Protecting ‘diamonds’: Collaboration, communication key to defending grid
by Lisa Meiman
On March 13 and 14, Western hosted a security symposium with customers, neighboring utilities and other state and federal agencies to discuss resources available to utilities in the areas of physical and cyber security and also how best to share information among the industry.
“Western suggested hosting a security-focused event in fall 2013 as it was clear that threats to the grid would be one of the greatest challenges facing the industry in the next few years,” said Administrator Mark Gabriel. “Safety, security and reliability are critical concerns at Western, and we are making significant investments in time and effort to protect our people and our assets. We also want to help others operate and maintain a reliable and safe electric grid by hosting meetings like this to discuss issues and best practices.”
The purpose of the meeting was three-fold:
Emphasize partnership, collaboration and information sharing among industry as the key ways to better identify trends and best practices in prevention and response to cyber and physical attacks.
Inform utilities of the federal and state programs available to them.
Learn about planning and preparedness before, during and after an incident.
“This meeting is really about beginning discussions between utilities and around the industry to better share information on incidents and threats,” said Chief Information Officer Dawn Roth Lindell.
Speakers at the symposium included employees from the North American Electric Reliability Corporation, the Department of Energy, White House National Security Staff, the Department of Homeland Security, the Colorado Fusion Center and the Federal Bureau of Investigation.
These agencies mainly discussed the programs and resources available to utilities to share information, learn about best practices and improve their security readiness.
Not just another copper theft
Physical security of the grid, in particular, is receiving considerable attention right now from the President of the U.S. to mainstream media and utilities nationwide after a disturbing and unsolved attack occurred at Pacific Gas and Electric’s Metcalf Substation in California last April.
Substation break-ins are common in this industry, mostly for intruders to steal valuable metal such as copper whose market value continues to rise. “With the prospect of significant financial gain, suspects consider the risk associated with stealing copper from energized substations and towers more acceptable,” said Western’s Office of Security and Emergency Management Manager Keith Cloud.
However, with the rise in threats against the nation in general, both physical and cyber, members of the essential energy subsector are asking themselves “What if?”
Cloud shared, “In this day and age, we cannot afford to consider a break-in as just another copper theft. That’s the belief the industry followed for years, and in that environment, that was enough. But with the changing world, we need to consider that maybe the break-in is something more.”
Thanks to modern technology and availability of information, finding, entering and vandalizing energy equipment has gotten easier and doesn’t require “insider knowledge” as was the case in the past.
Experts do not believe that the energy subsector is being targeted for attack by foreign groups, but rather domestic groups and “lone offenders.” A domestic group may be responsible for the attack at Metcalf, which is still under investigation. Other perpetrators may be considered “lone offenders,” or individuals working alone to further their personal agenda. Multiple attacks against the grid allegedly committed by a man in Arkansas is an example of a lone offender.
Some speakers discussed possible security measures to deter, detect, delay, respond and recover to incidents, focusing on those assets that pose the greatest risks to the organization.
DOE Office of Security Assistance Deputy Director Michael Sparks shared, “When it comes to your assets, you have pencils and you have diamonds. You don’t protect everything like diamonds.” Sparks recommended that utilities survey their assets and determine which ones rank highest in three areas: threat, vulnerability and consequences. Assets that rank high in all three categories—meaning there are known threats and vulnerabilities and failure of the asset results in catastrophic consequences—become diamonds, or those assets that need the most protection.
“It’s not feasible to eliminate all risk to our facilities. We need to implement reasonable and effective measures to mitigate risk to an acceptable level, concentrating our efforts on those assets or sets of assets that are critical to the grid,” said former-Desert Southwest Regional Manager Darrick Moe.
Improving information sharing a priority
Improving information sharing was the major theme of the two-day symposium with all speakers championing the need for utilities to talk to each other about incidents to identify trends. “The more information we can share and have combined with others, the better we can forecast what’s next or find new information,” said Cloud.
Communication remains a considerable challenge for the fragmented industry. The grid was built piecemeal and interconnected as time passed to develop a resilient and redundant system capable of withstanding multiple incidents. An incident at one facility when occurring at the same time as an event at another substation that may be hundreds of miles away can have serious consequences or not have any impact at all, depending on the circumstances at the time. “The grid was never designed as a single unit, which makes communication challenging and important. The industry is doing a better job at working together and sharing data, but we need to continue to improve in this area,” said Moe. “We need to continue to emphasize sharing information across jurisdictional, regulatory and entity boundaries.”
The speakers encouraged information sharing among the utility industry as utilities can provide one another quality, relevant information sometimes faster and more effectively than the government agencies can provide, even without analysis.
There are a few agencies that provide both information and analysis for utilities, including the NERC Electrical Sector Information Sharing and Analysis Center and the Colorado Fusion Center. These agencies also recommended communicating with all the various interested parties and agencies to ensure the information is shared as broadly as possible. “There’s a lot going on [in this]industry and we need to emphasize the importance of sharing information to give us all a better chance of "connecting dots" between events. Events in our own systems may not seem too serious, but we must share information effectively to know if there are patterns that may be a serious concern,” said Moe. "We need to get people engaged.”