FIGURE 1: A layered approach to physical security
By Petter Fiskerud and Emma Ritch
To help utilities reach their substation security and resiliency goals, operation managers are deploying smarter physical defenses that work hand-in-hand with a reliable and secure communication network to shore up substation defenses, decrease reaction times and improve the speed of restoration. While absolute physical security is not practically achievable, it is possible to lessen the damage. To achieve intended benefits, a layered approach to security is recommended. See Figure 1.
As shown in Figure 1, here are the top approaches in developing a smart physical security plan:
1. Assess the asset risk to extreme weather events, intentional criminal attacks, geomagnetic disturbances and electromagnetic pulses.
In developing a strategic defense and recovery plan, assessing infrastructure vulnerabilities is the initial step. Utility operators need to identify vulnerabilities in critical substations, including substation site details, physical landscape and system information, as well as perform a thorough assessment of the equipment, such as:
• Nameplate / design,
• Operating data,
• External barriers,
• Tank and components, and
• Bushings and arresters.
2. Harden substations and power equipment against attack through substation design modifications.
Typically, the first, vital step in any security plan is to implement operational measures that include:
• Limiting access,
• Deploying alarm systems,
• Installing physical barriers, and
• Enhancing substation lighting.
In addition, hardening can be designed into a new build or as part of a retrofit plan. If this involves new construction, critical equipment can be placed in the interior of the substation. There is an industry shift to indoor gas insulated switchgear (GIS) substations that can occupy as little as 10 percent of the space required by a conventional substation.
Unfortunately, transformers are not so easily hidden. One large transformer can cost millions of dollars and take months and even years from design to commissioning. To make them less vulnerable, ABB is designing transformers with a number of additional features that will harden them against physical attacks, including:
• Ballistic resistant tank walls,
• Shielded accessories on the exterior of the tanks,
• Ballistic impact sensors,
• Use of dry composite bushings instead of porcelain oil-filled bushings, and
• Redundant / automated cooling systems.
Ballistic testing performed in accordance with UL 752 shows the transformer can be designed to withstand Level 10, the highest level for the UL 752 ballistic testing standard, without penetration of the tank. In addition, ABB’s solution will not change the look and feel of the transformer. This prevents costly rebuilds of the substation and does not affect the normal maintenance practice. The end result then becomes a simple and cost-effective solution.
3. Remotely monitor assets, surroundings and automate response to abnormalities.
Because substations are often in locations away from the center of operations, monitoring involves both keeping a physical eye on what’s going on as well as electronics to identify incursions or power disruptions in real time and the extent of their impact. For both new and existing substations, a number of devices including cameras, motion detectors and fence sensors can alert the utility to a breach. While these technologies have been around a long time, they are getting more sophisticated. Upgraded applications include thermal imaging, night-vision cameras, gunshot location sensors, door alarms, keypads and biometrics for access control, motion detectors and intrusion sensors.
Much of substation operations and monitoring relies on electronic communications and must be part of the plan. Wireless networks offer many advantages over wired networks and are preferred by utilities because they require no trenching—making the network far easier, faster, safer and more cost-effective to deploy. A wireless mesh communication network architecture also offers ongoing operational and maintenance advantages:
FIGURE 2: Industry shift to indoor GIS substations allows for bullet-resistant enclosures.
• Self-healing technology: When a link between active nodes becomes disrupted in a wireless mesh architecture, the mesh routers identify the problem and automatically switch to an alternative path, effectively routing around the disruption. If the wireless mesh network within the substation is part of a larger mesh communication network, the mesh can serve as a backup communication link into/out of the substation in the event saboteurs cut fiber optic or copper cables at the substation.
• Multiple radio channels and bands: Having access to multiple radio channels and bands builds in redundancy. If there is interference on one channel or band, routers can immediately and automatically switch to another.
• Automatic interference avoidance: By deploying automatic interference avoidance software, a wireless communication network can find and use a clean chunk of spectrum in real-time mitigating interference, whether from other legitimate spectrum users or malicious jammers.
• Multi-layer security: As with wired networks, wireless networks need to be ready for anything. By deploying a multi-layer, defense-in-depth security model with login reporting, evil-twin monitoring, denial of service (DoS) identification and compliance reporting, utilities can mitigate vulnerabilities.
• Increased physical security: Unlike narrowband SCADA radio and cellular data offerings, wireless mesh network routers provide the performance and reliability needed to support physical security applications at transmission and distribution substations.
4. Rapidly repair lightly damaged power equipment or rapidly replace severely damaged power equipment.
Get to know your local emergency personnel. If a real substation emergency happens, knowing your first responders and trusting them to respond quickly and appropriately can help mitigate further damage.
Post-event, perform an initial assessment of the condition of the equipment and mobilize resources as needed. Not all attacks will bring the system to a halt. For example, if an attacker were to disable a transformer’s cooling systems, substation monitoring can alert the utility to a problem so it can reroute power and reduce the load on the compromised assets before any real damage occurs. Once power is safely rerouted, the focus turns to repairs. ABB maintains designs for more than 70 percent of the transformers in use today and can help utilities find equivalent replacement parts, even for equipment that hasn’t been manufactured in years. Another path to quicker recovery is designing modular transformers, making them faster to manufacture, easier to transport and faster to install. Outages highlight the importance of partnering. It is a solid strategy to align with a company that has extensive experience working with large-scale emergency substation outages.
Ultimately, wake-up call incidents that have been reported nationally have given utilities the needed push to assess and act on vulnerabilities that critical assets face every day in the field. Threats of physical and cyberattacks as well as natural disasters have made a multifaceted approach to grid resiliency more necessary than ever. UP
About the authors: Petter Fiskerud is program manager for ABB Inc.’s North American power transformer resiliency initiative. He is responsible for developing effective processes supporting assessment, hardening, monitoring, repairing and replacing power transformers to improve power transformer resiliency towards a natural or man-made event. He has worked with ABB for more than 23 years in engineering, project management, service management and general management with more than 10 years of direct P/L responsibility.
Emma Ritch leads Global Business Development in the utilities market for ABB Wireless. Ritch has a decade of experience as a consultant and analyst in wireless communication networking solutions, providing go-to-market strategy, product development, strategic partnership development and market intelligence for clients including General Electric, Siemens, ABB and Ericsson. Most recently, she led product marketing for Silver Spring Networks in the smart grid, smart cities and IoT markets.