Kevin Smith, CPP, PSP, PCI, CPTEDDeputy Security ManagerTri-State Generation and Transmission Association, Inc.

UTILITY SECURITY AND CRITICAL

INFRASTRUCTURE PROTECTION

Presidential Directives… In May of 1998, President Bill Clinton issued

President Decision Directive 63 (PDD-63) Directive identified physical and cyber-based systems

that are critical to national and economic security of the United States and required steps to be taken to protect it. Later Updated by President George Bush in December

2003Directive seeks to reduce likelihood of both physical

and cyber attacks

HISTORICAL PERSPECTIVE

Directive identifies 16 sectors as criticalHistorically, these sectors were not dependentDue to advances in technology, these systems

are now linkedWhat are these sectors??

ChemicalCommunicationsDamsCommercial FacilitiesCritical ManufacturingDefense Industrial

BaseEmergency ServicesGovernmental

Facilities

Healthcare Financial ServicesFood and Agriculture Information

Technology EnergyNuclear ReactorsWater/Waste WaterTransportation

CRITICAL INFRASTRUCTURE SECTORS

AFRICAN POWER POOL

US POWER GRID

US POWER GRID SECTORS

TYPES OF POWER GENERATION

Approximately 100 fac i l i t ies in the US

NUCLEAR

Approximately 572 in the US

COAL

Approximately 2 ,500 in the US

H Y DRO E L E C T R I C ( H Y DRO )

Approximately 400 in the US

WIND

Approximately 800 fac i l i t ies in the US

SOLAR

Approximately 493 fac i l i t ies in the US

NATURAL GAS

POWER PRODUCTION 101

1 kilowatt= 1,000 watts 1 Megawatt=1 million

watts (1,000 homes) 1 Gigawatt= 1,000

Mega watts (750,000-1,000,000 homes)

WATTAGE BREAKDOWN

COMPLIANCE

Federal Energy Regulatory Commission (FERC) formed in 1977 (oversees interstate sales, rates, pricing, and l icensing)

North American Electric Reliability Corporation (NERC) formed in 2006 (develops standards for power system operation, monitoring, and CIP Standards enforcement)

Critical Infrastructure Protection (CIP) Standards Mandatory 10 Standards containing 134 Requirements Several variations of the standard termed “Versions” (Currently

on v5)

COMPLIANCE

Department of Homeland Security (DHS) Chemical Facility Anti-Terrorism Standards (CFATS) formulated

in 2007 Identifies Chemicals of Interest (COI’s) that need to be

protected

TYPES OF INCIDENTS

Assault (external and internal)HarassmentMenacingDomestic ViolenceSabotage (120 attacks/year)Theft of other Equipment

Copper $3-$5 per foot or pound Losses are estimated $20 million per year In addition (materials/labor costs) $60 million each year 35 deaths each year More than 7,600 MW “outage” hours each year

CHALLENGES

Est imated 170at tacks on SCADA Systems around the US each day

SCADA SYSTEMS

TRANSMISSION LINES

160,000+ miles of transmission lines in the US

ENVIRONMENTALGROUPS

-Copper Wi re-Transformers-Switching equipment

SUBSTATIONS

Landowners Governmental Regulations Employees Sabotage Physical attack on PG&E’s Metcalf substation located in San Jose, California on

April 16, 2013 Attack began at approximately 12:58am Gunmen first cut AT&T fiber cables across from substation Gunmen then shot approximately 150 rounds into Metcalf substation striking 17

transformers Attack lasted approximately 50 minutes

As a result of this attack: Estimated $15 million in repairs to substation Article written by the Congressional Research Service in 2014 cites Metcalf

incident and the “overall” vulnerability of US substations New Congressional mandates PG&E to spend $100 million over next 3 years retrofitting substations in region

PROTECTION MEASURES

Develop solid Programs, Policies, and Procedures (3P’s)

Education Must have Employee/Management “buy-in” (Force

multipliers) Security Vulnerability Assessments (SVA’s)-initial and

recurring Table top exercises/drills (What-if’s) Always re-assess the program and industry “best-

practices”

Est imated 50 mi l l ion people in US and Canada wi thout power

***Cause - - -overgrown vegetat ion and faul ty a larming sof tware

2003 NORTHEAST BLACKOUT

References: Congressional Research Service Article: “Physical Security of

the U.S. Power Grid: High-Voltage Transformer Substations”(June 2014) Critical Infrastructure Protection (CIP) Standards Department of Homeland Security-Chemical Facility Anti-

Terrorism Standards Program (CFATS) Federal Energy Regulatory Commission (FERC) North American Energy Reliability Corporation (NERC) Public Power Association Magazine Article, “Preventing

Copper Thievery” (November-December 2012) Presidential Directive 63 (PDD-63)

Questions….

Kevin Smith, CPP, PSP, PCI, CPTEDDeputy Security Manager

Tri-State Generation and Transmission Association, Inc.Westminster, Colorado 80234

(303) 254-3164ksmith@tristategt.org