Total Security Advisor
Practical Security Tips, News & Advice.
Updated: Dec 22, 2022
While most are getting ready for the holidays, this month marked a time of several attacks on the U.S. electric grid, and the Security Industry Association (SIA) is hoping a recent webinar will help educate utilities on how to better protect their infrastructure in light of these incidents.
At the beginning of the December 6 webinar, Leveraging Technology to Protect Utilities, Ron Hawkins, Director of Industry Relations at SIA, explained how gunfire disabled 2 substations in Moore County, North Carolina, on December 3, which highlighted the vulnerability of the electrical grid. This incident resulted in 45,000 customers losing their power for several days.
After this webinar, it was reported that substations were attacked at least 6 times in Oregon and western Washington. In fact, according to NPR, there are about 55,000 electrical substations across the United States, so utilities are urged to do what they can to prevent them from being victims of sabotage. On December 15, the Federal Energy Regulatory Commission (FERC) instructed the North American Electric Reliability Corporation (NERC) to assess security standards at transmission stations, substations, and associated centers. It will conduct a comprehensive study and report back with recommendations by April 2023.
SIA issued a statement on December 5 stating that “the risk of cyber and physical attacks, including ones similar to what occurred this weekend, can be mitigated and vulnerabilities can be reduced by having appropriate training, programs, and policies in place, and by adhering to NERC standards. Drones, insider threats, copper theft, sabotage, and even terrorism are just a few components of the threat environment that utilities security practitioners must address 24/7.”
Five professionals spoke during SIA’s webinar on the issue of drones entering utility infrastructure airspace. Joey St. Jacques, who currently serves as chair of SIA’s Utilities Advisory Board, is Global Director at Feenics, and was a senior management member of physical and cybersecurity and business continuity of Hydro Ottawa, stated that it’s important for utilities to incorporate better risk mitigation into their plans.
St. Jacques also referenced relevant drone events that included what was identified as the first attempted drone attack on the nation’s electricity infrastructure in July 2020, Ukrainian soldiers using drones to surveil Russian troops in August 2022, and unidentified drones spotted near offshore installations before the Nord Stream pipeline was attacked in September 2022.
St. Jacques further added, “The management of multiple interdependencies between sectors is essential to prevent cascading impacts.”
Therefore, tabletop exercises should continue to take place between the private and public sectors to help protect the nation’s critical interdependent infrastructure, such as chemical facilities, commercial facilities, critical manufacturing, dams, defense industrial bases, emergency services, energy, financial, food and agriculture, government facilities, health care and public health, information technology, nuclear reactors, nuclear materials, nuclear waste, transportation systems, and water.
Casey Flanagan, Cofounder and President of AeroVigilance and former electronics technician of the Federal Bureau of Investigation (FBI) Counter-UAS Program, explained that drones are not toys, and the federal government considers them unmanned aircraft.
The federal government is concerned because functionality of drone technology could negatively impact:
The four agencies that can detect and mitigate drones are the departments of:
Flanagan further noted there are two bills, Senate Bill 487 and House Bill 9849, being discussed by Congress to extend statutory authority, giving state, local, and tribal governments the ability to enforce drone regulations near critical infrastructure. He also explained that the government has been slow to react to the ever-changing world of technology.
The SIA webinar’s second session, “Avoiding VTD’s: The Importance of Vetting 3rd Party Vendors,” led by Christopher Walcutt, Vice President of Strategy at DirectDefense focusing on utility cyberattacks, discussed vendor-transmitted diseases (VTDs).
“If you don’t want a VTD, you have to know where your partner’s been or at least have a frank conversation about it,” Walcutt said.
He further explained that it’s important for companies to know their vendors and other business partners to avoid VTDs. Specifically, he recommends companies protect what’s connected to their network by:
“Most architectures in the industrial space were not designed to withstand cyber threats and this is because a lot of these systems use components that you can’t apply typical IT security controls,” Walcutt continued, adding that organizations need to have the tools and education to deal with this.
He added that a Verizon 2022 Data Breach Investigations Report shows that the manufacturing industry is being targeted for espionage, denial-of-service attacks, credential attacks, and ransomware, in addition to revealing a high rate of backdoor incidents in 2021 and that the supply chain was responsible for 62% of system intrusion incidents throughout the year.
Walcutt also warned municipalities that are “smart cities” to be cautious of the vendors they work for regarding street lighting, Wi-Fi poles, and advanced metering, stating, “Most organizations are not taking steps or have budgetary constraints in mind.”
When it comes to third-party vendors communicating with your server, you should “monitor it and determine whether it needs to stay on all the time. Lots of remote access can be shut off when it’s not being used. It’s a little bit more of a burden on IT staff but from a threat standpoint it is one of the better ways to go about this,” Walcutt continued.
Other steps when dealing with third-party vendors include:
To watch the webinar, please click here.
Download this free report to learn seven steps to protect your facility from workplace violence.
This report is sponsored by the Total Security Summit, an event specifically organized for VPs, Directors, and Managers of Security who are directly concerned with their facility’s security and safety operations.
The Security Industry Association (SIA) announced a major milestone in its SIA OSDP Verified initiative – that over 100 device models have been named OSDP Verified through the comprehensive program, which validates device conformance to the SIA Open Supervised Device Protocol (OSDP) standard. SIA OSDP standard is an access control communications protocol standard maintained by SIA to improve interoperability, add […]
GXO Logistics, Inc., the world’s largest pure-play contract logistics provider, announced that it has deployed advanced air and ground security robotics at one of its major distribution centers in Clayton, Ind., and plans to significantly increase deployment of automated security systems across other sites within the next year. This would be the largest air and […]
The Security Industry Association (SIA) is pleased to announce the first members of its Utilities Advisory Board Steering Committee. SIA created the Utilities Advisory Board to offer insight and education to security practitioners, members of the security industry and other stakeholders about emerging security trends, regulatory compliance issues, and recommended practices for protecting utility infrastructure. The steering committee members, […]
SILVER SPRING, Md. – The Security Industry Association (SIA) has named Alice DiSanto the 2022 recipient of the SIA Committee Chair of the Year Award, which recognizes individuals for excellence in leading SIA committees and advancing member objectives. SIA will present DiSanto with the award at The Advance, SIA’s annual membership meeting, which will be held March 22 during […]
ISC West, in collaboration with premier sponsor Security Industry Association (SIA), continues to experience steady growth for the upcoming event, and will be taking place just less than two months away on March 22-25, 2022 at the Venetian Expo in Las Vegas (SIA Education@ISC: March 22-24 | Exhibit Hall: March 23-25). After initial reports of […]
Our world is full of threats both external and internal. This whitepaper encourages looking at life safety and security measures on your campus from another perspective. Most facilities have addressed access control and the securing of main doors, but those should be measures of last resort. There are steps you can take — some that you may not have considered — to mitigate the threat before it arrives at your front door.
The 2019 Total Security Salary Guide is here to help physical and technical security employers and employees understand where they stand in today’s security job market. This Salary Guide includes not only salary and wage data from 2017 to 2018, but also certification information as it applies to 20 benchmarked exempt and nonexempt security positions.
A proliferation of cameras has resulted in an overwhelming amount of video available to security operators, analysts and investigators. Technology that used to be prohibitively priced, is now cheap and readily accessible.
Learn how to protect your people, assets and physical spaces better with AI-powered solutions that deliver whole-building security.
Recent Attacks Underscore Need to Secure Utilities – Total Security … – BLR
Total Security Advisor