach Visits

• NERC Grid Security Conference (GridSecCon)

• Cyber Risk Preparedness Assessments (CRPA)

• DOE/DHS/NERC Physical Security Maturity Model

• Increased Physical Security Presence on the ES-ISAC Portal

• Classified Briefs

– Next Classified brief (Secret) is Dec. 9th in Atlanta

Critical Infrastructure Protection:

Protecting Our Key Electrical Assets

David Batz

Director – Cyber and Infrastructure Security

Edison Electric

Institute

1933

70%

Spare Transformer Equipment Program -2006

SpareConnect - 2014

SpareConnect offers an

online tool to communicate

a utility’s bulk power system

equipment needs and

provides point of contact

information for people and

equipment across the North

American electric utility

industry for specific

equipment categories and

classes.

Timeline

IEEE PES Substations Committee

Substation Physical and Electronic Security

Hamid Sharifnia, P.E.

November 17th, 2014

1. Despite the Metcalf attack, most U.S. substations remain

vulnerable.

2. Best practices for a comprehensive security program for

substations.

3. Components of a complete physical security plan for electric

power substations.

4. Physical protection to mitigate the risks for unmanned, rural

substations.

5. Requirements for different levels of physical security for

electric power substations.

6. Best practices for alerting first responders and how do staff

security teams interact with them?

• Overview. P1402 This standard establishes minimum

requirements and practices for the physical security of electric

power substations.

• Threat assessment; Social, political & economic background of the threat,

company downsizing.

• Intrusions;

- Type of Intrusions, pedestrian, vehicular, projectile, electronic;

- Parameters, events that influence intrusions

IEEE PROJECT P1402 Standard for Physical Security of Electric Power Substations (Read entire Standard at http://www.scribd.com/doc/97207183/IEEE-Std-1402)

Substation Security Plan

• Objective

States primary concerns, such as vandalism and theft in existing

stations, or theft and injury during substation construction.

• Responsibility, Who?

• Basic Requirements

Minimum level includes fences with locked gates, control buildings w

locked doors,

• Additional measures

Motion detectors, perimeter/area detection systems, security cameras,

jersey barriers, posted guards

• Sample assessment

Criteria for Substation Security

A. Security Methods

Barriers; fence, walls, locks;

Electronic; motion sensing, video surveillance, building system,

computer security, passwords, dial back verification, selective access,

virus scans, encrypting and coding;

Other Methods; lighting, landscaping, building, patrols,

B. Communications

Internal; all employees know their security responsibilities.

External; neighbors, community

C. Effectiveness of Security Methods

• Security Measure: Fence, Wall, Barriers, Passive Anti-arm Barriers,

Active Entry Point.

• Mitigation: Electronic Access Control, Barcode, Magnetic Stripe,

Biometric Readers, Perimeter intrusion detections systems, Video

Monitoring System, Gunshot Detection, Security Lighting, Power &

Communication.

• Optimum Security Option: Computing equipment shall be placed in a

physically controlled environment with access limited to personnel who

are responsible for administering the equipment. The room shall have

proper environmental controls.

• Risk: An initial survey of substations and overall systems should be

conducted to identify persons or groups who threaten substations and to

identify the risks such as theft, vandalism, or terrorism.

Possible Threat Vectors

• Unauthorized forced entry

• Insider threat

• Small arms ballistic attack (gunfire)

• Improvised explosive device

Effectiveness of security methods—

rural substationsSurvey cited in1402 standard

Best Practices: Working w First Responders

• Have a plan.

• Establish relationships with federal & local law

enforcement officials, review your plan with them.

• Designate a point person - both at your facility and in

local law enforcement.

• Keep abreast of threats and attacks.

• Consider hosting training events with federal & local law

enforcement officials at your facility to help strengthen

relationships, improve information sharing and help build

more accurate risk assessments.

Webinar:

Best Practices in Substation Security

Q & A –How Can We Help?

info@shotspotter.com

awick@tristategt.org

dbatz@eei.org

brian.harrell@nerc.net

Hamids@ieee.org

Makers of ShotSpotter SiteSecure

Gunshot Detection Solutions for UtilitiesFor more info, see www.ShotSpotter.com/

27