In the past few years, airports, borders, ports, federal office buildings, and critical infrastructure have all been subjected to heightened security standards, either by legislative mandate or through industry-adopted guidelines. This spring, the rural electric cooperatives (RECs) became the latest segment of our nation's infrastructure to potentially be subject to federally mandated security measures.
Rural electric cooperatives come in all shapes and sizes, but they tend to serve the rural areas with a relatively low population density. Additionally, most electric cooperatives are so-called distribution cooperatives. These entities distribute power generated by others (sometimes other cooperatives) to their customers.
On March 19, the Rural Utilities Service (RUS), a division of the U.S. Department of Agriculture, issued a notice of a proposed rule (7 CFR 1730) to amend its regulations on electric system operations and maintenance by expanding the requirements of the RUS-mandated Emergency Response Plan (ERP). The proposed change would require electric coops who are recipients of RUS loans to detail how they would restore their systems in the event of a system-wide outage resulting from a major natural or man-made disaster.
The proposed rule goes on to require the expanded ERP to include preventative and recovery procedures for physical and cyber attacks as well as to address homeland security concerns. It proposes two requirements of its distribution and power supply borrowers. Specifically, each borrower is to
1. perform a security system vulnerability analysis and risk assessment on its system, and
2. annually exercise its ERP. This exercise can either be a tabletop simulation or actual implementation of the plan.
While the proposed rule leaves a number of questions unanswered regarding actual implementation, the concept of identifying and mitigating security concerns throughout the electric infrastructure is a good one. The distribution cooperatives serve actual consumers; loss of all or part of an REC distribution system means homes, farms, businesses, and in many cases, critical facilities are without power. This affects the local economy, endangers crops and degrades the morale of affected communities.
However, this will be new ground for the RECs. Security has not been a priority topic for them. While their focus has always been inexpensive and reliable power, the threat has generally been natural, not man-made, events. Fortunately, much of the analysis and engineering that makes a system resilient to natural disasters also applies in large part to man-made events.
The first activity an REC will need to perform in response to the proposed rule is the vulnerability analysis and risk assessment. The proposed rule is silent on the specific technique to be used. Many will suggest that one of the existing software or forms-driven assessment tools be modified to fit the RECs. Unfortunately, that approach will stretch the capacity of most RECs, who staff conservatively to remain competitive in difficult markets. An alternative is to turn to some of the traditional techniques that may not seem as rigorous but can yield very useful results nonetheless.
The safety analysis practice has much to contribute in this regard. One of the first techniques encountered in a system safety text is simple brainstorming. This relies on the institutional knowledge of system owners and operators to identify those initiating events that can result in undesired system response, in this case partial to total failure of the system to deliver power to the REC customers. As mentioned above, this effort will be aided by the investment all RECs have made in planning for system disruption from natural disasters.
A slightly more formal technique is a failure modes and effects analysis (FMEA). This provides structure to what may otherwise be brainstorming sessions by first identifying all of the major failure mechanisms present. This technique then follows the chain of events that ultimately result in the undesired event.
What most consider the most powerful system analysis tool is a fault tree analysis. While often criticized as time consuming and cumbersome, this technique is the most comprehensive and intuitive in identifying those initiating and cascading events that result in system failure.
The necessary mitigation strategies also arise from these analysis techniques. Security mainstays such as lighting, electronic entry control, intrusion detection and CCTV have a role to play in REC security. This will be especially true for those facilities considered critical or high-value assets with unacceptable replacement lead times and cost. Outside of these special situations, the primary approach will be strategic stockpiling of spares, heightened staff awareness, and close relationships with local law enforcement.
A risk analysis by definition requires as a primary input datum the likelihood of attack. This requires some a priori knowledge or assumptions about the threat to an REC and the attractiveness of the REC distribution system and facilities compared to other available targets. This is an exceedingly difficult task, even when qualitative probabilistic bands are used. It is likely that implementation of this portion of the proposed rule will be best satisfied by local knowledge of the loads served and community sentiment. In the end, the effort expended by an REC in protecting its system will be a business decision made by those most qualified in this area: the local REC management.
The proposed rule may seem daunting to REC staff because it requires an emphasis in a new area; however, the required activities will likely turn out to be an extension of the reliability and natural disaster response planning performed by every REC. Some shifts in thinking may be required as security-related mitigation strategies are formulated and electronic security measures are implemented; however, these technologies are mature and can be readily and reliably applied in the REC environment.
Randall R. Nason, PE is a corporate vice president and manager of the Security Consulting Group at C.H. Guernsey & Co. His experience spans a broad spectrum of the security profession including threat assessment, vulnerability analysis and master plan development through complete system design and construction management.