The North American Electric Reliability Corp. (NERC) standard on physical security—known as Critical Infrastructure Protection-014 (CIP-014)—includes six basic requirements, but perhaps the most challenging for power companies is to develop and implement a documented physical security plan. Tower-mounted robotics powered by artificial intelligence could make that easier.
The U.S. power grid is wide open for attack. More than 200,000 miles of high-voltage transmission lines, interspersed with hundreds of large electric power transformers and substations span the country, often in remote locations. In response to growing threats, NERC issued requirements for the physical security of critical transmission stations and substations, and their associated primary control centers. Meeting these mandates is costly and complicated for utility owners and operators. Fortunately, new advancements in technology—particularly in the fields of robotics and artificial intelligence—can offer proactive protection against attackers at a reasonable cost and help utilities achieve compliance.
Power Grid Vulnerability
An attack on the power grid can cause significant damage. In fact, the loss of only nine substations could take down the nation’s entire grid, according to one study. Paul Parfomak, a specialist in energy and infrastructure policy, noted in a congressional report, “Experts have long asserted that a coordinated and simultaneous attack on multiple high-voltage transformers could have severe implications for reliable electric service over a large geographic area, crippling its electricity network and causing widespread, extended blackouts. Such an event would have serious economic and social consequences.”
Especially vulnerable to attack are what one former Navy SEAL and U.S. intelligence officer called soft targets. “These are generally remote areas that just have a fence around them, maybe a camera system … they’re not hard at all to actually take down,” he said in a recent interview. He added, “For a small handful of people to take down a power grid, it’s just not that hard … this is absolutely one of the easiest possible things you can do to drive urban areas into total chaos.”
The NERC regulations—known as CIP-014—include six basic requirements, such as a risk assessment to identify critical facilities, independent verification of the risk assessment, and evaluation of the potential threats and vulnerabilities of a physical attack on these critical stations or substations. Perhaps the most challenging requirement is to develop and implement a documented physical security plan. According to the directive, this plan must have the following elements:
- Resiliency or security measures designed collectively to deter, detect, delay, assess, communicate, and respond to potential physical threats and vulnerabilities identified during the evaluation.
- Law enforcement contact and coordination information.
- A timeline for executing the physical security enhancements and modifications specified in the physical security plan.
- Provisions to evaluate evolving physical threats, and their corresponding security measures.
Challenges to Compliance
Utility owners and operators face several barriers to CIP-014 compliance. The biggest one is cost. Traditionally, security has not been viewed as a sensible investment. A 2006 report from the Electric Power Research Institute noted: “Security measures, in themselves, are cost items, with no direct monetary return. The benefits are in the avoided costs of potential attacks whose probability is generally not known. This makes cost-justification very difficult.”