Physical Security
About this risk area
Physical security events, like attacks using firearms, impacting the Bulk Power System, specifically distribution substations, have increased in recent years, according to the ERO Reliability Risk Priorities Report. Vulnerabilities to such events are exacerbated by supply chain constraints and the impact of replacing long lead-time equipment damaged during an attack. This trend, coupled with the physical security risk posed by drones and online chatter regarding coordinated grid attacks, contribute additional concerns. Although these events have garnered much attention, they are likely to be more localized geographically and therefore, the largest physical security risk may be the interdependent nature with cyber security. An exploitation of a physical security vulnerability could allow unauthorized access to critical cyber assets, resulting in a widespread cyber-attack.
Physical security of substations is addressed through the North American Electric Reliability Corporation (NERC) Reliability Standard CIP-014 with the purpose of identifying and protecting transmission assets and control centers, that if rendered inoperable, would result in instability, uncontrolled separation, or cascading outages within the grid. While this standard helps mitigate the risk to the most impactful substations and control centers, NERC advocates taking a risk-based approach for all levels of substations to determine what amount of investment would be appropriate based on local risk factors.
Physical security of cyber systems is addressed in NERC Reliability Standard CIP-006, which establishes measures and controls to prevent, detect and alert administrators of unauthorized or inappropriate access to cyber assets. ReliabilityFirst is committed to continuing the conversation regarding physical security on our webinars and Technical Talks with RF. In addition, ReliabilityFirst has a tabletop tool for entities to self-assess the readiness and responsiveness to a physical security attack. We also offer the assist visit program for entities to ask questions and discuss best practices with a subject matter expert.
Explore physical security resources below.
