Protecting North America’s power grid is a thankless job. Day in and day out, the good citizens of the United States and Canada wake up with the assumption that when they get out of bed each morning and flip on the lights, the room will illuminate, the coffee pot will come to life and their mobile phone will have been fully charged. After all, we live in a modern First World society, where we have come to depend on timely and efficient power at our fingertips. In reality, that reliable electricity that we all enjoy has many people working around the clock to ensure its reliability, resiliency and security. Today’s grid operators are inundated with natural and man-made threats. As utilities tackle the monster of the moment, which is the evolving cybersecurity threat, we must not take our eyes off the more primitive threat.  

Security threats to US grid

Electricity is perhaps the most vital of the critical infrastructures and key resources that support our society. The mission of the North American Electric Reliability Corporation (NERC) is to ensure the reliability of the North American bulk power system (BPS). While electric utility companies are responsible for administering the day-to-day operations of the electric grid, regulators such as NERC and the Federal Energy Regulatory Commission (FERC) are charged with the overall responsibility of ensuring reliability and security. NERC develops and enforces Reliability Standards, annually assesses seasonal and long?term reliability, monitors the bulk power system through system awareness, operates the Electricity Information Sharing and Analysis Center (E-ISAC) and educates, trains and certifies industry personnel. Normal everyday operations of the system are the responsibility of utility owners and operators.

Currently, the most significant reliability threat to the U.S. grid
is associated with squirrels and balloons, and not religiously inspired terrorists

During emergencies, NERC supports industry actions to respond, mitigate and restore the BPS to normal operation by facilitating effective information sharing and communication with and between NERC registered entities, government agencies and the media. This information is not focused on operational decision making; but instead provides utilities data, best practices and mitigation strategies to help recover from crisis. Obviously as a regulatory body, NERC must stay out of emergency response until the utility has best mitigated the threat or reliability issue.

Currently, the most significant reliability threat to the U.S. grid is associated with squirrels and balloons, and not religiously inspired terrorists. However – and more applicable to grid operators – we have recently seen noteworthy interest in disabling or destroying critical infrastructure. Coordinated attacks specifically targeting the grid are rare, but an attack by a disgruntled former employee, ideologically motivated activist, or a criminal stumbling across a “soft target”, could inflict significant damage. With an interconnected grid of over 450,000 miles of high voltage transmission lines (100 kV and higher) and over 55,000 substations (100 kV and larger), the targets of opportunity are endless.

Currently, the most significant reliability threat to the U.S. grid is associated with squirrels and balloons
An attack by a disgruntled former employee, ideologically motivated activist, or a criminal stumbling across a “soft target”, could inflict significant damage

Critical infrastructure protection

Critical infrastructure protection is a cyclical process incorporating prevention, detection, mitigation, response and recovery. The key to this protection is the identification of credible threats, which will assist energy companies in assessing risks and potential vulnerabilities (weaknesses) of their facilities. Once a threat has been thoroughly analysed, it is then possible to institute preventative measures to deter, detect and delay an attack. Of course, critical infrastructure protection planning must always include mitigation, response and recovery actions in the event an attacker is successful.

While the security of the grid is a shared responsibility between the government and the private sector, the primary responsibility rests with utility owners and operators. Utility security staff have a responsibility to ensure they are able to receive and act upon criminal intelligence and be prepared to identify risks and vulnerabilities associated with security threats. Any protection programme that is developed must be as efficient and cost-effective as possible, as budgets are limited and ratepayers are sensitive to wasteful spending. Effective security programmes rely on risk management principles and associated tools to establish priorities, allocate budget dollars and harden infrastructure sites. Physical security protection encompasses defensive mechanisms to prevent, deter and detect physical threats of various kinds. Specifically, these measures are undertaken to protect personnel, equipment and property against anticipated threats. Properly conceived and implemented security policies, programmes and technologies are essential to ensure a facility’s resistance to threats while meeting demand, reliability and performance objectives.

Unfortunately, many do not realise
the amount of reports, guidelines,
standards and assessments that
have been developed for use

Electricity industry physical security standards

Significant progress has been made in the electricity industry surrounding the issue of security. Unfortunately, many do not realise the amount of reports, guidelines, standards and assessments that have been developed for use. The industry has gone through multiple iterations of mandatory Critical Infrastructure Protection (CIP) Standards that focus on security protections. The CIP Standards, while not perfect, may be an example for other sectors to immolate. These standards are a minimum baseline for compliance and utilities should not assume that because they have a good compliance programme they are somehow immune from attack. In addition, many electric utilities undergo a sector-wide Grid Security Exercise (GridEx) every two years to hone their skills and provide updates to their security practices and policies. This is in addition to annual exercises mandated by the cyber standards. It is fair to say that the industry has been very responsive to the evolving security threat and the mandatory requirements found within CIP compliance.

As a result of the 2013 California substation attack that destroyed $15 million dollars in infrastructure, industry now has a physical security standard. This standard was created to protect the most critical transmission substations and control centres in North America. While protections vary, many utilities have upgraded their security measures to include concrete or non-scalable perimeters, robust access control, cameras, lighting and armed guards. It is highly likely that we will one day see similar standards put in place to better protect non-nuclear generation facilities, but only time will tell.

Physical security protection encompasses defensive mechanisms to prevent, deter and detect physical threats
Many utilities have upgraded security measures to include concrete perimeters, robust access control, cameras, lighting and armed guards

The piece that the industry continues to struggle with is information sharing and the ability to quickly obtain actionable threat intelligence; an issue which has been combatted head-on through the sharing of security information amongst utility partners. Large utilities with the manpower and resources to address this initiative are changing the security model from reactive to proactive. If you understand your adversary’s tactics, intent, and capabilities, you can develop strategies to combat their attacks and better plan for future threats. Better, more proactive security, can be achieved through information sharing agreements and partnerships with other utilities, regulatory agencies and intelligence partners. Many utilities do not have the dedicated resources to dissect and aggregate this data and are thus unable to react appropriately, or wind up drawing inaccurate conclusions. As a result, the electricity sector is demanding more access to actionable intelligence and threat streams. With this added intelligence, utilities can better pinpoint threats to specific systems and focus efforts on system recovery and restoration. This will undoubtedly drive better, more informed responses to security incidents.

The FBI, DHS and the DOE have made considerable strides in improving information sharing,
and giving classified access to intelligence products

Improving information sharing

Over the past few years, the FBI, DHS and the DOE have made considerable strides in improving information sharing and giving classified access to intelligence products such as bulletins, alerts and secret level briefings. These products have been used to mitigate threats, reduce risk and update internal security policies. Additionally, this data flow has enhanced communications between security teams, management and board members by providing authoritative threat warnings. This ultimately drives better investment strategies by more directly connecting security priorities with business risk management priorities. Unfortunately, utilities still see risks in sharing information with federal partners. Recently, the Washington Post released an article with a salacious headline falsely suggesting that the grid was hacked via Russian malware. Even after correcting the story, the question remains: who leaked the information to the Washington Post? Utilities all over the country were witnessing an information sharing failure.

We must assume that at some point in the future a North American utility will suffer from a planned and coordinated attack against electrical infrastructure. Have we looked at credible threats closely enough and did we prepare our people to respond, recover and communicate? As an industry, we will be judged and hard questions will be asked about how seriously we considered the threats and what we did to mitigate future attacks. Success will be determined by how quickly we are able to respond and the swiftness of system recovery. There is no doubt that security is an “all hands” approach by everyone involved.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

In case you missed it

What are the physical security challenges of smart cities?
What are the physical security challenges of smart cities?

The emergence of smart cities provides real-world evidence of the vast capabilities of the Internet of Things (IoT). Urban areas today can deploy a variety of IoT sensors to collect data that is then analysed to provide insights to drive better decision-making and ultimately to make modern cities more livable. Safety and security are an important aspect of smart cities, and the capabilities that drive smarter cities also enable technologies that make them safer. We asked this week’s Expert Panel Roundtable: what are the physical security challenges of smart cities?

Access control systems: Ethernet vs proprietary bus network cabling
Access control systems: Ethernet vs proprietary bus network cabling

When designing a security system for a site, the question of how it should be interconnected is often one of the first you need to answer. Should you choose a system that has its own proprietary bus network, which might require twisted pair cabling, or perhaps one based on an ethernet backbone? Both types of network have their advantages and disadvantages as discussed below. Ethernet connectivity Some security systems are based on a number of modules, and each module is connected to its own ethernet connection. One big advantage of a system like this is that, in many cases, it can be much more convenient, allowing the installer to utilise existing network cabling and other infrastructure, rather than needing to install new cabling. On the other hand, if a security system relies entirely on networking infrastructure controlled by others, typically the IT department, then the stability and reliability of the security system is dependent on that network being available when your system needs it. The stability and reliability of the security system is dependent on that network being available Another potential disadvantage is that certain areas of the premises may not be equipped with a nearby network outlet, and if the network in question is not managed by you, it might be necessary to request the IT department add an outlet for you to use. Proprietary bus connectivity A system with its own proprietary bus network can also have advantages. Perhaps the first and most important difference is that, because the network cabling is installed specifically for the security system, the designer has the luxury of being able to decide exactly where the wiring should be placed and terminated. Another advantage is that the cabling would only be used by the security system, so the installation company can be sure the network will always be available, and there would be very little chance part of it could be accidentally unplugged. Another potential advantage is that some systems are able to run bus cabling of distances well over 1,000 metres, whereas individual ethernet connections are typically limited to 100 metres or less. Another consideration, which applies particularly to intruder and holdup alarm systems, is that communications between elements of the security system should not be prevented by other factors, such as a power failure. Obviously, if a part of such a network is formed by ethernet infrastructure, such as network switches and/or media converters, then that infrastructure needs to be battery backed, and the power supply must be monitored. In some cases, the equipment must be able to withstand a power failure of 24 or even 60 hours. Such long standby times are unusual in IT infrastructure, but are quite common in the case of security systems. The equipment must be able to withstand a power failure of 24 or even 60 hours How this all fits together When selecting a system, it is usually most helpful to have a flexible system that can support a number of different deployment options. This is especially true if the system in question can support a combination of different interconnection types. For example, a single system that can contain a variety of interconnections can then be deployed in a very wide variety of systems where existing infrastructure may be used to aid in the design and deployment: Fibre connections – Many modern sites are pre-cabled with existing fibre connections which can be used to form a dedicated interconnection between system components which can be of the order of kilometres apart. Ethernet connectivity – With the increasing ubiquity of networking within premises, some elements of a security system can be deployed using the existing infrastructure. Repeater - For very large or densely packed systems, a device that can be used as a form of “repeater” can be extremely useful to permit very long interconnect cabling distances. Systems can be formed by utilising a fusion of all of the above connectivity methods Some security systems can be set up to enable multiple discrete access control modules to be deployed, connected to an existing ethernet network, and treated as a single ‘system’ by the management software, while retaining full offline functionality in the event the network becomes unavailable. Further, some systems can be formed by utilising a fusion of all of the above connectivity methods. In practice, of course some applications would suit a deployment that relied solely on ethernet connectivity. Some other applications, especially systems or parts of systems that are part of an intruder and/or holdup alarm system, would better suit a deployment using a dedicated proprietary bus network, and other systems would suit a combination of these communications options. Selecting a system that can be deployed in a variety of ways can be enormously helpful in providing the flexibility projects might demand.

Functionality beyond security: The advent of open platform cameras
Functionality beyond security: The advent of open platform cameras

The coronavirus (COVID-19) pandemic marks the biggest global disruption since World War II. While the ‘new normal’ after the crisis is still taking shape, consumers are apprehensive about the future. According to a recent survey, 60% of shoppers are afraid of going grocery shopping, with 73% making fewer trips to physical stores. Returning to the workplace is also causing unease, as 66% of employees report feeling uncomfortable about returning to work after COVID-19.  Businesses and employers are doing their best to alleviate these fears and create safe environments in and around their buildings. This also comes at tremendous costs for new safety measures and technologies – including updates to sanitation protocols and interior architecture – that protect against COVID-19. Costs in the billions that most businesses will face alone, without support from insurance and amidst larger macroeconomic challenges. Saving costs and increasing security But what if building operators, retail shop owners, and other stakeholders could save costs by leveraging new functionality from their existing security infrastructure? More specifically, expanding the use of current-generation security cameras – equipped with AI-driven image analysis capabilities – beyond the realm of security and into meeting new health regulations. This is exactly where video analytics algorithms come into play. And in the next step, a new evolutionary approach towards open security camera platforms promises new opportunities. Security cameras have evolved from mere image capturing devices into complex data sensors Over the past decade, security cameras have evolved from mere image capturing devices into complex data sensors. They provide valuable data that can be analysed and used in beneficial ways that are becoming the norm. Since 2016, Bosch has offered built-in Video Analytics as standard on all its IP cameras. On one hand, this enables automated detection of security threats more reliably than human operators. And on the other hand, video analytics collect rich metadata to help businesses improve safety, increase efficiency, reduce costs, and create new value beyond security. Expanding camera functionality beyond security Today, we have ‘smart’ security cameras with built-in video analytics to automatically warn operators of intruders, suspicious objects and dangerous behaviors. The rich metadata from several cameras on the same network can also be consolidated by making use of an intelligent software solution. It offers so-called pre-defined widgets to provide business intelligence by measuring area fill levels, counting building occupancy and detecting the formation of crowds. In combination with live video stream data, these insights enable heightened situational awareness to security operators. What’s more, operators are free to set their own parameters – like maximum number of occupants in a space and ‘off limit’ areas – to suit their needs. These user-centric widgets also come in handy in dealing with the coronavirus pandemic. Specific widgets can trigger an alarm, public announcement or trigger a 'traffic light' when the maximum number of people in a space is exceeded. Building operators can also use available intelligence such as foot traffic ‘heat maps’ to identify problem areas that tend to become congested and place hand sanitiser stations at heavily frequented hotspots. At the same time, the option to perform remote maintenance on these systems limits the exposure of technicians in the field during the pandemic. Again, the underlying camera hardware and software already exist. Cameras will be able to ‘learn’ future functionality to curb the spread of the coronavirus Looking ahead, cameras with video analytic and neural network-based analytic capabilities will be able to ‘learn’ future functionality to curb the spread of the coronavirus. For instance, cameras could monitor distances between individuals and trigger voice announcements when social distancing guidelines are violated. Facial recognition software can be trained to monitor personal protective equipment (PPE) compliance and sound alerts for persons entering buildings without masks. The technical requirements are already in place. The task at hand is to deliver these new functionalities to cameras at scale, which is where open camera platforms hold the key. Why open camera operating systems? When it comes to innovating future camera applications that extend beyond security, no hardware manufacturer should go at it alone. Instead, an open platform approach provides the environment for third-party developers to innovate and market new functions. In essence, an open platform principle allows customers and users to change the behavior of devices by adding software afterwards. This software can either be found in an app store or can be self-developed. For a precedent, we can look at the mobile phone industry. This is where software ecosystems like Android and Apple’s iOS have become the norm. They have also become major marketplaces, with the Apple App Store generating $519 billion in billings on 2019, as users use their phones for far more than just making phone calls. In the same way, intelligent cameras will be used far beyond classic video applications in the future. To get there, adopting an open platform principle is essential for a genuine transformation on an industry level. But establishing an open platform principle in the fragmented video security industry demands a cooperative approach. In 2018 Bosch started a fully owned start-up company, Security & Safety Things, and became one of five founding members of OSSA (Open Security & Safety Alliance). With more than 40 members, the Alliance has collectively created the first Technology Stack for “open” video security devices. This includes the OSSA Application Interface Specification and Compliant Device Definition Specification. An open camera platform for innovating future functionality  Based on OSSA’s common APIs, collective approach on data security and core system requirements for video security cameras, the first camera manufacturers were able to build video security cameras that adopt an open platform principle. Further fueling innovation, OSSA focused on driving the creation of one centralised marketplace to unite demand and supply in the market. Camera devices that are built in accordance with OSSA’s Technology Stack, so-called “Driven by OSSA” devices, can benefit from this marketplace which consists of three pillars: a development environment, an application store, and a device management portal. Security & Safety Things has advanced OSSA’s open camera platform concept, built this marketplace for the security and safety industry and has developed the open OS that powers the first “Driven by OSSA” devices. Making it quick and simple to customise security solutions by installing and executing multiple apps This year, Bosch, as one of the first camera manufacturers, introduces the new INTEOX generation of open platform cameras. To innovate a future beyond security functionality, INTEOX combines built-in Intelligent Video Analytics from Bosch, an open Operating System (OS), and the ability to securely add software apps as needed. Thanks to the fully open principle, system integrators are free to add apps available in the application store, making it quick and simple to customise security solutions by installing and executing multiple apps on the INTEOX platform. In turn, app developers can now focus on leveraging the intelligence and valuable data collected by analytics-equipped cameras for their own software developments to introduce new exciting possibilities of applying cameras. These possibilities are needed as smart buildings and IoT-connected technology platforms continue to evolve. And they will provide new answers to dealing with COVID-19. The aforementioned detection of face masks and PPE via facial detection algorithms is just one of manifold scenarios in which new apps could provide valuable functionality. Contact tracing is another field where a combination of access control and video analytics with rich metadata can make all the difference. Overall, open camera platforms open a future where new, complex functionality that can save lives, ensure business continuity and open new business opportunities will arrive via something as simple as a software update. And this is just the beginning.