Beyond Compliance, Utilities Remain Vulnerable
While utility enterprises are taking steps to detect and deter physical security threats, preventing damage and enabling recovery remain significant challenges, according to The State of Physical Grid Security 2015. Forty percent of survey respondents indicated their utility has not taken any hardening actions in the last two years to delay or limit damage of critical assets. While most utility enterprises have identified critical substations and taken steps to assess potential vulnerabilities and threats to comply with NERC CIP-014, 28 percent say they have not completed any additional initiatives.
The study found that utilities are relying less on personnel and more on automated systems to detect and deter threats. Twenty-five percent of surveyed utilities have increased the presence of on-site security personnel, but 74 percent have undertaken measures to restrict physical access at substations, including installing card readers, automated gates, smart locks and unique keying systems. Sixty percent of respondents are using remote electronic surveillance equipment, and 65 percent are using alarm systems to monitor for unauthorized access, tampering or forced intrusion. Four percent are using aerial drones for monitoring.
Generally, utilities are starting with low-hanging operational measures. Hardening, which takes longer and often costs more, is saved for later in phased security approaches, the survey notes.