Time to Comply: U.S. Power Industry Prepares for New Federal Security Standards

Is the U.S. power grid adequately protected? It’s a question being asked more often these days amid frequent reports of threats facing electricity plants and substations from both the cyber and physical worlds.  

Many people may not realize that the power industry is quickly approaching a milestone for rolling out an ambitious new set of federal security standards, which have been quietly brewing behind the scenes for the last two years. 

According to the North American Reliability Corporation (NERC), January 1, 2017 is the date for certain U.S. electric substations to have their requirements completed and approved to effectively “deter, detect, delay, assess, communicate and respond” to physical threats. Currently, unaffiliated third parties are reviewing substation security plans to make sure they’re prepared to act quickly in the event of a physical attack. 

These new standards (called Critical Infrastructure Protection 014, or CIP 014) represent a step in the right direction towards a more-robust grid, but they also expose a crucial opportunity for other substations—those not required to follow the new rules—to follow lead.

NERC’s CIP 014 rightly prioritizes avoiding mass cascading blackout at a national level, but substations that aren’t officially held to these standards could still experience major losses and outages if attacked. For instance, a California substation that was attacked in 2013—costing $15 million in damages and inspiring the need for new regulations in the first place—is technically not required to comply with CIP 014, according to a report from the Wall Street Journal.

This begs the question: how many substations are still vulnerable to physical attack? 

At Honeywell, we believe it’s important for each substation regardless its “level” to protect itself from physical threat. And there are technologies and approaches to do it. The power grid is a complex and sensitive network that lights our homes, fuels our mobile devices, and keeps our food fresh, and not even the most isolated rural communities—let alone utility companies—can afford power outages as a result of an attack.  

“Substations have a responsibility to be more secure than the links on a padlock chain, and many of them need assistance and resources to get there,” said Angela Oberman, Honeywell Security and Fire’s Critical Infrastructure Segment Manager and Site Leader. “Honeywell is committed to not only providing top-notch, integrated physical security systems, but also educating substations so they know how to exceed the latest standards—even if they’re not officially subject to them. It’s in everyone’s best interest to talk about utility security plans, and what to do if a substation goes dark.”