Prevention, Protection and Mitigation: Our Integrated Approach to Security
Our company faces an ever-evolving threat to the electricity system, whether by natural disaster such as earthquakes or fires, or by man-made or terrorist attack against our critical infrastructure or IT systems. We’re working to better align our internal prevention and protection strategies across all parts of our company, and we have standardized our response and recovery efforts to be more effective against “All Hazards.”
Following Sound Industry Standards
For our utility’s electricity infrastructure, we rely on physical security measures that are designed and implemented in accordance with industry security standards, including those promulgated by the American Society for Industrial Security (ASIS), the American National Standard Institute (ANSI), and the North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC-CIP) standards.
These industry standards are regularly updated to ensure resilience of the nation’s electric grid. In response to a physical security attack on a substation in Northern California in 2013, the Federal Energy Regulatory Commission (FERC) ordered NERC to develop standards for Bulk Electric System owners and operators to use when assessing risk to critical systems and facilities. In November 2014, FERC approved a modified version of the standard submitted by NERC.
Mitigation Strategies & Electric Grid Resiliency
Electricity providers must plan for all types of contingencies that may affect the delivery of power to customers. Recognizing that the loss of a substation or other critical equipment can result in wider effects on the power grid, our utility participates in the Spare Transformer Equipment Program (STEP).
STEP provides a ready mechanism for participating electric companies to share assets in the event of catastrophic damage to a critical facility. More than 50 power companies across the country participate in STEP. Additionally, participating power companies can use an online tool, called STEP Connect, to share information with other program participants regarding the sharing of transformers and other related equipment. This type of collaboration helps to make sure the nation’s power grid can quickly recover from damage.
Sharing Information & Intelligence
We believe that to successfully identify emerging threats, we must have close working relationships with local, state and federal law enforcement agencies, as well as with the U.S. Department of Homeland Security.
Our utility makes use of local fusion centers which facilitate intelligence gathering and sharing among multiple government agencies and private sector entities. Our utility’s security personnel also work with joint terrorism task forces, professional security associations and other groups with a shared focus on the security of our nation’s electricity infrastructure.
Our Strategy: A Strong Security Posture
Delivering electricity safely and reliably to customers is always our utility’s top objective. So our security strategy is rooted in protecting critical electricity infrastructure assets in line with evolving security standards and developing and implementing effective response and recovery strategies to ensure we can quickly restore power.
These efforts include:
- Identifying critical assets and conducting regular assessments of each to ensure appropriate physical security measures are in place
- Establishing effective Business Continuity Plans to ensure our critical systems have backup capabilities
- Ensuring personnel are trained to promptly respond to and report any and all threats to the electricity system.
- Continuing to exchange information and intelligence with law enforcement agencies on the local, state and federal levels, and the Department of Homeland Security
- Working with appropriate law enforcement organizations to ensure that they understand the criticality of grid assets in their jurisdictions
- Designing, implementing and upgrading access-control security measures and technologies at critical facilities
- Conducting regular drills and exercises for both cyber and physical security events, including participating in Gridex II, a national industry-wide security exercise in late 2013