Utility Security Podcast – Deep Dive – Substation Intrusion – Are You Ready To Response?

Substation Intrusion – Are You Ready To Response?

Written by Ross Johnson on August 26, 2025. Posted in Infrastructure Security.

A critical security breach at a power substation on Christmas morning. It’s a nightmare scenario, but one that utilities must be prepared for. In this episode of the Utility Security Podcast, we explore the vital, yet often overlooked, steps required to forge an unbreakable link between utility security and local law enforcement. Discover why a simple 911 call is a “massive failure in preparation” and how to proactively equip police with the context and logistical details they need for a rapid and effective response.

Dive deep into the strategies that can drastically reduce police response times, as highlighted in a real-world case study from the Pacific Northwest where coordination slashed response from 12 to just 5 minutes. Learn about the importance of sharing threat intelligence, prioritizing critical sites, and using innovative tech like What3words for pinpoint location accuracy. For a more in-depth look at this topic, check out our companion article: Substation Intrusion: Are You Ready to Respond?

Key Takeaways

• Proactive communication is key: Don’t wait for an emergency to establish a relationship with local law enforcement. Regularly share intelligence, detail the potential community impact of an outage, and jointly develop response plans.
• Response time dictates physical security: The time it takes for police to arrive directly informs the level of physical hardening required for a substation. A longer response time necessitates stronger fences, gates, and locks.
• Scripting 911 calls is crucial: Vague language can lead to a low-priority dispatch. Use pre-agreed, scripted phrases that clearly communicate the severity of the situation to ensure an immediate, high-priority response.
• Technology can save precious minutes: Tools like What3words for precise location mapping and secure, real-time video feeds can provide law enforcement with invaluable situational awareness during an incident.
• Joint training is non-negotiable: Conduct regular walkthroughs and scenario-based drills with police to test communication protocols and identify weaknesses in the response plan before a real incident occurs.

Questions and Answers

Q1: Why is simply calling 911 during a substation intrusion considered a “massive failure in preparation”?

A1: It’s considered a failure because, without prior coordination, the 911 dispatcher and responding officers will lack the critical context to understand the severity of the event. They may treat the call as a simple trespassing or property damage incident, leading to a delayed, low-priority response. This lack of preparation means the police won’t have the necessary logistical information, such as access codes, key locations, or an understanding of the immense public safety risk, which could result in catastrophic damage before they can effectively intervene.

Q2: What is the “de-energization dilemma” and how can utilities solve it?

A2: The “de-energization dilemma” refers to the fact that police officers are not trained to and will not enter a high-voltage substation while it is energized due to the extreme danger. To solve this, utilities must establish a clear, rapid, and rock-solid internal procedure for de-energizing the site, or a specific part of it, to allow for safe entry. This includes designating who has the authority to make that call 24/7 and ensuring they can be contacted instantly. This entire process should be practiced in joint drills with law enforcement.

Q3: How does police response time directly influence a substation’s physical security engineering?

A3: The estimated police response time is a foundational metric for designing a substation’s physical security. The security measures—fences, gates, locks, and other barriers—must be engineered to resist intruders for a duration that is

at least as long as the police response time. For example, if the police have a guaranteed 12-minute response time, the facility’s physical barriers must be rated to delay an intruder for a minimum of 12 minutes. If the delay rating is less than the response time, you have engineered a “window for failure”.