Substations and other critical utility infrastructure are increasingly becoming the target of physical security attacks, including trespassing, vandalism, theft, and sabotage. In the past two years, there have been dozens of reported attacks on critical utility infrastructure in the U.S. that posed dangers to life, property, reliable grid operation and utility worker safety.

Fortunately, the consequences of most of these incidents were limited; however, there have been more serious attacks. In one, an intruder shot at a security guard. In another, an act of sabotage took a substation out of service for almost a month. Yet another incident resulted in a power outage to 10,000 customers.

Attacks on substations and other critical utility infrastructure have cost utilities millions of dollars in financial losses, equipment damage, material and equipment theft, as well as fines and lost revenue from power outages. The as-yet-unrealized potential for destruction is far worse. According to the Wall Street Journal, a study by the Federal Energy Regulatory Commission (FERC) concluded that if saboteurs knocked out nine of the U.S.’s high-voltage transmission substations, the country could suffer a coast-to-coast blackout that could last for weeks, if not months. Also, in a WIRED magazine article, researchers reported that physically breaching a substation is an easy way to launch a cyber-attack.

Physical security at transmission and distribution substations, as well as other critical utility infrastructure, can be a significant factor in minimizing or deterring various types of threats. Around-the-clock centralized monitoring and alerts offer early awareness of and visibility into incidents, enabling timely response by the utility. Physical security applications and devices include not only conventional walls, fences and locks, but also surveillance and thermal imaging/night vision cameras, gunshot location sensors, door alarms, keypads and biometrics for access control, motion detectors and intrusion sensors.

Modern wireless networks: the often-overlooked building block
Modern wireless broadband communication networks are an often-overlooked building block for utility physical security systems. The physical security applications listed above require reliable, secure, broadband, multi-application communications between security devices (cameras, sensors, key pads, lights, etc.) in the substation yard, control house and perimeter, and computers located in the utility’s operations center. Wireless networks are generally preferred over wired networks because they are much easier and more cost-effective to deploy in substations as they require no trenching.

By centrally monitoring a number of these applications around the clock, utility security personnel can better and more quickly respond to security incidents. It’s vital to consult multiple systems to determine how a security breach may have occurred. One example is to use streaming or captured video to confirm what triggered a substation motion sensor. This approach enables utility security employees to screen for and ignore false alarms. It also better equips them to dispatch the correct personnel, e.g., security, maintenance, police and/or fire/EMS, to respond to verified incidents.

Wireless networks requirements: reliability
In addition to the usual reliability features – physical hardening, battery backup, IEEE 1613 compliance, etc. – there are three important elements in providing wireless network reliability in substations: access to RF spectrum, automatic interference avoidance software and mesh routing software.

1. Access to more RF spectrum means that the wireless network has more available channels to use to avoid interference. More spectrum also makes it much more difficult for saboteurs to jam the wireless communication network.
2. Access to more RF spectrum is of little use if the wireless communication network cannot dynamically use it. This is where automatic interference avoidance software comes into play. Using automatic interference avoidance software, a wireless communication network that experiences interference, whether from other legitimate spectrum users or nefarious jammers, can find and use a clean chunk of spectrum in real time.
3. Mesh routing software enables wireless communication networks to be self-healing. Wireless mesh networks can quickly recover from equipment failure and sabotage. Mesh routing can restore connectivity even if saboteurs cut fiber optic and copper cables at the substation. Because mesh routers are small and easily disguised, they are more difficult for saboteurs to take out than wireless point-to-point (PTP) or point-to-multipoint (PTMP) systems, which generally must be mounted on a mast or tower.

Wireless network requirements: secure
Physical security and cyber-security are interdependent. As noted above, physically breaching a substation is an easy way to launch a cyber-attack. Conversely, a cyber-attack can abet a physical attack by taking remotely monitored security systems off line.

Like all networks, wireless communication networks in substations come with potential vulnerability to cyber-attacks. This challenge can be met by implementing a multi-layer, defense-in-depth security architecture that extends to the network’s edge. Network cyber-security is best achieved using enterprise tools and techniques.

Wireless network requirements: broadband
Broadband network performance is required for two reasons. First, some substation physical security applications, most notably video surveillance and thermal imaging, are bandwidth intensive. In short, the higher the network’s bandwidth, the higher the resolution and frame rate it will be able to support for attached cameras. Second, broadband is needed to concurrently support multiple substation physical security applications. While physical security applications other than video surveillance and thermal imaging do not generally need large amounts of bandwidth when taken individually, the aggregate amount of bandwidth required to support all physical security applications can be quite large.

Wireless network requirements: multi-application
In addition to performance, operating multiple substation physical security applications on a single wireless communication network requires that the network support virtual LANs (VLANs) and quality of service (QoS). Each application can be supported on a separate VLAN that is configured with appropriate security and QoS settings. Using QoS and VLANS, a utility can ensure that latency-sensitive applications get network access priority over other applications with less stringent latency requirements.

Benefits of network-enabled remote physical security monitoring
Utilities can garner numerous benefits by deploying and operating a network-enabled remote physical security monitoring system for the substations and other critical infrastructure. These benefits:

1. Enable prompt, appropriate response to incidents. Remotely monitoring physical security systems, for example, using video to determine if an animal or an intruder triggered a substation motion sensor, enables utility security employees to cut down on false alarms. It also enables them to promptly dispatch the appropriate personnel, e.g., security, maintenance, police and/ or fire/EMS, to respond to verified incidents. By providing visibility inside and outside the substation, networked physical security systems enhance responders’ situational awareness and safety.
2. Mitigate safety risks and damage from malicious activity. Quick, appropriate response to physical attacks, coupled with audible alarms and warning lights, can cause attackers to flee before they are able to vandalize, steal or damage property at substations.
3. Provide evidence to aid in the apprehension and prosecution of perpetrators. Archived video of security incidents, if of sufficient resolution, can help identify perpetrators and can serve as a witness who cannot be intimidated during criminal proceedings.
4. Deter unauthorized access to property and associated malicious activity. From a utility’s point of view, the best attack is the one that doesn’t happen. If potential thieves and saboteurs know that a facility is well secured and has networked security systems that can aid law enforcement in apprehending and prosecuting perpetrators, they will likely seek softer targets. Better yet, they may be deterred from criminal activity altogether.
5. Provide an audit trail of authorized personnel entering and exiting the facility. Unfortunately, not all physical attacks on utility infrastructure are perpetrated by outsiders. Maintaining an audit trail of authorized access can deter insiders from malicious activities and provide accountability, should they engage in nefarious acts.

In Closing
Substations and other critical utility infrastructure are increasingly becoming the target of physical security attacks, including trespassing, vandalism, theft, and sabotage. Networked physical security systems at transmission and distribution substations, as well as other critical utility infrastructures, can be a significant factor in minimizing or deterring various types of threats. Around-the-clock centralized monitoring and alerts offer early awareness of and visibility into incidents, enabling timely response by the utility.

About the Author

Bert Williams is the Director, Global Marketing for ABB Wireless and brings 30 years of experience in successfully leading the marketing organizations of networking companies. Mr. Williams was Vice President of Marketing for Tropos Networks from 2002 to 2007 and returned to the company shortly before its acquisition by ABB after working as an executive marketing consultant for four years. Prior to Tropos, Mr. Williams held senior marketing positions at Alteon WebSystems (acquired by Nortel Networks), Qualix Group, SynOptics Communications (part of Bay Networks), Synernetics and Advanced Micro Devices. Mr. Williams holds a BS with University Honors in Electrical Engineering from Carnegie Mellon and an MBA from Harvard Business School.