Will Your Critical Substation Survive an Attack? (Part Three)
In the previous two issues, we asked how you would know if your critical substation could survive an attack. (If you haven’t already, it might be a good idea to revisit those columns.)
In this issue, we examine how the scenario is used to test the physical protection system (PPS).
The Vulnerability of Integrated Security Analysis (VISA) methodology breaks the scenario into discrete steps and evaluates how likely the system is to detect, assess and stop the threat. Our scenario (outlined in the previous issue) is divided into steps, entered into a worksheet and timed accordingly.
Analysis
Step 1: This activity occurs outside the range of any security systems. The probability of detection and assessment is very low. Because the response force has not yet been called, the likelihood of engagement and neutralization is also very low. The step score, which defaults to the lowest probability value, is very low.
Step 2: The video surveillance system (VSS) covers only a few yards beyond the perimeter. Due to foliage along the fence, the adversary is unlikely to be detected. Probabilities and the step score remain very low.
Step 3: The adversary takes two minutes to cut through the fence. Because of existing cover, the VSS is unlikely to detect him, and the live video monitoring (LVM) operator is unlikely to assess that an attack is underway. Therefore, no call to police is made. We assess the probability of detection and assessment as low, and since the response force has not yet been activated, the probability of engagement and neutralization remains very low. Step score: very low.
Step 4: The adversary is now seen by the LVM operator, who assesses that an attack is underway and calls police. The response clock starts. The police are 10 minutes (600 seconds) away.
Step 5: This is a critical step, as the adversary must be stopped before placing the explosive. The LVM operator continues monitoring his progress. Probabilities of detection and assessment are very high, but since the police have not arrived, probabilities for engagement and neutralization remain very low. Step score: very low. At the end of this step, the police are 540 seconds away.
Step 6: The adversary returns to the hole in the fence, remaining in view of the VSS. Probabilities and the step score are unchanged. The police are 520 seconds away.
Step 7: The adversary crawls through the hole and exits the area. The police are 490 seconds away. The total attack time is 310 seconds — just over five minutes. When police do arrive, they will not enter the site until it is de-energized and cleared by the explosives ordnance disposal team. We assess a low probability that the adversary will be seen by the VSS during his departure. The step score reflects this.
Step 8: Police have been on-site for 350 seconds when the explosive detonates, destroying the critical component.
Because the adversary was never engaged or neutralized, the step scores never exceed very low. Overall system effectiveness — defined as the highest of the step scores — is also very low. Based on this scenario, we assess that the PPS is not capable of protecting the site.
In the next issue of Utility Security, we’ll explore what PPS upgrades are necessary to defeat this type of threat.
About Ross Johnson
Ross Johnson has over four decades of experience in all aspects of security management, including tenures as a professional security manager where he oversaw regulatory requirements, budgets, personnel shortages and an endlessly expanding threat portfolio.. Having spent much of his career in the high-impact/low-frequency quadrant, he now assists organizations by developing programs that help them define the appropriate level of attention and resourcing that their risks need. Johnson has worked in the electric sector since 2006 and held executive committee positions on NERC and Electricity Canada’s security and infrastructure protection committees, including representing Canada on the CIP-014 Standards Drafting Team. He is currently the chair of E-ISAC’s Physical Security Advisory Group and co-facilitates the DBT/VISA workshop for NERC’s E-ISAC. Reach him at ross@bridgeheadsecurity.com.