IEEE Standards - draft standard template



P1402™/D1

Draft Guide for Electric Power Substation Physical and Electronic Security

Sponsor

Substations

of the

IEEE Power and Energy

Approved

IEEE-SA Standards Board

Copyright © 2013 by the Institute of Electrical and Electronics Engineers, Inc.

Three Park Avenue

New York, New York 10016-5997, USA

All rights reserved.

This document is an unapproved draft of a proposed IEEE Standard. As such, this document is subject to change. USE AT YOUR OWN RISK! Because this is an unapproved draft, this document must not be utilized for any conformance/compliance purposes. Permission is hereby granted for IEEE Standards Committee participants to reproduce this document for purposes of standardization consideration. Prior to adoption of this document, in whole or in part, by another standards development organization, permission must first be obtained from the IEEE Standards Activities Department (stds.ipr@). Other entities seeking permission to reproduce this document, in whole or in part, must also obtain permission from the IEEE Standards Activities Department.

IEEE Standards Activities Department

445 Hoes Lane

Piscataway, NJ 08854, USA

Abstract:

Keywords:

(

Notice and Disclaimer of Liability Concerning the Use of IEEE Documents: IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating Committees of the IEEE Standards Association (IEEE-SA) Standards Board. IEEE develops its standards through a consensus development process, approved by the American National Standards Institute, which brings together volunteers representing varied viewpoints and interests to achieve the final product. Volunteers are not necessarily members of the Institute and serve without compensation. While IEEE administers the process and establishes rules to promote fairness in the consensus development process, IEEE does not independently evaluate, test, or verify the accuracy of any of the information or the soundness of any judgments contained in its standards.

Use of an IEEE Standard is wholly voluntary. IEEE disclaims liability for any personal injury, property or other damage, of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, or reliance upon any IEEE Standard document.

IEEE does not warrant or represent the accuracy or content of the material contained in its standards, and expressly disclaims any express or implied warranty, including any implied warranty of merchantability or fitness for a specific purpose, or that the use of the material contained in its standards is free from patent infringement. IEEE Standards documents are supplied "AS IS."

The existence of an IEEE Standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE standard. Furthermore, the viewpoint expressed at the time a standard is approved and issued is subject to change brought about through developments in the state of the art and comments received from users of the standard. Every IEEE standard is subjected to review at least every ten years. When a document is more than ten years old and has not undergone a revision process, it is reasonable to conclude that its contents, although still of some value, do not wholly reflect the present state of the art. Users are cautioned to check to determine that they have the latest edition of any IEEE standard.

In publishing and making its standards available, IEEE is not suggesting or rendering professional or other services for, or on behalf of, any person or entity. Nor is IEEE undertaking to perform any duty owed by any other person or entity to another. Any person utilizing any IEEE Standards document, should rely upon his or her own independent judgment in the exercise of reasonable care in any given circumstances or, as appropriate, seek the advice of a competent professional in determining the appropriateness of a given IEEE standard.

Translations: The IEEE consensus development process involves the review of documents in English only. In the event that an IEEE standard is translated, only the English version published by IEEE should be considered the approved IEEE standard.

Official Statements: A statement, written or oral, that is not processed in accordance with the IEEE-SA Standards Board Operations Manual shall not be considered the official position of IEEE or any of its committees and shall not be considered to be, nor be relied upon as, a formal position of IEEE. At lectures, symposia, seminars, or educational courses, an individual presenting information on IEEE standards shall make it clear that his or her views should be considered the personal views of that individual rather than the formal position of IEEE.

Comments on Standards: Comments for revision of IEEE Standards documents are welcome from any interested party, regardless of membership affiliation with IEEE. However, IEEE does not provide consulting information or advice pertaining to IEEE Standards documents. Suggestions for changes in documents should be in the form of a proposed change of text, together with appropriate supporting comments. Since IEEE standards represent a consensus of concerned interests, it is important to ensure that any responses to comments and questions also receive the concurrence of a balance of interests. For this reason, IEEE and the members of its societies and Standards Coordinating Committees are not able to provide an instant response to comments or questions except in those cases where the matter has previously been addressed. Any person who would like to participate in evaluating comments or revisions to an IEEE standard is welcome to join the relevant IEEE working group at .

Comments on standards should be submitted to the following address:

Secretary, IEEE-SA Standards Board

445 Hoes Lane

Piscataway, NJ 08854

USA

Photocopies: Authorization to photocopy portions of any individual standard for internal or personal use is granted by The Institute of Electrical and Electronics Engineers, Inc., provided that the appropriate fee is paid to Copyright Clearance Center. To arrange for payment of licensing fee, please contact Copyright Clearance Center, Customer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through the Copyright Clearance Center.

Notice to users

Laws and regulations

Users of IEEE Standards documents should consult all applicable laws and regulations. Compliance with the provisions of any IEEE Standards document does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so.

Copyrights

This document is copyrighted by the IEEE. It is made available for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making this document available for use and adoption by public authorities and private users, the IEEE does not waive any rights in copyright to this document.

Updating of IEEE documents

Users of IEEE Standards documents should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. In order to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE-SA Website at or contact the IEEE at the address listed previously. For more information about the IEEE Standards Association or the IEEE standards development process, visit IEEE-SA Website at .

Errata

Errata, if any, for this and all other standards can be accessed at the following URL: . Users are encouraged to check this URL for errata periodically.

Patents

Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken by the IEEE with respect to the existence or validity of any patent rights in connection therewith. If a patent holder or patent applicant has filed a statement of assurance via an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at . Letters of Assurance may indicate whether the Submitter is willing or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses.

Essential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association.

Participants

At the time this draft guide was completed, the Working Group had the following membership:

, Chair

, Vice Chair

Participant1

Participant2

Participant3

Participant4

Participant5

Participant6

Participant7

Participant8

Participant9

The following members of the balloting committee voted on this guide. Balloters may have voted for approval, disapproval, or abstention.

[To be supplied by IEEE]

Balloter1

Balloter2

Balloter3

Balloter4

Balloter5

Balloter6

Balloter7

Balloter8

Balloter9

When the IEEE-SA Standards Board approved this guide on , it had the following membership:

[To be supplied by IEEE]

, Chair

, Vice Chair

, Past Chair

, Secretary

SBMember1

SBMember2

SBMember3

SBMember4

SBMember5

SBMember6

SBMember7

SBMember8

SBMember9

*Member Emeritus

Also included are the following nonvoting IEEE-SA Standards Board liaisons:

, DOE Representative

, NIST Representative

IEEE Standards Program Manager, Document Development

IEEE Standards Program Manager, Technical Program Development

Introduction

This introduction is not part of P1402/D1, Draft Guide for Electric Power Substation Physical and Electronic Security.

Contents

1. Overview 1

1.1 Scope 1

1.2 Purpose 2

2. Normative references 2

3. Definitions 2

3.1 Acronyms 2

4. Threat Assessment 4

4.1 Social, Political and Economic Background of Threat 4

4.2 Characteristics of the Perpetrator(who can do harm) 4

4.3 Tools and Methods used for Destruction 5

4.4 Characteristics of an Intrusion Event 5

4.5 Objectives of Substation Intrusion 5

4.6 Characteristics of an Intrusion Event 6

5. Criteria for Acceptable Designs 6

5.1 Detection 6

5.2 Prevention(Delay/Deter) 6

5.3 Loss Control(Respond) 7

5.4 Features that are Not Included 7

6. Analysis Process 8

6.1 General Features of a Substation Design Analysis 8

6.2 Design Criteria Considerations for Physical Security 9

Annex A Criteria for Acceptable Designs of the Physical Security System (Original Authors Unknown, contributions by by Ronald Carlson and Edward William Jr,Ph.D, Gary Beane) 13

7. Criteria for Acceptable Designs of the Physical Security System 14

(Original Authors Unknown, contributions by by Ronald Carlson and Edward William Jr,Ph.D, Gary Beane) 14

7.1 Intrusion Objective Not Achieved 14

7.2 Intruder is Not Physically Injured 14

7.3 Security System Equipment Electrical Clearances 14

7.4 Facility Damage Incurred to Thwart the Intrusion is Acceptable 15

7.5 Cost of Damage to Substation Equipment and Material 15

7.6 Cost of Losses Due to Theft of Substation Equipment and Material 15

7.7 Interruption of Service or Reduction in Service Reliability 15

7.8 Probability of customer Outage and Effect is Acceptable 15

7.9 Reduction of Service Reliability 15

7.10 Damage and Theft of Physical Security Equipment 15

7.11 Reliability 15

7.12 Operability 16

8. Features of a Physical Security System – Advantages and Disadvantages (Original Authors Unknown, contributions by by Ronald Carlson and Edward William Jr,Ph.D, Gary Beane) 16

8.1 Authentication 16

8.2 Barbed Wire 16

8.3 Chain Link Fence 16

8.4 Electric Fence 17

8.5 Access Control 17

8.6 Video Cameras 17

8.7 Integration of Multiple Solutions 18

9. Substation Security Plan (by Gary Beane) 18

9.1 Objective of the Security Plan 19

9.2 Responsibility for Security 19

9.3 Basic Security Requirements 19

9.4 Additional Security Measures 20

9.5 Sample Security Assessment 20

Draft Guide for Electric Power Substation Physical and Electronic Security

IMPORTANT NOTICE: IEEE Standards documents are not intended to ensure safety, health, or environmental protection, or ensure against interference with or from other devices or networks. Implementers of IEEE Standards documents are responsible for determining and complying with all appropriate safety, security, environmental, health, and interference protection practices and all applicable laws and regulations.

This IEEE document is made available for use subject to important notices and legal disclaimers.

These notices and disclaimers appear in all publications containing this document and may

be found under the heading “Important Notice” or “Important Notices and Disclaimers

Concerning IEEE Documents.” They can also be obtained on request from IEEE or viewed at .

Overview

Scope

This standard establishes minimum requirements and practices for the physical security of electric substations.  It is designed to address a number of threats, including unauthorized access to critical cyber assets, theft of material, vandalism and unauthorized use of substation facilities.  It describes the requirements for positive access control, monitoring of facilities and delay/determent features which shall be employed to mitigate these threats.  The standard, when properly employed, also establishes conformance to best practices of technically feasible solutions as required by NERC Critical Infrastructure Protection programs as well as user-specific requirements which may be desired.  The standard does not establish requirements based on voltage levels, size or any depiction of criticality of the substation.  The user will make these decisions based on threat assessment and criticality assignment by the substation owner.  

The guide will assist in developing the list of intrusion objectives determining the characteristics of the intrusion criteria for acceptable designs design features that may be included in the physical security system.

Purpose

Substations are largely unmanned facilities, often located in remote sites with infrequent inspection or supervision by the owner’s personnel.  As such, there is little fear of apprehension for someone, be it employee or non-employee, to enter an electric utility substation for whatever purpose. If substations do not contain measures of physical security to deter/detect and delay unauthorized activities, unacceptable compromises in operational, economical and liability risk management may occur.  This standard establishes sound engineering practice in substation physical protection which can be applied to mitigate these risks.

Overt attacks against the substation for the purpose of destroying its capability to operate, such as explosives, projectiles, vehicles, etc. are beyond the scope of this standard.  There are a number of such risks which can be conducted against a substation without entering the facilities, or which can be employed successfully on the transmission lines into and out of the substation, producing the same effect as that of disrupting/destroying the substation.  Often, these transmission lines cross vast expanses of private land, and the physical security of the transmission structures and conductors is not feasible.  To address the overt risk of substation damage without also addressing the entire transmission infrastructure would yield little practical benefit.      

Normative references

The following referenced documents are indispensable for the application of this document (i.e., they must be understood and used, so each referenced document is cited in text and its relationship to this document is explained). For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments or corrigenda) applies.

Definitions

For the purposes of this document, the following terms and definitions apply. The IEEE Standards Dictionary Online should be consulted for terms not defined in this clause. [1]

Acronyms

ACE -

AES - Advanced Encryption Standard

AGA - American Gas Association

AHWG06 - Ad hoc working group 06

ASDU - Application-layer Service Data Unit

ANSI - American National Standards Institute

API - American Petroleum Institute

CIGRE - International Council on Large Energy Systems

CIP - Critical Infrastructure Protection

CISSWG - Critical Infrastructure Security Standards Working Group

CMIP - Common Management Information Protocol

COBIT - Control Objectives for Information and Related Technology

CSI -

DCS - Distributed Control Systems

DHS - United States Department of Homeland Security

DNP - Distributed Network Protocol

DOE United States Department of Energy

DoS - Denial-of-Service

DSS - Digital Signature Standard

EC - European Community

FERC - Federal Energy Regulatory Commission

GOOSE - Generic Object Oriented Substation Event

GRI - Gas Research Institute

GSSE - Generic Substation Status Event

GTI - Gas Technology Institute

HAP - Host Access Protocol

HMAC - Hashed message authentication code

HV - High Voltage

IACS -

ICS - Industrial Control Systems

IEC - International Electrotechnical Commission

IEEE - Institute of Electrical and Electronic Engineers

IETF - Internet Engineering Task Force

IGT - Institute of Gas Technology

INEEL - Idaho National Engineering and Environmental Laboratory

INGAA - Interstate Natural Gas Association of America

INL - Idaho National Laboratory

IP - Internet protocol

ISA - Instrumentation, Systems, and Automation Society

IT - Information Technology

LAN - Local Area Network

PRNG - Pseudorandom Number Generator

WAN - Wide Area Network

Threat Assessment

Social, Political and Economic Background of Threat

Recession

Neighborhood

Labor Unrest

Company Downsizing

Characteristics of the Perpetrator(who can do harm)

• Human

• Intension, not accident

• Not authorized(assume that corporate screening of potential employees works)

• Disgruntled former employee

• Terrorist

Tools and Methods used for Destruction

• Vehicular (tanks, tricycles)

• Explosives

• Bolt cutters

• Ropes

• Unauthorized Access to a Substation

Characteristics of an Intrusion Event

• Time day

• Duration of the event

• Visible vs. surreptitious

• Noisy vs. quiet

Objectives of Substation Intrusion

Unauthorized Physical Access of Critical Cyber Assets

• Communications paths to system facilities

• Communications paths to enterprise records

Theft of Material

Theft of material or equipment or some substation asset that has monetary value, e.g. landscaping, for financial gain

Vandalism/Loitering

• Vandalism for economic loss to the owner

• Sabotage for personal satisfaction or retribution or personal gain

• Personal comfort e.g. a warm place to sleep

• Commercial or personal convenience (Illegal dumping, shortcut to the other side, Curiosity)

• Thrill seekers & suicidal

• Sightseeing

Unauthorized Use of Substation Facilities

• Business convenience

Characteristics of an Intrusion Event

• Time day

• Duration of the event

• Visible vs. surreptitious

• Noisy vs. quiet

Criteria for Acceptable Designs

Detection

Access Control

• Coded passcards

• Motion detectors

• Onsite security force

Monitoring of Facilities

• Security cameras

• Lighting

Prevention(Delay/Deter)

• Walls

• Coded Passcards

• Fences

• Onsite security force

• Use of different material

Substations are enclosed with barriers. Characteristics of the barrier are:

• Number of redundant barriers

• Height of the barrier(s)

• Physical strength to resist the design basis tools and equipment

• Installation of the bottom of the barrier, i.e. at grade, embedded in earth, below grade, on foundations or footing wall

• Passive physical injury devices, e.g. barbed wire, razor wire

• Audible alarm of intrusion detection

• Illumination

• Use of different material

Loss Control(Respond)

Hardened facilities e.g. poured concrete control building vs. metal wall panel

Features that are Not Included

• personal safety of unauthorized persons is included in other industry safety codes and standards, e.g. NESC

• changing or mitigating environmental factors, e.g. economic recession, are not included

• changing corporate HR policies, e.g. separation pay, are not included

• changing employee hiring practices, background checks, are not included

• changing corporate standards for substation material & equipment

• Reinforcement of community security force, e.g. sheriff staff, are not included

Response (containment) does not address property insurance

Analysis Process

General Features of a Substation Design Analysis

The methods used to analyze the design of a security system are assessment of advantages and dis-advantages of each feature and combination of features and determination of the probability of success or failure.

The design advantages and disadvantages are measured against the design criteria.

For example, a design feature of video cameras will have advantages and disadvantages when measured against the criterion of theft of security system equipment. The disadvantage is the greater expected economic loss than the theft of other design features. When measured against the criterion of reliability, the advantage of a video camera is positive detection of intrusion.

The advantage of a motion detection scheme when measured against criterion of theft of security system equipment may be lower economic loss, but the disadvantage is spurious indication and lower reliability.

Some criteria will require determination of the probability of success. Criteria of “no injury to the intruder” or “electrical service outage” will require determination of the probability of design feature(s) meeting the criteria.

Statistical data on performance of design features is sometimes not available a quantitative probability assessment may not be possible. A judgment made by knowledgeable persons is a reasonable and practical alternative.

For a quantitative assessment of probability of success of design feature(s) will have a numerical probability. For a qualitative assessment, the comparison with the criteria may be a “yes” or “no” judgment of the effectiveness of the design feature(s).

An evaluation matrix could be used to capture the advantages, disadvantages, and success probability of security system design features. An example is given in Annex ?

The dynamic of an intrusion event can be used as an aid in determining the advantages and disadvantages of the features of a security system design.

As an example, an objective may be copper conductor, and one link of the nature of the intruder may be a high school student with a pickup truck. Another link of the nature of the intruder may be a skilled IT professional with hacking code of corporate financial records.

A physical security system that deters the high school student is acceptable for that link to copper conductor. The physical security system design may not deter the IT professional from copper theft, but it’s unlikely that the IT professional will steal the copper and the consequences are acceptable.

There are obvious analysis short cuts that can be made by making only the more likely links, e.g. teenager and copper, but not IT professional and copper. Or IT professional and communication paths to enterprise records, and not teenager and communication paths to corporate records.

Design Criteria Considerations for Physical Security

Site Location Consideration

Consideration should be given to substation site selection. Higher levels of crime, vandalism, and graffiti may be common behaviors in certain neighborhoods. School properties or other public areas adjacent to or near a substation or substations located in remote areas may also present additional opportunities for intrusions.

Uses of adjacent property may lead to intrusions onto substation property. Commercial activities, construction, storage, equipment and material locations, and building structures can facilitate intrusions onto substation property.

Substations located on slopes can be subject to erosion and wash out, which can create openings under the fence and compromise security.

Driveway barriers (gates, guardrails, ditches, etc.) at the property line for long driveways can help limit vehicular access to the substation property.

Fence and Wall Barriers

Fences

Fences of various materials provide primary security to limit access to substation property; refer to the National Electrical Safety Code® (NESC®) (IEEE Standard C2) for fence requirements (ASTM document, Steve please check, Brian will send document). In addition, adding top and bottom rails on fence sections, closed track roller systems to sliding gates, and methods such as welding to prevent hinge pins and bolts from being easily removed, may improve the overall integrity of the fencing system. Also, the extension of materials above and below grade, such as concrete curbing, has been used to reduce the possibility of erosion and dig-ins under the fence.

Double fencing (enclaving), increased fence height, use of fence barbed wire doubled in a “v” pattern, and smaller-dimension mesh fabric that impedes climbing may also be considered to avoid access over the fence. Areas that experience large snow accumulations should consider use of higher fences or walls.

The material utilized for the fence should be commensurate with the evaluated security risk of the area. A standard chain-link fence is easily cut and most purposeful intruders use this method to gain access. Chain-link fences are therefore of limited value against this type of intruder.

Structures and poles should be kept a sufficient distance (Steve please work with Joe for better wording) from the fence perimeter to minimize the potential use of the structure itself to scale the fence.

A method to enhance security, signs could be installed on the perimeter fence to warn the public that (please provide some information about ANSI and NESC sign information and or reference):

• Alarm systems are providing security for the substation

• Entry is not permitted

• There is a danger of shock inside

Walls

Solid masonry or metal walls can provide an additional degree of security over standard substation chain link fence. Solid walls are generally more difficult to breach and also prevent direct line-of-sight access to equipment inside the substation. Solid walls may prevent external vandalism, such as gunshot damage, depending on the height of the wall, surrounding terrain, and elevation of equipment inside the substation.

Structures and poles should be kept a sufficient distance (Steve please check on the sufficient distance?) from the wall perimeter to minimize the potential use of the structure itself to scale the wall. The wall design should be such that the wall is not going to be used as a climbing aid.

Some utilities add razor wire or metal spikes to the top of the wall to further prevent climbing over the wall. (Steve please work with George, Don, and Robin)

Entrance/Equipment Locks

All entrances to substations should be locked. All equipment located outdoors within the substation fence should have a provision for locking cabinets and operating handles where unauthorized access could cause a problem. Padlocks should be of a type that can utilize a non-reproducible key. Similar locking devices should be used on gates and doors to any buildings within the substation fence. Maintenance of equipment alignment is important to ensure proper installation of locks. In places where it is difficult to keep equipment in alignment, the use of chain and lock is a practical method to secure the gate. However, avoid the substitution of chains where possible, since they may compromise the security of a locking system.

Other Barriers

Driveway barriers (gates, guard rails, ditches, etc.) at the property line for long driveways can help limit vehicular access to the substation property.

Landscaping and Aesthetics

Any landscaping treatment around substations should be carefully designed so as not to create potential security problems. Walls, plantings, or screening treatments may make substations an attractive and secluded meeting spot for various recreational or illicit activities.

Buildings

Most substations include buildings which house the substation control and communications equipment. These buildings should be located inside the substation fence perimeter and not constructed as part of the perimeter fence enclosure reducing enclosure security where the fence abuts the building. Normally a building is not constructed as part of the perimeter fence. It should not have outside doors to the public side of the substation.

Construction of a building to enclose the entire substation (indoor substations) or exposed equipment and materials can provide an additional layer of protection against intruders. Buildings (or trailers) in outdoor substations used to enclose material stored at construction sites may deter theft.

In general, most building materials provide adequate security protection. Selection of the type of building construction should be suitable for the level of security risk. Typically, features that should be included are steel doors with tamper-proof hinges and roof-mounted heating/air conditioning units. Any wall openings (i.e wall air conditioners) should have security bars over and around the unit.

Building Alarm Systems

One of the more common methods utilized is an intrusion alarm on control buildings. These systems include, at a minimum, magnetic contacts on all the doors, and have the provisions to communicate through the existing telephone network or SCADA systems. A local siren and strobe light may be located on the outside of the building to indicate the alarm condition. The system should be capable of being activated or deactivated using an alphanumeric keypad, key switch, or a card reader system located inside the building. All siren boxes and telephone connections should have contacts to initiate an alarm if they are tampered with.

Equipment Location and Arrangement

Designs shall consider as a minimum the safety clearance of equipment and exposed live parts from substation enclosures as identified in the National Electric Safety Code® (NESC®) (IEEE Standard C2). An increased buffer area between the fence and equipment is desirable in most instances. This alleviates items from close proximity to the substation enclosure tempting vandalism.

Consideration should be given to locating transformers or other high value equipment away from the substation perimeter and view. Sensitive items such as transformer radiators should be aligned away from the view if possible. Transformers and other oil filled equipment containing flammable liquid should be located separated from structures, buildings, etc. in accordance with IEEE Standard 970, Guide for Substation Fire Protection.

The use of polymer bushings, surge arresters and insulators should be considered versus porcelain styles.

For distribution voltage substations, metal clad switchgear will provide increased security over outdoor distribution feeder rack design.

Access to energized equipment and bus may be of concern if the perimeter security measures are breached. Polycarbonate or other barriers on ladders and structure legs should be considered in order to prevent inadvertent access. Refer to the NESC and Occupational Safety and Health Administration (OSHA) requirements.

Lighting

Some utilities prefer either continuous facility lighting or maintenance only lighting. Maintenance only lighting does not draw attention to the substation, however, conversely it results in lack of sight for intruders or vandalism.

The entire interior of the substation may be provided with dust-to-dawn lighting to provide a minimum light level of 21.52 Lux (2 footcandles). Placement of lighting posts should be such as not to assist an intruder who may climb the posts to enter the substation. All wiring to the lighting posts should be in conduit or concealed to minimize tampering by an intruder. In addition, areas outside the substation, but within the facility property, should also be considered for lighting to deter loitering near the substation.

Zoning and other local regulations may restrict or prohibit lighting.

Copper Theft

Copper theft has become a serious problem for electrical substations. In addition to a loss of required asset of the substation, it can provide a dangerous condition for operation of the substation, as well as for the copper thief. Several methods can be considered to deter copper theft within the substation.

Use tinned copper for fence and/or equipment grounding. Tinned copper reduces the appearance of the copper wire as copper.

Use steel clad copper which makes the theft value of the copper wire less.

Paint the copper wire to identify it as specific from local installation.

Use identifiable copper wire with codes etched in strands from a manufacturer.

Minimize the exposure and accessibility of copper such as perimeter fence copper ground wires should be located inside the fence and can be placed within fence pole concrete footings.

Substation control and power cable systems should be located in a protective system that deters easy accessibility to the cables.

Joint Use Facilities

Establishment of a substation on or adjacent to a facility that is shared, owned, or used by others could provide additional opportunity for intrusions as the potential for legitimate access by unqualified personnel increases. Additional means of identification should be considered for identifying the individual or individuals accessing a joint use facility.

Storm Drain Systems

All sewer and storm drains that are located inside the substation perimeter, with access from the outside, should be spiked or fitted with vertical grillwork to prevent entry. Manhole covers or openings should be located on the inside of the substation perimeter fence.

Criteria for Acceptable Designs of the Physical Security System (Original Authors Unknown, contributions by by Ronald Carlson and Edward William Jr,Ph.D, Gary Beane)

Criteria for Acceptable Designs of the Physical Security System

(Original Authors Unknown, contributions by by Ronald Carlson and Edward William Jr,Ph.D, Gary Beane)

Intrusion Objective Not Achieved

Chain length fence can prevent critters, pests, animals, and intruders from entering substation perimeter. Fencing of often prevent intruders from meeting objective of entry into substation perimeter.

Add more here

Intruder is Not Physically Injured

Although barbed wire may cause injury it is an affective deterrent causing intruder to not enter or think of alternatives to dealing with barbed wire.

Add more here

Security System Equipment Electrical Clearances

|Equipment |Clearance |Case |

|Video Cameras |Must be 30 Ft above fence. |Provides greater range of site. |

| | | |

| |Camera shall rotate 180 deg |Provides greater range of site in |

| | |multiple directions |

| |A camera must be placed at each corner of substation perimeter facing | |

| |inside defined substation perimeter. |Provides line of site within substation|

| | |perimeter |

| |A camera must be placed at each corner of substation perimeter facing | |

| |outside defined substation perimeter. | |

| | |Provides line of site outside |

| | |substation perimeter |

|Electric Fence |example here |example here |

|Pole Mount |example here |example here |

|Add more here | | |

Facility Damage Incurred to Thwart the Intrusion is Acceptable

Cost of Damage to Substation Equipment and Material

Cost of Losses Due to Theft of Substation Equipment and Material

Interruption of Service or Reduction in Service Reliability

Probability of customer Outage and Effect is Acceptable

Reduction of Service Reliability

Damage and Theft of Physical Security Equipment

Reliability

• Redundancy of video surveillance

• Redundancy in primary and secondary batteries for video surveillance

• Fencing

o Low cost, Physical barrier, intrinsically reliable.

Operability

Features of a Physical Security System – Advantages and Disadvantages (Original Authors Unknown, contributions by by Ronald Carlson and Edward William Jr,Ph.D, Gary Beane)

Authentication

Advantage

• Validity of must be verified by both the operator and administrator

Disadvantage

• Validity can be compromised

• loss of information from failure of validity

Barbed Wire

Advantage

• Difficult to scale by intruder

• May deter intruders

• Reduces security threat

• Low cost low tech

Disadvantage

• May cause harm or injury to critters, pests, and intruder

• Possible to critters, pests, and intruders to pass through or scale.

Chain Link Fence

Advantage

• Difficult to scale by intruder

• Reduces the amount of animals

• Functional like board, stone wall. pet fence, ha-ha, etc

• Low cost, Low tech

Disadvantage

• May cause harm or injury to critters, pests, and intruder

• Possible to critters, pests, and intruders to pass through or scale.

Electric Fence

Advantage

• Difficult to scale by intruder

• Reduces the amount of animals and pests

Disadvantage

• May cause harm

• Possible to jump over

• Needs power to energize

• surge may cause fire risk

Access Control

Advantage

• Multiple levels of identity verification

• Provide slog with timestamp and record of events

• Accessible to multiple operators

• Centralized control of single or multiple sites

Disadvantage

• Validity can be compromised

Video Cameras

Advantage

• Positive detection of events.

• Provides lot with timestamp and record of events

• Provides capability for video analytics to detect events, automatically initiate recording and notifications to operators and administrators

• Provides situational awareness depending on camera type, placement design

• Video recordings can be used as evidence

• Provides a capability platform for behavioral analytics to pre-classify events of interest, reducing false detetions.

Disadvantage

• Greater expected economic loss than the theft of other design features

• Uses a lot of power

• Needs man hours to observe video recordings, or live monitoring.

Integration of Multiple Solutions

Advantage

• Improved response and awareness from combined solutions, improved event categorization

• Integration with operations center

• Event triggering between technology types for improved notification, assessment, response

• Enhances situational awareness

• Potential to decrease response time

• Enhances integration with response systems - dispatch, radios, etc.

Disadvantage

• Increased technical skills by operator

Substation Security Plan (by Gary Beane)

Substation security utilizes a number of security systems designed to help develop an overall security plan. These systems complement the policies, procedures, and measures that form the substation security plan. When preparing a security plan the following questions should be answered:

• Why is the security plan being developed?

• Who is going to administer the security plan?

• What site specific security measures are required for the facility in question?

• What regulatory requirements must be met?

Answering these questions will help to develop a more comprehensive and economical security plan.

Objective of the Security Plan

For any plan to be successful, it must have a clearly stated objective. Using historical operating data, demographics information, and industry experience, each company can determine the level and type of security required to meet its objectives. Defining the objective will help focus attention on those security methods most appropriate to the company’s needs. The objective should state the present and primary concerns, such as vandalism and theft in existing stations, or theft and injury during substation construction

Responsibility for Security

Identification of the person or persons responsible for security implementation and administration is critical to the effectiveness of the plan. Therefore, defined levels of responsibility and specific tasks are required for each level. Each company should have someone in charge of facilities security. This individual should be responsible for assuring that a security plan is developed, implemented, regularly reviewed, and updated. Regular inspection of facilities to assure that security measures are in effect should be part of the security plan, along with initial and ongoing employee training and methods that enable employees to report irregularities or breaches of security.

Basic Security Requirements

All existing and new substations have a basic minimum level of security required. This includes fences with locked gates, control buildings with locked doors, a special type of grounding system if copper theft is prevalent, and minimum clearance distances

between perimeter fences and energized equipment. Basic security requirements should list these measures as required in all cases, regardless of location or age of the station.

In addition, some types of security breach may require special or immediate action by operations staff. For example, damage to the ground system of an energized station should be treated with care in case of the unlikely event of a dangerous touch potential. These types of security breaches should be noted in the security plan. At construction and material storage sites, or vacant land, minimum security levels may either not exist, or may be inadequately described. Therefore, it is important to define the security measures required by type of facility or site, especially if the measures required are different from other basic measures normally required. For instance, vacant land should be inspected on a regular basis for evidence of use for illicit activities, unauthorized dumping, and existence of holes that could cause injury due to falls. Security methods at active construction sites can include moving all construction equipment inside of fenced areas at night and checkin/ check-out of personnel through a security gate.

Additional Security Measures

Additional security measures, over and above the basic requirements, may be necessary based on the security survey results. For critical cyber assets a “six wall border” is required. A “six wall border” refers to a complete physical enclosure such as a room, cabinet, etc. The intent is the formation of a complete physical boundary surrounding the critical assets and affords the same level of security around its entire border. Monitoring of physical access is required on a 24/7 basis. The types of security used in these instances could include motion detectors, perimeter/area detection systems, security cameras, card key, biometric, special locks, jersey barriers, posted guards or other methods that will support controlled physical access and logging of physical access.

Reference CIP-006-1 Cyber Security-Physical Security?

Sample Security Assessment

A plan for evaluating the effectiveness of any mitigating measures should be initiated. Records should be kept for each substation to document the security option used, date of application, type of intrusion and problem the option is intended to mitigate, and the history of intrusion problems. This record is necessary to monitor the performance of the applied option in order to evaluate the feasibility of future applications. The form shown in Figure 2 is a sample format for security assessment and includes a summary of the items addressed in this guide.

-----------------------

The Institute of Electrical and Electronics Engineers, Inc.

3 Park Avenue, New York, NY 10016-5997, USA

Copyright © 2013 by The Institute of Electrical and Electronics Engineers, Inc.

All rights reserved. Published . Printed in the United States of America.

IEEE is a registered trademark in the U.S. Patent & Trademark Office, owned by The Institute of Electrical and Electronics

Engineers, Incorporated.

PDF: ISBN 978-0-XXXX-XXXX-X STDXXXXX

Print: ISBN 978-0-XXXX-XXXX-X STDPDXXXXX

IEEE prohibits discrimination, harassment, and bullying.

For more information, visit .

No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior written permission of the publisher.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download