Why Power Grids Should Be Safeguarded Against Physical Attacks
During 2022 and continuing early into 2023, power grids within the United States have been subjected to continual physical attacks. What does this mean for the Australian Energy Sector and are there takeaways that can be learned from this?
Share This Article:
When successful, attacks on power grids create outages within their respective energy networks and impact tens of thousands of customers.
Regardless of the motivation and whether it is conducted by a state actor, activism, terrorism or cybercrime, there is a trend outside of more traditional conflicts to target energy infrastructures.
Leaving aside the aspects of attacks that focus on technology, an often-overlooked area is physical security, where something as simple as a chain thrown across wiring may be enough to interrupt supply. In the United States, something as simple as shots being fired at a substation caused power to be cut for 45,000 customers.
These low-tech attacks are extremely difficult or impossible to mitigate as they fall under what might be considered simple vandalism which can be opportunistic or planned.
Another layer of complexity emerges when looking at the expansion of renewable energy zones and associated public infrastructure, which inevitably increases attack surfaces.
What are the challenges?
As with any risk, assessments on the effort of mitigating controls vs consequences form the key to decisions. For example, having 24×7 security guards on-site at main substations is resource-intense and not feasible, given that existing controls such as fencing, CCTV and electronic access should already be implemented at high-risk sites.
Finding inexpensive and agile solutions to protect assets and personnel is a key focus for energy operators, as being able to monitor and respond to a range of events over large areas becomes complicated.
What do the sources of authority say?
In the United States, the North American Electric Reliability Corporation (NERC) provides guidance via CIP-014-2 which focuses on being able to identify and protect substations, and their associated primary control centres as a result of a physical attack.
IEEE Standard 1402-2000 also provides general guidance defining Intrusions, Security Methods both technical and physical, and providing guidance on assessment processes.
Locally, energy operators are guided by ENA-DOC-015-2022 national guidelines for the prevention of unauthorised access to electricity infrastructure, which talks to control measures, defence in depth, design and construction, security advisors, control measures, specific design elements as well as vulnerability assessments which need to be done as part of assessments for substations.
What next?
Energy operators should seek expert guidance when implementing any risk program and Anchoram can assist in implementing safe physical risk mitigation techniques that are standards compliant.
Anchoram Consulting provides an Integrated Security Service that ensures a holistic approach to security analysis of threats, risks and treatments. This includes Physical Security analysis and assessments of key sites for vulnerabilities that are not assessed in a cyber risk assessment alone.
This results in viable and affordable physical security treatment options that compliment other controls deployed in cyber and or personnel security domains as part of a whole of security risk assessment and treatment plan.
During 2022 and continuing early into 2023, power grids within the United States have been subjected to continual physical attacks. What does this mean for the Australian Energy Sector and are there takeaways that can be learned from this?
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.