Unifying Physical Security Systems can Improve Cybersecurity and Operations
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) includes the Energy & Utilities sector on its list of 16 critical infrastructure sectors that are so vital that any incapacitation or destruction would have a debilitating effect on the country. This sector requires special consideration with regard to physical security, especially as it is undergoing a major transformation.
The move toward renewable energy
According to an EY Report in 2019, clean energy deals made up over 60% of deal value among mergers and acquisitions (M&A) as governments worldwide continued to set clean energy targets for the future. Cross-border investments in renewable energy, combined with a convergence of oil, gas, and power utilities, are driving M&A on a global scale. Simultaneously, the sector is moving from an analog, scale-driven, centralized energy model to a digital and distributed model.
An unintended result of this transformation has been a rise in security-related challenges. Utilities are faced with standardizing their solutions as they inherit legacy systems that were intended to perform in isolation. They must also secure a growing number of assets across a dispersed and expanding territory and multiple data networks, as regulations evolve.
To keep pace, organizations need to modernize security technology. Deploying a unified security system is an important step toward achieving this goal, while also improving operations, simplifying compliance, and increasing cybersecurity.
Securing critical infrastructure and improving operations
A comprehensive physical security strategy is key to ensuring operational efficiency. Breaches often result in downtime that can cost millions of dollars and have a far reaching and potentially catastrophic impact on other critical infrastructure.
A unified security platform can help, as it is designed with critical infrastructure owners in mind. By blending IP security systems within a single platform and unifying video monitoring, access control, automatic license plate recognition (ALPR), and intrusion, a unified solution can help organizations improve physical security and, as a result, increase operational efficiency.
Deploying a unified system can help organizations extend security beyond the perimeter, allowing them to use radar, LiDAR, fence intrusion detection, and video analytics to detect potential intruders or drones beyond the fence line then take action to protect facilities before a breach occurs. This can be especially important for isolated facilities like transmission stations or storage depots.
Within the perimeter, ALPR can provide a real-time inventory of vehicles on-site that allow security personnel to manage access to restricted areas. This can also reduce downtime associated with people attempting to access restricted areas without authorization.
An IP video management system (VMS) can provide a clear picture of events and enable security to quickly respond to threats and incidents. IP access control systems (ACS) can provide further benefits. For example, using built-in people counting together with access control events, security can monitor where employees, contractors, and visitors are at all times -- during routine operations as well as incidents and evacuations. In addition to tracking movements over a map or through visual reports and dashboards, the system can also be set up to automatically send reports to key personnel within the organization and to first responders.
Simplifying compliance
In the U.S. and Canada, the North American Electric Reliability Corporation (NERC) is responsible for developing, monitoring, and enforcing industry-specific standards, including those for physical security, to protect the integrity of the continent’s power supply.
One of NERC’s main physical security requirements is that organizations must record all access control activities, maintain logs for authorized access, and monitor critical facilities for unauthorized access 24/7. In the event of an access breach, NERC stipulates that organizations must investigate and categorize the alarm incident and implement the appropriate response plan within 15 minutes. Verification of alarm details as well as the response must be documented and are subject to audit and review by the NERC Regional Entity. Regulatory penalties can cost up to $1 million per day, per violation.
A unified security system that optimizes evidence reporting and the digitization of standard operating procedures (SOPs) can help organizations comply. Being able to securely collect, manage, and share digital evidence from multiple sites makes it easy to meet different audit requirements.
Organizations can also use a unified security system to predefine a wide variety of criteria and create digitized SOPs to guide in event response. This ensures compliance across a distributed organization since all security teams, regardless of shift or location, operate according to the same SOPs, and is especially important when exporting and sharing workflow diagrams and incident reports with auditors.
Strong cybersecurity is key
More power and utility companies are embracing IIoT such as digital metering and IoT sensors, and turning data into opportunity to modernize operations. Thus, the level of reliance on IT systems makes firms more vulnerable to cyber attacks. A poorly protected camera, unencrypted communication between a server and application, or out-of-date firmware can all be exploited by cybercriminals.
Security systems can no longer focus solely on physical threats. Organizations must choose hardened solutions that also work to protect all other systems and information connected to the network. Because no single approach is enough, any solution deployed must include multiple layers of defense. Physical security solutions must use strong encryption, authentication, and authorization protocols to protect data captured for management, analysis, and storage.
As the Energy & Utilities sector continues to transform, organizations have the opportunity to build stronger physical security strategies that will help them improve expanding operations, keep pace with changing regulations, and defend against increasingly complex cyberthreats. Working in partnership with trusted physical security vendors will help them protect this core component of every nation’s critical infrastructure.
Greg Kemper is Regional Director, Enterprise at Genetec, Inc.