Feature Article
Securing Remote Substations for a Smarter Grid
A New Approach to Situational Awareness and Incident Response
Jasvir Gill, Founder and CEO AlertEnterprise Utilities across North America share a common realization that current physical security measures at remote substations simply cannot truly safeguard critical infrastructure against insider threat, copper theft and sabotage. It turns out that current security deployments are not enough to compete against the intelligent perpetrator with inside access to a company’s vulnerabilities. For instance, an ever-increasing prevalence of copper theft has been led by insiders who have created interruption in electrical distribution and telephone service across the country, in addition to financial loss in the millions for utilities nationwide. There is a common misperception across asset-intensive industries that a chain-link fence, security guards, or video surveillance techniques can deter thieves or help guard against acts of theft and sabotage. While these techniques provide some level of security, true prevention of threat, including insider threat and external threat related to fraud, theft Substation monitoring systems help actively monitor and promptly respond to any real and acts of sabotage, involves more than or perceived issues. just managing IT or physical security. With energy theft and copper theft on the rise, utilities today are seeking innovative, cost-effective ways to deal with the challenge of monitoring un-manned and partially-manned assets such as remote substations, control rooms and storage facilities. According to a US Department of Energy report released in August 2011, an investigation found that up to 30,000 pounds of copper were stolen by Department contract employees at a facility that is locked after hours and has access controls in place. In another example from Texas, investigations by the Office of Inspector General found that hundreds of pounds of copper were stolen by multiple plant contractor employees. The copper was stolen while other contractor employees were performing work in the area, and under conditions where the actual storage site of the copper was unsecured during the time of theft. In both of these cases, among a multitude of other similar cases, there is a common trend that is often overlooked. Insider threat comes in many shapes and forms, but the perpetrator is often the same, an intelligent employee or contractor. Much of our focus as companies is to counter external threat. Unbeknownst to many, insider threat poses greater damage to our critical infrastructure, including to our physical, logical and security systems. Insiders have privileged access to critical company assets, knowledge of confidential information, and the inside scoop on a company’s vulnerabilities. by asking themselves the value the company places on keeping a head above the techniques and strategies employed by intelligent threat actors. Company executives who have experienced insider threat incidents can tell you that the costs associated with managing the occurrence of theft and threat at remote or un-manned substations can by far and negatively outweigh the cost of automation of critical assets and infrastructure itself. Rather than deal with the repercussions of NERC-imposed fines or tarnished reputations after an incident has occurred, many utilities and energy sector organizations are incorporating active policy enforcement into their strategies to ensure that threats and theft can be prevented and resolved before critical infrastructure and assets are adversely affected. We need to advocate for change within our organizations to take on a more technologically-advanced stance to keep up with the rapid growth in internal and external threats advancements. Often time, resistance to change and especially incorporating new advancements in technology, impedes progress in security of critical assets and infrastructure. Active policy enforcement is key to being able to prevent against a real threat of risk to critical assets and systems. Automation is a vital component to successful prevention of threat, without which, the risk of human error or threat by an intelligent threat actor remains significant. Why automation? Automation marks the difference between engaging in the recipe for failure or loosening your dependency on luck. Many utilities have granted control of an entire network to a handful of individuals, without realizing that this could pose a grave threat to security of critical infrastructure. We’ve already discussed two prime examples where instances of copper theft occurred by insiders who were given authorization to the areas from which the copper theft was stolen. The enemy with the greatest harm can sometimes turn out to be the disgruntled employee or the intelligent threat actor who has inside access to critical assets and infrastructure. This actor could be a utility company’s most reliable, hardworking employee. Many incidents behind which insider threat is the acting force often come without any notice. For this reason, reliance on manual detection of threat, insider or outsider, is no longer a viable and practical solution to counter acts of threat, theft or sabotage to remote substations or any other critical facility within a utility organization.
The Greatest Challenge
The Effects of Un-Manned and Partially-Manned Assets
There is an unsurprising trend among the utility industry for entities that engage in mostly manual detection of threat to substations. Most often, the vulnerabilities that arise in a substation environment are due to lack of an automated monitoring system. Technology aside, intelligent threat actors are becoming increasingly advanced in their technique and strategy. Many times, decision makers wave off suggestions to incorporated automated technology at substations either because it is not deemed as high a priority or it is presumed to be too expensive a cost without inquiring as to costs and benefits. How expensive is it to automate security at a remote or un-manned substation? Decision makers can provide their own answer to this question
6
www.RemoteMagazine.com
Costs Associated with Security of Un-manned and Partially Manned Substations
Due to tighter policies, more stringent regulatory mandates, and greater instances of insider threat, security managers need a unified view of access risk to employees, facilities, proprietary information and critical assets. No matter what the threat is called, how it enters your system, or what the motives may be behind the malfeasance, the potential for damage is a fundamental concern. To address the challenges associated with insider threat to remote or un-manned substations, many utilities across North America are securing their physical security parameters through security convergence technology. Security convergence technology delivers solutions for continuous monitoring for remote substations, control rooms and storage facilities. It turns out that true prevention of threat, including insider threat and external threat related to fraud, theft, acts of sabotage and terrorism involves more than just managing IT or physical security; it also includes the ability to actively monitor and promptly respond to any real or perceived issues. By providing true convergence of physical and logical systems, monitoring delivers security incident management. For instance AlertEnterprise combines risk
A Proactive Approach to a Securer Substation Starts From Within: Substation Monitoring and Incident Response
http://www.RemoteMagazine.com
Table of Contents for the Digital Edition of Remote - December 2011