Various organizations and agencies involved in homeland defense have been in the process of identifying the thousands of critical infrastructure assets across the nation that must be protected. An objective is to develop plans to ensure that critical infrastructure assets have adequate security for continued functioning. Planners must realize that no matter how well protection plans for critical infrastructure perform, when the day of emergency arrives, all of those infrastructure assets are dependent on electric energy.
A new dimension of “national security reliability” is being used in the planning for reliability of the electric power industry. The North American Electric Reliability Council, with the Federal Energy Regulatory Commission (FERC) providing the regulatory support stipulated in the reliability provision of the Energy Policy Act of 2005, is leading the effort. Additional support is provided through industry groups, such as the Electric Power Research Institute (EPRI) and the Edison Electric Institute (EEI). Industry is also working closely with various federal government agencies, such as the Department of Homeland Security (DHS), Department of Energy (DOE), Department of Defense (DOD), Department of Justice (DOJ), Department of Transportation (DOT), Federal Bureau of Investigation (FBI), DOD’s Technical Support Working Group (TSWG), and the National Security Council (NSC). It is important that these efforts be well coordinated to avoid conflicts in recovery and restorations efforts.
New security protocols and mitigation measures are currently being developed and adopted through cooperation between government and industry to provide protection against the current terrorist threat. Examples of these are provided in Box 3.2. Pilot projects involve advanced security technologies that include digital CCTV, fiber optics, smart cards, and biometric IDs and card keys, as well as fencing design and manufacturing improvements.
Efforts have also been made toward understanding interdependencies, and how the power industry fits into the national critical infrastructure framework. Regional inter-dependency exercises have been conducted to consider the resiliency of utilities, the water supply, telecommunications, oil and gas, banking, financial services, and so on.
Many physical changes have been made and security enhancements implemented since the attacks on the World Trade Center. These include an increased awareness of the need to be more cautious with regard to access to information and facilities as well as to ensure that employees and contractors are not likely collaborators with terrorists. Box 3.3 lists the steps that most utilities have now taken to limit access to facilities and information. In addition, electric power industry security personnel have begun to develop a set of technical physical security skills and practices of the kind listed in Box 3.4.
• Utility coordination and information exchange programs in place at the North American Electric Reliability Council and the Edison Electric Institute
• Development of new risk assessment methodologies
• Risk-awareness management principles and practices in use by utility consultants
• Security vulnerability assessments
• Implementation of security upgrades and transitioning from security enhancements to comprehensive programs
• Recovery planning
• Security outreach programs including exchanges of best practices
• Top-to-bottom emergency plan reviews and updates
• Review and updating of mutual support agreements
• Improvement of security engineering of substations and control centers
• Requiring positive ID for all personnel visiting facilities
• Instituting access controls for all pedestrians and vehicles passing through entrance gates
• Hiring additional security officers
• Increasing the frequency of facility security checks
• Increasing aircraft patrols of transmission lines
• Increasing liaison relationships among local law enforcement, the FBI, and the National Guard
• Upgrading security policy and procedures
• Updating employee security and emergency response guides
• Developing new gate designs and standards
• Developing industry-wide baseline of security standards
• Conducting employee security awareness training
• Instituting a “no tours of the facility” policy
• Reviewing all internal and external Web pages and materials for information that could be used by terrorists