Threats to our nation’s power grid are nothing new. The electrical grid has always been designed to respond to unexpected outages caused by Mother Nature and aging infrastructure. But in the past few years, a new threat has emerged — substation attacks.
An attack on Pacific Gas & Electric Metcalf Substation on April 16, 2013, exposed a vulnerability of the electrical grid, forcing the industry to reexamine grid security. This event, and the subsequent media attention that followed, led to the creation of the NERC CIP-014 Standard — a six-step process that requires owners and operators of transmission stations and substations to take measures to protect against physical attacks and vulnerabilities.
With the first implementation date for NERC CIP-014 physical security standards rapidly approaching on October 1, it’s important to put a plan in place now to demonstrate compliance at your critical substations.
What is CIP-014?
The industry has embraced this opportunity to protect against physical attacks, and CIP-014 lays out the guidelines for implementation. Its main components include risk assessment, threat evaluation, development of security plans and third-party verification.
The purpose of CIP-014 is to identify and protect transmission stations and transmission substations and their associated primary control centers that, if rendered inoperable or damaged by a physical attack, could result in instability, uncontrolled separation or cascading within an interconnection.
Requirements of CIP-014-1
CIP-014 outlines a six-step process that transmission owners and operators must follow to enhance the physical security of identified electrical stations, substations and primary control centers.
1: Initial and Subsequent Risk Assessments
2: Third-Party Verification of Risk Assessment
3: Notify Applicable Transmission Operator of Identified Control Centers
4: Evaluation of the Potential Threats and Vulnerabilities of a Physical Attack
5: Develop a Physical Security Plan
6: Third-Party Review of Evaluation and Security Plan
Planning for Substation Perimeter Security
CIP-014 doesn’t outline specific security enhancements — it merely serves as a guideline. Owners and operators have the flexibility to determine a substation security plan specific to their needs and service territory. If you, like many owners and operators, are focusing on enhanced perimeter and asset hardening as part of your security plan, tune in to the Burns & McDonnell World blog for my upcoming miniseries that will outline the steps necessary to implementing a hardened perimeter in accordance with Requirement 5 – the development and implementation of a documented physical security plan covering transmission stations, substations or primary control centers. Next week’s topic will address the need for proactive measures to protect substations.
Additional resources on this topic: