Government Security News
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Special Section: Protecting the Grid<br />
New CIP standards provide a catalyst to unite se<br />
By Mark A. Tinker, PhD<br />
32<br />
In late 2014, the Federal Energy<br />
Regulatory Commission<br />
(FERC) outlined new rules,<br />
which take effect in 2016, requiring<br />
electrical utility companies<br />
to determine the key<br />
electric transmission stations<br />
and substations that could<br />
have large scale impact on the US electrical grid.<br />
Heading into 2015, those tasked with securing<br />
the national electrical grid must proactively<br />
enhance their security posture to address these<br />
critical infrastructure protection guidelines. However,<br />
large power corporations are starting to realize<br />
it is possible to capitalize upon compliance<br />
by leveraging security investments across other<br />
departments. Enhancing security not only has<br />
the desired effect, but when done from an holistic<br />
perspective, it can actually improve operations,<br />
increase asset resilience, and improve rate payer<br />
value. In other words, security is no longer a line<br />
item in a budget, but a critical element of corporate<br />
performance.<br />
According to an article in the Wall Street<br />
Journal in November 2014, large power companies<br />
such as PG&E and Dominion Resources plan<br />
to invest hundreds of millions of dollars to alleviate<br />
current weaknesses that incidents like Metcalf<br />
exploited. Among the vulnerabilities common to<br />
electrical transmission substations were remoteness<br />
of assets, security operators lack of confidence<br />
in alerts, and the image quality from cameras,<br />
especially in darkness or difficult weather<br />
conditions.<br />
Addressing these vulnerabilities means<br />
proactively turning operator intuition into intelligence.<br />
Intelligence stems from validated alerts<br />
that lead to action, whether by operator initiative<br />
or automatically by the security system. This leads<br />
to proactive deterrence.<br />
Shift from Reaction to Deterrence<br />
Since 9/11, reaction became the dominant element<br />
of the new security paradigm. Today, while reaction<br />
is still a common and necessary requirement,<br />
a new theme is appearing, which is deterrence. It<br />
is now possible to model how modern perimeter<br />
intrusion systems can significantly increase the<br />
probability of deterrence. As utility companies<br />
strengthen their security posture, they seek to deter<br />
or delay threats before they can act. A driver<br />
for deterrence capability is having space and time<br />
available for intercession.<br />
The technologies that enable deterrence also<br />
add value to business operations and resilience.<br />
Operators can now confirm with security if they<br />
are witnessing an anomaly and if so, begin to take<br />
necessary actions.<br />
Integrated <strong>Security</strong> Enabling Defense in<br />
Depth<br />
What is most intriguing are emerging new technologies<br />
that can single-handedly do much more<br />
than ever before, yet when integrated with other