November 24, 2024
SERC Devotes Webinar to Physical Security Risks, Awareness
Security Adviser: Threats Include Bullets, Neo-nazis, Cyberattacks
© RTO Insider LLC
|
With an uptick in physical attacks on electric infrastructure, the Southeastern Electric Reliability Council hosted a session on making physical security more bulletproof — literally.

With an uptick in physical attacks on electric infrastructure, the Southeastern Electric Reliability Council this week hosted a session on making physical security more bulletproof — literally.

SERC Senior Reliability and Security Adviser Travis Moran said there’s been an uptick over the past few years in ballistic damage to and tampering with substations and transformers.

Moran pointed to a coordinated attack on a substation in Moore County, S.C., in December 2022 that left more than 40,000 customers without power and an attempt on substations in Baltimore, Md., in February by a recently released neo-Nazi felon who previously plotted to bomb a nuclear plant.

“We’ve gone from just cutting wires, copper theft, to now truly targeting our infrastructure to have significant impacts,” Moran said during SERC’s Aug. 15 webinar, titled “Policy Considerations for Enhancing Physical Security of the Grid.”

Moran said 2013’s Metcalf, Calif., incident, where unknown suspects cut phone cables and opened gunfire on a substation, represented a tipping point showing that the “threat posture had changed from what we historically faced.”

“It’s important to understand where we are now, and how we got here, where we came from,” he said.

Before then, Moran said criminal activity at substations was limited to “garden variety” vandalism, break-ins and theft.

Moran said in recent years, the loss of megawatts in the U.S. due to physical attacks far outnumbers the outages that cyberattacks cause, though cyber has a “larger attack surface.” He said in 2021, 92 physical attacks resulted in utilities losing 145 MW, affecting more than 56,000 customers. In contrast, 2022 contained 163 physical attacks that took out almost 7.5 GW, affecting almost 94,000 customers.

Moran said NERC’s CIP-014-3 standard for physical security is only a “baseline,” and he encouraged companies to go above and beyond.

He urged attendees to test vulnerabilities and identify their threats, unacceptable consequences and their “diamonds,” or key design elements their systems cannot afford to lose. He said the “diamonds” require more layers of physical protection.

“I don’t care if you’re an investor, a muni, a co-op, you all have something to lose,” he told attendees.

Moran also said it’s worth studying the motivations behind physical attacks, including neo-Nazi agendas, anti-authority and anti-capitalism philosophies, monetary focuses and environmental ideologies.

“Our adversaries are learning. And that’s a key variable that we always have to keep in mind: They’re gathering intelligence,” he said.

Moran said attackers are becoming increasingly aware of weak points on equipment to target with bullets, including the cooling fans of transformers. He said a shooter can be a fair distance away and still attack effectively.

Moran also said individuals are becoming more sophisticated with drone attacks.

“Previously they were kind of an anecdotal threat,” he said.

Moran said when designing substations and transformers, utilities should bring in physical security experts as early as possible. He said utilities should consider the proximity of critical equipment to fence lines and which directions equipment faces. Once operational, utilities should engage with trusted partners regularly to continue testing their protection systems and improving their physical security postures, he said.

Moran said utilities should be aware that perpetrators often prefer to execute attacks to coincide with mass gatherings, including sporting events and political rallies. He also said attackers will make attempts during extreme weather events, knowing that outages in heat waves and winter storms will be an “opportunity multiplier” to cause maximum harm.

“It’s unfortunate to talk about these kinds of things, but that’s unfortunately where we are in this day and age,” he said.

Moran said companies should remember that electricity is a “life-sustaining force” that is integral to banking, water, food, hospital and transportation systems.

SERC

Leave a Reply

Your email address will not be published. Required fields are marked *