In 2020, U.S. officials reported that a small drone, or autonomous aerial vehicle (UAV), attempted the first known attack of its type on a utility power substation. Officials said the UAV, equipped with copper wire hanging from nylon cords, was meant to short circuit transformers or distribution lines at a Pennsylvania location. Fortunately, the drone, stripped of its identifying markings and internal memory card, fell short of the target. However, it shows the vulnerability of utility sites to relatively inexpensive aerial attacks.
That's only one of the many security risks facing the utilities that provide necessary services to virtually every segment of U.S. society. The nation's critical infrastructure, homes, small businesses and other organizations count on utility power plants and grids for uninterrupted power supply.
Security is a vital component of any utility or critical infrastructure organization’s operations plans. Importance to the national economy has made power facilities prime targets of criminals ranging from petty vandals to domestic and foreign terrorists. Reducing security efforts is not an option for utilities, especially as criminals become more sophisticated.
What is Needed to Protect Utilities?
Perimeter barriers, such as fences, walls, tripwires and motion detectors help keep intruders away from remote substations and other facilities. Access control protects gates and doors.
With many remote, often unstaffed sites to protect, a utility requires a robust video surveillance system to transmit events to a security operations center (SOC). Cameras are needed at all entries, along outer perimeters and inside and outside of all buildings and other facilities.
It’s difficult to imagine the hours of video hundreds to thousands of cameras generate daily. Even the best-trained SOC staff tires and loses concentration over a shift. To combat operator fatigue, today’s cameras with embedded analytic software create alarms when motion occurs within the field of view. However, up to 98% of these alarms are false, resulting from nothing more serious than wind-blown foliage or an animal moving along the perimeter fencing. The time spent reviewing false alarms further reduces an operator’s ability to respond to actual events. Some critical events may be missed entirely.
The broad capabilities of artificial intelligence-based technologies heighten the value of many electronic security systems, but perhaps none as much as remote video surveillance. Event-driven analytics make video a proactive tool and an information source. Through a time-consuming and expensive process, artificial intelligence, with its deep learning technology, is trained to identify humans and vehicles while ignoring nuisance events. The result is a 90+% reduction in false alarms. And that is only a start to what event-driven analytics can provide utility operators.
AI can detect a crowd forming around a substation or a person loitering or moving across multiple cameras on the same site. Watch lists enable SOC operators to upload photos of people or objects to seek and observe — or ignore. The AI-based software can spot someone tailgating an authorized employee entering an access-controlled area.
Other examples of how AI software improves utility site security and operations include:
- Monitoring thermal cameras — AI detects generators and other devices not operating at usual working temperatures.
- Safety and security — AI software can spot employees not wearing mandated safety gear.
- Operational efficiency — AI analytics detect anomalies and trends of all kinds, enabling facility managers to make changes to traffic patterns and other routines to keep operations at their peak.
Event-driven analytics evaluate video from all surveillance cameras, making the technology ideal for forensic analysis. The software filters video, looking for operator-determined events such as slips and falls.
Back to Drones
Let's get back to drones, one of the most significant security threats facing utilities. AI-based software monitoring surveillance cameras with long-range lenses help SOC operators detect drones while still miles away from their target. Early detection of approaching drones is critical as only a few federal agencies are authorized to down UAVs. The Federal Aviation Administration is concerned that attempts by utility operators and others to shoot down a drone or jam the signal between the device and its pilot could adversely impact commercial aircraft or mobile phone and first responder networks.
A few high-end security integrators now offer anti-drone systems consisting of long-range surveillance cameras, audio and thermal detection and other technologies to detect a drone's direction, the pilot's location, UAV type and IP address. Utilities may seek federal agency assistance if an approaching drone is deemed a credible threat.
Drones also have a positive side. Camera-equipped drones can take the place of humans patrolling a utility site’s perimeter. Though most UAVs have limited flight times — usually 15 to 30 minutes, requiring frequent charging at base stations — having multiple drones helps ensure one is always available.
Don’t Forget Cybersecurity Protection
No overview of utility security is complete without a mention of cybersecurity. Utilities’ essential value to the national economy makes them attractive targets for domestic hackers and nation-state actors. A recent survey of utility chief executives showed half of respondents expect cyberattacks against critical infrastructure to be imminent. Physical security professionals can assist by ensuring devices such as cameras, access readers and servers are secured with regularly updated passwords, installed firmware and software updates and robust firewalls between security devices and the internet.
Utilities require a well-integrated plan to maintain high-security standards. By weaving in a comprehensive security program using technologies such as access control, video surveillance, analytics and attention to the cybersecurity of those physical security technologies, security leaders within utilities and critical infrastructure organizations can keep tabs on potential risks and targets.
For more articles on critical infrastructure and utilities security, visit:
Critical Infrastructure: The Critical Industry Everyone Must Protect
Protecting the Energy Grid is a Team Sport
GridEx: How Exercising Response and Recovery Supports Grid Reliability
Cyber-Physical Security in an Interconnected World