The Importance of Physical Security for Utilities
Image courtesy of Nuclear Regulatory Commission under Attribution 2.0 Generic License, resized to 700 x 391 pixels.
Obviously, cyber-attacks are on the rise and are a major threat – in fact, the energy industry is among the top-5 industries most targeted for system hacking and malware attacks.
But while cyber-attacks get most of the press, physical security breaches like substation attacks are becoming increasingly common as well. Unfortunately, physical security takes such as backseat to cybersecurity that it often gets lost in the shuffle, which is unfortunate since both are inextricably linked.
How to Fortify Physical Security from the Ground Up
Physical security measures take the form of things like security cameras, access control readers, perimeter fences, door locks, scanned building entry, and similar tactics. As is detailed in this Power Grid article, the first step to optimizing these measures is to assess the current security practices across the utility.
This assessment involves taking inventory of all physical-security devices and equipment, performing a vulnerability audit, identifying and cataloging all security related information, and documenting all users that have knowledge of security devices and systems. Then, based on this assessment, recommendations can be developed to optimize security measures and practices.
For example, the assessment may reveal the need to provide centralized I.T. support for all network-connected security devices. It may also reveal the need to conduct periodic testing of all equipment and processes, improve password protocols, install bullet-proof glass as needed, and similar tactics.
Ultimately, these measures, while helpful, aren’t sufficient on their own. They must be interlinked with the company’s cybersecurity practices fostering a coordinated strategy for overall system and infrastructure hardening.
The bottom line is that physical security has always been an important part of utility operations, but its importance has grown dramatically in the past 5 years or so. Utilities across all sectors should take proactive steps NOW to make sure that they “lock all windows and doors” so to speak, before a bad actor gains entry.