What most consider the most powerful system analysis tool is a fault tree analysis. While often criticized as time consuming and cumbersome, this technique is the most comprehensive and intuitive in identifying those initiating and cascading events that result in system failure.
The necessary mitigation strategies also arise from these analysis techniques. Security mainstays such as lighting, electronic entry control, intrusion detection and CCTV have a role to play in REC security. This will be especially true for those facilities considered critical or high-value assets with unacceptable replacement lead times and cost. Outside of these special situations, the primary approach will be strategic stockpiling of spares, heightened staff awareness, and close relationships with local law enforcement.
A risk analysis by definition requires as a primary input datum the likelihood of attack. This requires some a priori knowledge or assumptions about the threat to an REC and the attractiveness of the REC distribution system and facilities compared to other available targets. This is an exceedingly difficult task, even when qualitative probabilistic bands are used. It is likely that implementation of this portion of the proposed rule will be best satisfied by local knowledge of the loads served and community sentiment. In the end, the effort expended by an REC in protecting its system will be a business decision made by those most qualified in this area: the local REC management.
The proposed rule may seem daunting to REC staff because it requires an emphasis in a new area; however, the required activities will likely turn out to be an extension of the reliability and natural disaster response planning performed by every REC. Some shifts in thinking may be required as security-related mitigation strategies are formulated and electronic security measures are implemented; however, these technologies are mature and can be readily and reliably applied in the REC environment.
Randall R. Nason, PE is a corporate vice president and manager of the Security Consulting Group at C.H. Guernsey & Co. His experience spans a broad spectrum of the security profession including threat assessment, vulnerability analysis and master plan development through complete system design and construction management.