What is the difference between traditional perimeter protection and converged security solutions for perimeter defences in critical infrastructure?
Like most industry sectors, critical infrastructure faces multiple threats to their physical and cyber security. Critical infrastructure covers many different aspects; however, the utilities sector is perhaps one of the most targeted by terrorists, activists and cyber criminals.
The new converged landscape that we live in results in security solutions becoming vulnerable to cyber threats, even physical security. Convergence is a huge theme in the industry currently and will be prevalent at IFSEC International this year. So, what does convergence mean for utilities and what are the typical physical and cyber security solutions implemented? This feature will first take a look at a traditional perimeter fence installation and discuss how this differs from a converged perimeter solution.
While threats from cyber attackers are on the rise, public power utilities also face threats to their physical infrastructure—the poles, wires, substations, transformers, and generating facilities comprising these utilities’ means of delivering electricity to their customers. The majority of physical-security threats to electric infrastructure, such as copper theft, have been known for years. However, more sophisticated threats have emerged since the attack on a California substation in April 2013. While customers did not lose power as a result of the attack due to the redundancy built into the system, it was a reminder to law enforcement and electric utilities about the importance of working together to protect critical utility assets.
Electric utilities, including public power utilities, take physical and cyber threats seriously and employ risk management programs to prioritise facilities and equipment, develop contingency plans, and employ defensive in-depth techniques to “keep the lights on.” Background Public power utilities intimately understand the importance of physical security and have longstanding programs and protocols designed to protect their utility systems.
As the nature of physical threats has changed over the years, public power utilities have planned, prepared and responded accordingly. Today, due to security breaches, such as vandalism and terrorist attacks that can cause damage to this infrastructure, utilities must develop the best available mitigation practices to address such attacks.
Physical infrastructure security can range from a substation with cameras, locks, and fences to engineering new facilities utilising design bases threat methodology. Previously, a few high-profile incidents of physical security failure have drawn increased scrutiny from several areas. One incident that received press attention was a shooting incident at a transformer at an Arkansas utility. Another high-profile incident took place at the Metcalf substation on Pacific Gas and Electric’s (PG&E) system in California where at least one person fired over 150 rounds of ammunition and cut two critical telecommunications cables to the substation.
These and several other press reports on attacks on utility infrastructure have caused some Members of Congress in the US to react by introducing or exploring legislation related to utility security. Congressional and Regulatory Action The nation’s electric distribution systems have always been, and are today, regulated by state and local governments. This is a deliberate separation of power given the retail nature of distribution systems, and the vast differences in the configuration, size, and ownership of the 3,000 distribution utilities in the US Given this situation, each individual utility’s role in the security of its distribution facilities is paramount.
In recent years, attacks on utilities, primarily in power and water, have grown rapidly, and it is not just the physical side of security that is being targeted but also the cyber. As physical security expands in technological advancement, incorporating access control, biometrics, facial recognition, AI and more, physical security manufacturers must be prepared to make sure that their cyber defences are just as strong to counteract attacks. So, what are the typical physical defences?
To read the rest of this article and latest news please see our May issue here.