Date post: | 29-Mar-2018 |
Category: |
Documents |
Upload: | nguyenphuc |
View: | 214 times |
Download: | 1 times |
Kevin Smith, CPP, PSP, PCI, CPTEDDeputy Security ManagerTri-State Generation and Transmission Association, Inc.
UTILITY SECURITY AND CRITICAL
INFRASTRUCTURE PROTECTION
Presidential Directives… In May of 1998, President Bill Clinton issued
President Decision Directive 63 (PDD-63) Directive identified physical and cyber-based systems
that are critical to national and economic security of the United States and required steps to be taken to protect it. Later Updated by President George Bush in December
2003Directive seeks to reduce likelihood of both physical
and cyber attacks
HISTORICAL PERSPECTIVE
Directive identifies 16 sectors as criticalHistorically, these sectors were not dependentDue to advances in technology, these systems
are now linkedWhat are these sectors??
ChemicalCommunicationsDamsCommercial FacilitiesCritical ManufacturingDefense Industrial
BaseEmergency ServicesGovernmental
Facilities
Healthcare Financial ServicesFood and Agriculture Information
Technology EnergyNuclear ReactorsWater/Waste WaterTransportation
CRITICAL INFRASTRUCTURE SECTORS
1 kilowatt= 1,000 watts 1 Megawatt=1 million
watts (1,000 homes) 1 Gigawatt= 1,000
Mega watts (750,000-1,000,000 homes)
WATTAGE BREAKDOWN
Federal Energy Regulatory Commission (FERC) formed in 1977 (oversees interstate sales, rates, pricing, and l icensing)
North American Electric Reliability Corporation (NERC) formed in 2006 (develops standards for power system operation, monitoring, and CIP Standards enforcement)
Critical Infrastructure Protection (CIP) Standards Mandatory 10 Standards containing 134 Requirements Several variations of the standard termed “Versions” (Currently
on v5)
COMPLIANCE
Department of Homeland Security (DHS) Chemical Facility Anti-Terrorism Standards (CFATS) formulated
in 2007 Identifies Chemicals of Interest (COI’s) that need to be
protected
Assault (external and internal)HarassmentMenacingDomestic ViolenceSabotage (120 attacks/year)Theft of other Equipment
Copper $3-$5 per foot or pound Losses are estimated $20 million per year In addition (materials/labor costs) $60 million each year 35 deaths each year More than 7,600 MW “outage” hours each year
Landowners Governmental Regulations Employees Sabotage Physical attack on PG&E’s Metcalf substation located in San Jose, California on
April 16, 2013 Attack began at approximately 12:58am Gunmen first cut AT&T fiber cables across from substation Gunmen then shot approximately 150 rounds into Metcalf substation striking 17
transformers Attack lasted approximately 50 minutes
As a result of this attack: Estimated $15 million in repairs to substation Article written by the Congressional Research Service in 2014 cites Metcalf
incident and the “overall” vulnerability of US substations New Congressional mandates PG&E to spend $100 million over next 3 years retrofitting substations in region
Develop solid Programs, Policies, and Procedures (3P’s)
Education Must have Employee/Management “buy-in” (Force
multipliers) Security Vulnerability Assessments (SVA’s)-initial and
recurring Table top exercises/drills (What-if’s) Always re-assess the program and industry “best-
practices”
Est imated 50 mi l l ion people in US and Canada wi thout power
***Cause - - -overgrown vegetat ion and faul ty a larming sof tware
2003 NORTHEAST BLACKOUT
References: Congressional Research Service Article: “Physical Security of
the U.S. Power Grid: High-Voltage Transformer Substations”(June 2014) Critical Infrastructure Protection (CIP) Standards Department of Homeland Security-Chemical Facility Anti-
Terrorism Standards Program (CFATS) Federal Energy Regulatory Commission (FERC) North American Energy Reliability Corporation (NERC) Public Power Association Magazine Article, “Preventing
Copper Thievery” (November-December 2012) Presidential Directive 63 (PDD-63)
Questions….
Kevin Smith, CPP, PSP, PCI, CPTEDDeputy Security Manager
Tri-State Generation and Transmission Association, Inc.Westminster, Colorado 80234
(303) [email protected]