In an era when everyone seems to be concerned about cyberattacks, electric utilities must ensure they guard against physical attacks to substations and infrastructure that could affect service to customers and cost millions of dollars to repair.
That was the focus of a national security conference Alabama Power hosted in Calera April 3.
The event allowed companies to share their best practices and the latest in technology when it comes to defending the critical infrastructure that provides power to homes, businesses and institutions.
“When you think about just having a listening opportunity to hear from other utilities around the country: What do they do? How are they deploying technology? What are their solutions that we need to be able to deploy at Alabama Power and Southern Company and make us better as we go forward?” asked Scott Moore, senior vice president of Power Delivery for Alabama Power. “It’s important that we do that and identify those gaps that we have so that we can get better and make sure that our infrastructure is as safe as can be for the public and for our employees who have to work on this day in and day out.”
Bill Lawrence, director of the Electricity Information Sharing and Analysis Center (E-ISAC) in Washington, D.C., said talk among electricity providers is the best way to communicate best practices.
“This physical security roundtable, the first one that Alabama Power has put together, is fantastic because it brings people from across the continent and they can share best practices as well as some scary stories that they’ve experienced, as well as their security solutions that let them sleep a little bit better at night to protect their assets,” Lawrence said.
The E-ISAC conducts a grid security exercise every two years in which electricity providers deal with both cyber and physical threats.
“The threat that we’re really concerned about is coordinated cyber and physical attack,” Lawrence said. “Even if it doesn’t rise to that level of complexity, the physical security vector to impact assets is probably the simplest way an adversary can take things out.”
A sophisticated physical attack occurred against Pacific Gas & Electric’s Metcalf Transmission Substation in Coyote, California, in 2013. Snipers shot 17 transformers and caused $15 million in damage to the substation.
David Carroll, senior manager with PG&E, shared lessons learned from Metcalf and some of the physical security measures his company has taken.
“It brought that awareness than even though it happened in California, it could happen anywhere – not only in the United States but anywhere in the world,” Carroll said.
Alabama Power’s Moore said that’s a reality not lost on other companies.
“The physical component is one of the easiest things to attack and you just never know,” he said. “We’ve had major events through the history of time, and what we need to work hard on is making sure that we eliminate that opportunity in a lot of different places.”
Electricity providers are using sophisticated radars, infrared cameras, fences, barriers and even armed guards.
While there is not a one-size-fits-all safeguard for every company or every location, having the discussion is useful.
“It’s great to see the expertise that’s here in the room and people sharing the information because there are so many good stories out there,” Lawrence said. “We need to connect everybody together so we’re all really part of one big security team for the grid in North America.”