In fact, the energy industry is just coming of age to utilize the latest operation technology. Some organizations lack even accurate and up‐to‐date information to provide first responders of grid outages with the intelligence and support necessary to make informed decisions during critical events. Keeping personnel motivated, trained, and ready to respond to emergencies is a challenge, made even greater without an appropriate records retrieval program in place.
Augmenting security for utilities is seeing some progress. The Federal Government is taking steps to enhance physical and cyber security for utilities. The Critical Infrastructure Protection Cyber Security Standards, mandated by the Federal Energy Regulatory Commission (FERC), are designed to reduce the risk to the reliability of the utility electric system and enhance security by protecting Critical Cyber Assets (CCA). The Cyber Security Standards requires utilities to implement and document a program to identify, classify and protect information associated with CCA’s. Some facilities, control centers, and substations must undergo security assessment and augmentation when identified as Critical Assets.
Access to these Critical Assets, whether in person or through cyber and electronic means, has to be authorized and will be controlled, monitored (with an immediate response to all unauthorized access attempts), and logged. Physical access will likely be controlled by the use of card reader systems. To be authorized for access, affected employees, contractors, and vendors are required to have an appropriate level of personnel risk assessment consisting of identity verification, seven‐year criminal record search, and terrorist watch list search. In addition, they are also required to attend annual cyber security training and regular security awareness training.
Most utilities are required to be compliant with the North American Electric Reliability Corporation (NERC) Cyber Security Standards CIP‐002 through CIP‐009. In order to be compliant, there are a number of physical security access control requirements that must be met at Bulk Power Electric Substations. These are substations handling large power transmission capabilities, not solely local electric distribution to local areas. The requirements are to control, monitor, and log access to critical cyber assets that are contained within the control houses at these substations. There is also a non‐compliance self‐reporting requirement that mandates utilities to self‐report to NERC any known violation of the CIP standards.
2.3 Electro Magnetic Pulse and Solar Flares
Another growing threat to be wary of is an EMP or electromagnetic pulse event, which can either occur from a solar flare or a nuclear warhead. A solar flare is an ejection of large amounts of energy from the sun. An EMP can be generated via a nuclear warhead that is detonated above the Earth’s atmosphere or by a “regular” explosion with the correct combination of an electrically sourced magnetic field. Essentially, this type of attack causes a massive electrical surge that can potentially be over 10,000 volts per meter. On the other hand, a solar flare is generated when magnetic energy is built up in the solar atmosphere and released suddenly. Both of these events, solar flares and EMPs, can cause severe damage to power grids, computers, electronics, electrical networks, and control systems. In an era that has become completely entirely reliant on digital technology, such an assault would not only cause disorder but completely shatter the ability of a country to operate normally.
The United States has developed the Electromagnetic Pulse Commission to analyze the growing EMP threat. The main areas that the commission recommends decreasing susceptibility are deterrence, defense, protection, and recovery. Alongside other international organizations, the EMP Commission is aiding in developing a framework for infrastructure protection. On March 26, 2019, the president of the United States issued an executive order titled, “Executive Order on Coordinating National Resilience to Electromagnetic Pulses.” The stated goal of the order was that “The Federal Government must foster sustainable, efficient, and cost‐effective approaches to improving the Nation’s resilience to the effects of EMPs.” But what organizations have been developed within the mission critical industry to educate and set standards for protecting vital infrastructures against such attacks? An EMP Protection Engineering field needs to be developed to start educating facility managers of this concern.
Planning rationally for infrequent but grave contingencies resulting from EMPs and solar flares is inherently difficult. Organizations that have prepared properly for yesterday’s risk profiles may be unprepared for tomorrow’s. The risk‐of‐failure profiles of the past reflect its relatively benign threats, including routine equipment failures, lightning strikes on power lines, and such small‐scale hazards as squirrels chewing through insulators or cars colliding into utility poles. Table 2.2 shows the major historic solar flare event and their impacts, which are similar to those arising from EMP events. Now, in addition to concerns about weather‐related outages (hurricanes and ice storms in particular) as well as recent experiences underscoring the possibility of widespread operational outages, there is also the heightened concern of deliberate attacks on the grid. The latter changes the risk profile fundamentally—that possibility poses the risk of outages that last a long time and extend over wide areas.
Table 2.2 Major Solar Flare Events
| Year & Source | Description and Impact of the Event |
|---|---|
| 1859: The Carrington Event | The Carrington Event of 1859 was the first documented event of a solar flare impacting Earth. The event occurred at 11:18 a.m. EDT on September 1 and is named after Richard Carrington, the solar astronomer who witnessed the event through his private observatory telescope and sketched the sun's sunspots at the time. The flare was the largest documented solar storm in the last 500 years, NASA scientists have said. According to NOAA, the Carrington solar storm event sparked major aurora displays that were visible as far south as the Caribbean. It also caused severe interruptions in global telegraph communications, even shocking some telegraph operators and sparking fires when discharges from the lines ignited telegraph paper, according to a NASA description. |
| 1972: Solar Flare vs. AT&T | The major solar flare that erupted on August 4, 1972, knocked out long‐distance phone communication across some states, including Illinois, according to a NASA account. “That event caused AT&T to redesign its power system for transatlantic cables,” NASA wrote in the account. |
| 1989: Damage from the March 13 & 1989: Geomagnetic storm caused by an intense solar flare |
In March 1989, a powerful solar flare set off a major March 13 power blackout in Canada that left six million people without electricity for nine hours. According to NASA, the flare disrupted electric power transmission from the Hydro Québec generating station and even melted some power transformers in New Jersey. This
|
