Electrical substation with blue and clear sky

Threats to our nation’s power grid are nothing new. The electrical grid has always been designed to respond to unexpected outages caused by Mother Nature and aging infrastructure. But in the past few years, a new threat has emerged — substation attacks.

An attack on Pacific Gas & Electric Metcalf Substation on April 16, 2013, exposed a vulnerability of the electrical grid, forcing the industry to reexamine grid security. This event, and the subsequent media attention that followed, led to the creation of the NERC CIP-014 Standard — a six-step process that requires owners and operators of transmission stations and substations to take measures to protect against physical attacks and vulnerabilities.

With the first implementation date for NERC CIP-014 physical security standards rapidly approaching on October 1, it’s important to put a plan in place now to demonstrate compliance at your critical substations.

What is CIP-014?

The industry has embraced this opportunity to protect against physical attacks, and CIP-014 lays out the guidelines for implementation. Its main components include risk assessment, threat evaluation, development of security plans and third-party verification.

The purpose of CIP-014 is to identify and protect transmission stations and transmission substations and their associated primary control centers that, if rendered inoperable or damaged by a physical attack, could result in instability, uncontrolled separation or cascading within an interconnection.

Requirements of CIP-014-1

CIP-014 outlines a six-step process that transmission owners and operators must follow to enhance the physical security of identified electrical stations, substations and primary control centers.

1: Initial and Subsequent Risk Assessments

2: Third-Party Verification of Risk Assessment

3: Notify Applicable Transmission Operator of Identified Control Centers

4: Evaluation of the Potential Threats and Vulnerabilities of a Physical Attack

5: Develop a Physical Security Plan

6: Third-Party Review of Evaluation and Security Plan

Planning for Substation Perimeter Security

CIP-014 doesn’t outline specific security enhancements — it merely serves as a guideline. Owners and operators have the flexibility to determine a substation security plan specific to their needs and service territory. If you, like many owners and operators, are focusing on enhanced perimeter and asset hardening as part of your security plan, tune in to the Burns & McDonnell World blog for my upcoming miniseries that will outline the steps necessary to implementing a hardened perimeter in accordance with Requirement 5 – the development and implementation of a documented physical security plan covering transmission stations, substations or primary control centers. Next week’s topic will address the need for proactive measures to protect substations.

And if you’re ready to get started on developing a comprehensive substation security plan, let us help.Watch Our Video

Watch Our Video

Additional resources on this topic:

NERC: Project 2014-04 Physical Security

Utilities Infrastructure and the Dangers of Cyber Warfare

Keegan Odle, PE, is director of substation projects at Burns & McDonnell. He specializes in the design and execution of electrical substation projects.