CIP-014-2: Physical Security
Nick Weber, CPP, PSP, CBRM, CBRA
CIP Auditor
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
Speaker Intro:
Nick Weber, CPP, PSP, CBRM, CBRA
18 Years first responder, military, and security experience
– US Army Reserve Information Operations (Cyber)
• Network Defense Team Leader
• Dynamic Defense Deputy Team Leader
– US Department of Homeland Security
• Energy Sector Specialist
• Site Assistance Visit Team Leader
– US Army Cavalry Officer
• OIF veteran
• Bronze Star Medal
• National Training Center (NTC) Opposing Force (OPFOR)
– Account Manager at a security guard provider
– Wildland firefighter
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 Introduction
What it is:
– Physical security of Transmission stations and Transmission substations,
and their associated primary control centers, that if rendered inoperable
or damaged as a result of a physical attack could result in instability,
uncontrolled separation, or Cascading within an Interconnection.
What it is not:
An extension of, or related to CIP-006
Critical Cyber Asset/Protected Cyber Asset based
A limit to physical security measures
A one-size-fits all approach to physical security
–
–
–
–
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 Introduction
It may be helpful to view and manage CIP-014-2 as two major
components.
W
E
R1: Applicability and Risk
Assessment
R4: Threat and Vulnerability
Assessment
R2: Unaffiliated Review
R5: Security Plan
R3: Control Center Notification
R6: Unaffiliated Review
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 Process Overview
R2:
Unaffiliated
Review
R1:
Applicability
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
R5: Develop
a Security
Plan
R4: Conduct
Threat and
Vulnerability
Assessment
R3: Notify
Control
Centers
C
O
O
R
D
I
R6:
Unaffiliated
Review
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 Implementation
• R1 Risk Assessment must be completed on or before the
effective date (10/1/15)
• R2
o 2.1, 2.2, and 2.4 must be completed within 90 days of R1
assessment
o 2.3 must be completed within 60 days of 2.2 verification
• R3 must be completed within 7 days of R2 completion
• R4 must be completed within 120 days of R2 completion
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 Implementation
• R5 must be completed within 120 days of R2 completion
• R6
o 6.1, 6.2, and 6.4 must be completed within 90 days of R5
completion
o 6.3 must be completed within 60 days of 6.2 review
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 Implementation
Less than nine months from effective date to Security Plan completion
CIP-014-2 Implementation Timeline
W
R1 Assessment
Effective Date
0 Days
R2 Verification
Effective + 90
90 Days
R2.3 Address Discrepancies
R2.2 + 60
150 Days
R3 Notify Control Center
R2 + 7
157 Days
R4 Threat and Vulnerability Evaluation
R2 + 120
270 Days
R5 Security Plan
R2 + 120
270 Days
R6 Review
R5 + 90
360 Days
R6.3 Address Discrepancies
R6.2 + 60
420 Days
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 Identification
R1: Does
Station/Substation
meet 4.1.1 criteria?
(R1)
Could
Station/Substation
cause instability,
uncontrolled
separation, or
cascading? (R1)
Yes
No
Does the
unaffiliated 3rd
party reviewer
concur? (R2)
Does the
unaffiliated 3rd
party reviewer
concur? (R2)
Yes
In Scope
Yes
No
No
No
Yes
No
Concur with 3rd party
recommendations?
Not in Scope
Document the
technical basis for
non-concurrence
Yes
Adjust List
List of
Stations/Substations
in Scope for R3-R6
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 Assessment and Plan
Conduct Threat and
Vulnerability
Assessment (R4)
Develop security plan to
address threats and
vulnerabilities identified
in assessment (R5)
Does the unaffiliated 3rd
party reviewer concur
with assessment? (R6)
Does the unaffiliated 3rd
party reviewer concur
with security plan? (R6)
Yes
No
Yes
Yes
Concur with 3rd
party?
No
Adjust plan
No
Yes
Concur with 3rd
party?
Document reasons
for nonconcurrence
Adjust
assessment
No
Completed
Security Plan
Document reasons
for nonconcurrence
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R1: Applicability and Risk Assessment
• Must be completed by the effective date of CIP-014-2
(10/1/15)
• Subsequent applications must be completed:
– 30 months for entities who identified applicable Stations/Substations on
the previous assessment
– 60 months for entities who identified null lists on the previous
assessment
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R1: Applicability and Risk Assessment
• Create a Candidate List
– Substations/Stations operating at or above 200kV
– Substations/Stations identified in an IROL
– Substations/Stations critical to operation of nuclear facilities
• Apply criteria listed in 4.1.1 of CIP-014-2
– Operating at or above 500kV
-or-
– Identified by its Reliability Coordinator, Planning Coordinator, or Transmission
Planner as critical to the derivation of Interconnection Reliability Operating
Limits (IROLs) and their associated contingencies.
-or-
– Essential to meeting Nuclear Plant Interface Requirements
-or-
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R1: Applicability and Risk Assessment
• Apply criteria listed in 4.1.1 of CIP-014-2 (continued)
– Operating between 200 kV and 499 kV at a single station or
substation, where the station or substation is connected at 200 kV or
higher voltages to three or more other Transmission stations or
substations and has an "aggregate weighted value" exceeding 3000
according to the table below.
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R1: Applicability and Risk Assessment
• List developed after application of Applicability Section 4.1.1
• Conduct transmission analysis of stations/substations
identified 4.1.1 application, identify stations/substations that
if rendered inoperable or damaged could result in:
– Instability
– Uncontrolled Separation
– Cascading within the Interconnection
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R1: Evidence
Nuclear Interface
Requirement
500 kV or Higher Total Value 3000+ IROL
W
Continue to Risk
Assessment
Kokanee Substation
N
Y
Redhook Switchyard
N
N
Epic Substation
Y
Y
Base Camp Substation
Y
Y
New Belgium Switchyard
N
N
Y
Stella Substation
N
N
N
N
N
Lagunitas Substation
N
N
N
Y
Y
Big Sky Switchyard
Y
Pacifico Substation
N
Sam Adams Switchyard
Y
E
S
T
E
R
N
E
L
E
C
Y
N
N
N
Y
Y
N
Y
Y
Y
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R1: Evidence
Unstressed
Unstressed
Voltage
Power Flow* Stability*
Unstressed
Transient
Stability*
Stressed
Stressed
Voltage
Power Flow* Stability*
Stressed
Transient
Stability*
Kokanee Substation
Pass
Pass
Pass
Pass
Fail
Epic Substation
Pass
Pass
Pass
Pass
Pass
Base Camp Substation
Fail
New Belgium Switchyard
Pass
Pass
Pass
Lagunitas Substation
Pass
Pass
Fail
Big Sky Switchyard
Pass
Pass
Pass
Pass
Pass
Fail
Y
Pacifico Substation
Pass
Pass
Pass
Pass
Pass
Pass
N
Sam Adams Switchyard
Pass
Pass
Pass
Pass
Pass
Pass
N
In Scope
Y
Pass
N
Y
Pass
Pass
Pass
N
Y
*Any number of criterion may be used so long as they provide a reasonable prediction of system
performance in the event the station/substation is completely unavailable.
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Evidence
Control Center
Stone Control Center
Deschutes Control Center
Stone Control Center
Stone Control Center
Kokanee Substation
Base Camp Substation
Lagunitas Substation
Big Sky Switchyard
W
E
S
T
E
R
N
E
L
Control Center Operator (if external)
E
C
T
R
I
C
I
T
Y
C
N/A
Billiam Power Company (BPC)
N/A
N/A
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R1: Applicability and Risk Assessment
• Many options for a methodology
• See the July 2015 open webinar for detailed methodology
presentation
https://www.wecc.biz/_layouts/15/WopiFrame.aspx?sourcedoc=
/Administrative/WECC%20Open%20Mic%20Webinar%20Slide%2
0Deck%202015%2007%2016rev.pdf&action=default&DefaultIte
mOpen=1
• WECC staff willing to review methodologies outside the audit
as available
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R2: Unaffiliated Review of R1
Assessment
• Must be completed within 90 days of R1 Assessment and may
be conducted concurrently
• Unaffiliated third party must be:
– A registered Planning Coordinator, Transmission Planner, or Reliability
Coordinator
-or– An entity that has transmission planning or analysis experience
• The SDT interprets “unaffiliated” as external to the corporate
structure
• The credentials of the third party will be assessed and may
impact the audit risk and subsequent rigor for R1
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R2: Unaffiliated Review of R1
Assessment
• Unaffiliated reviewer recommendations must be addressed
within 60 days of review
– Modify its identification under Requirement R1 consistent with the
recommendation
-or– Document the technical basis for not modifying the identification in
accordance with the recommendation
• This language is NOT intended to trigger TFEs
• Implement procedures to protect sensitive information
throughout the review process
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R2: Evidence
• Reviewer Qualifications
• Evidence of Review (Dated)
– Attestation by reviewer
– Review documentation
– Recommendations or non-concurrence
• Protection of Sensitive Information
–
–
–
–
NDA
Encryption
May leverage CIP-011-2 controls (NOT REQUIRED)
Procedural controls
• Response to recommendations or non-concurrence
– Accept and modify
– Document reasons not to modify
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R3: Notify Control Center Owners
• The entity has 7 days to notify control center operators for
primary control centers associated with Stations/Substations
identified in R1 assessment
• The entity has 7 days to notify control center operators for
primary control centers associated with Stations/Substations
removed in subsequent in R1 assessments
• Compliance tips:
– Use email read receipts
– Implement three part communications
– Receive and document confirmation of notification from control
center operators
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R3: Evidence
• Email
– Dated
– Read receipt
– Confirmation
• Phone log
– Record date and time
– Record name of person called
• Letter
– Registered mail
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R3: Evidence
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Threat and Vulnerability
Assessment
Conduct a threat and vulnerability assessment that considers:
– Unique characteristics
– Attack history, attacks on similar facilities
• Frequency
• Geographic Proximity
• Severity
– Intelligence or threat warnings
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Threat and Vulnerability
Assessment
Unique Characteristics may include:
– Terrain
• Rural
• Urban
– Equipment/Facility Array
• Are critical vulnerable assets on the perimeter or are they shielded from view or
attack by less critical components of the facility?
– Existing Protections
– Facility size and shape
• A pure rectangle faces fewer inherent vulnerabilities than a facility with multiple
corners, alcoves, and salient points.
– Crime statistics
– Weather
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Threat and Vulnerability
Assessment
Assessment Tips
–
–
–
–
–
Identify what components of the facility are critical to the mission
Evaluate your facility from an adversary’s perspective
Extend the assessment beyond the fence line
Understand the advantages and disadvantages afforded by surrounding terrain
Understand your threat environment
• Evaluate attacks on similar facilities globally
• Evaluate attacks in your geographic area even if the target facility is unlike yours
Some Existing Assessment Methodologies
– CARVER
– DHS Enhanced Critical Infrastructure Protection Infrastructure Survey Tool (ECIP/IST)
– Attack Tree Modeling
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Threat and Vulnerability
Assessment
Suggested threat vectors to consider
– Direct Fire
• Can an adversary fire a line-of-sight weapon and damage a critical component?
– Indirect Fire
• Can an adversary to fire a weapon on an arc trajectory and damage a critical component?
– Explosive
• Can an adversary place an explosive device such that it will damage a critical component?
– Vehicular Attack
• Can an adversary drive a vehicle into my facility to damage a critical component?
– Forced Entry
• Can an adversary force his way into my facility to damage a critical component?
– Surreptitious Entry
• Can an adversary sneak into the facility to damage a critical component?
– Arson
• Can an adversary damage critical components with fire?
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Evidence
•
•
•
•
•
W
Methodology
Application/Results
Diagrams
Maps
Pictures
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Evidence
Value
Criticality
Accessibility
Recuperability
Vulnerability
Effect
Recognizability
Threat
9-10
Loss would
stop
operations
Easily
accessible, not
secured
Replacement lead
time 1 year or
more
Attack requires
no training or
special tools
Extreme
socioeconomic
impact
Easily recognized
with no training
and no confusion
Attack carried out in
close proximity or
intelligence warning
mentions the asset
7-8
Loss would
significantly
reduce
operations
Easily
accessible,
limited security
Replacement lead
time 6-12 months
Attack requires
little training or
special tools
Significant
socioeconomic
impact
Easily recognized
by most with
minimal confusion
Attack recently
carried out in a
distant location or
intelligence
mentions asset type
5-6
Loss would
reduce
operations
Accessible, but
secured
Replacement lead
time 2-6 months
Attack requires
training and
special tools
Noticeable
socioeconomic
impact
Recognized with
some training
Attempted in
proximity or some
time ago or
intelligence
mentions similar
facilities
3-4
Loss may
reduce
operations
Difficult to
access
Replacement lead
time 2-8 weeks
Attack requires
intensive
training and
special tools
Minimal
socioeconomic
impact
Difficult to
recognize without
extensive training
Attempted in a
distant location or
some time ago or
intelligence
mentions the
sector/industry
1-2
Loss would
not affect
operations
Very difficult to
access
Replacement lead
time less than 2
weeks
Attack requires
well-trained
team with
numerous
toolsO O
Yspecial C
No noticeable
impact
Extremely difficult
to recognize
without training
and surveillance
Attack has never
been attempted on
a like facility
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Evidence
Asset
C
A
R
V
E
R
T
Total
Transformers
9
7
10
7
9
5
9
56
Block House
9
5
5
5
6
7
6
43
Switches
8
8
7
7
5
5
4
44
Cap Bank
6
8
6
9
5
4
4
42
• Repeat for each station/substation and control center
• May want to drill down farther
– Assets by type (ie: 230kv, 500kv, etc)
– Assets by each (individual component)
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Evidence
Kokanee Substation
Transformer
Criticality: (9) Loss of one or more transformers would all but end operations at
the substation until recovered
Accessibility: (7) Transformers are located toward the center of the yard. The
yard is protected by an 8’ chain link fence with triple strand barbed wire
outriggers.
Recuperability: (10) Transformers would take 18-24 months to replace
Vulnerability: (7) Transformers could be damaged by commercially-available
rifles, home made explosives, or vehicles.
Effect: (9) Similar attacks have yielded public outcry and governmental action.
Recognizability: (5) Identification of transformers requires a basic
understanding of bulk electric system components, view of transformers at
Kokanee is obscured, further hampering recognizability.
Threat: (9) A similar facility was attacked using direct-fire ballistic weapons.
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R5: Security Plan
Develop a security plan including
– Resilience or security measures
• Ensure the measures address vulnerabilities identified in R4
– Law enforcement contact and coordination may include:
Simply a name and phone number
Meetings to discuss security concerns, site-specific hazards, etc
Site-specific training for law enforcement
Hosting law enforcement exercises
•
•
•
•
– Timeline for implementing physical security projects
• No specific dates or time frames required in this timeline, but it must pass the
common sense test
– Provision to evaluate evolving threats
• Should include a process or mechanism to receive threat information
• Should include a process to evaluate threat information as it is received
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R5: Security Plan
Security Plan Tips
– Conduct a second assessment including the new measures
• Provides valuable metrics to stakeholders and regulators
• If conducted in the planning phase, may prevent costly but minimally effective security
enhancements
– Ensure the plan makes sense
• A reasonably-informed person should be able to follow and implement the plan without
extensive knowledge of the site or entity
– Law enforcement is your friend
• Coordinate early and often to ensure all parties understand facility nuances and specific
hazards/concerns
• Law enforcement training on site = free security
• Ensure mutual understanding of law enforcement response procedures and capabilities
– Consider developing a threat/risk assessment function
• May require additional human capital
• Can be achieved through vendor solutions
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R6: Unaffiliated Review of
Assessment and Plan
• R6: Unaffiliated Review of R4 Assessment and R5 Plan
– An organization with industry physical security experience AND a
Certified Protection Professional (CPP) or Physical Security
Professional (PSP) on staff.
-or– An organization approved by the ERO.
-or– A government agency with physical security expertise.
-or– An organization with demonstrated law enforcement or military
physical security expertise.
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R6: Evidence
• Reviewer Qualifications
–
–
–
–
Industry Experience and CPP or PSP
Approved by ERO
Government Agency with Physical Security Expertise
Law Enforcement or Military Physical Security Expertise
• Evidence of Review (Dated)
– Attestation by reviewer
– Review documentation
– Recommendations or non-concurrence
Protection of Sensitive Information
•
–
–
–
–
Response to recommendations or non-concurrence
•
–
–
W
NDA
Encryption
May leverage CIP-011-2 controls (NOT REQUIRED)
Procedural controls
E
S
T
Accept and modify
Document reasons not to modify
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Practical Exercise
• Review the Salt Lake Hardware Building and surrounding area
for vulnerabilities
• Consider how you would mitigate vulnerabilities
• Ground Rules:
–
–
–
–
W
E
S
T
Do not enter/attempt to enter any restricted areas or offices
Do not impede building tenants
Be aware of traffic on adjacent streets and parking lot
Cooperate with building staff, security, and law enforcement as necessary
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Practical Exercise
Break for Practical Exercise
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Practical Exercise
• Vulnerabilities:
–
–
–
–
–
–
–
–
W
E
S
T
High Speed Avenue of approach on 400W with little/no obstruction
Unrestricted Parking less than 5 feet from the building
Two open access points, one unmonitored, one intermittently monitored
Hotel across North Temple
Mass transit facilities on south and west sides
Long-term construction to the north
Elevated crime area
Building construction
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Practical Exercise
• Vulnerabilities:
– High Speed Avenue of approach on 400W with little/no obstruction
•
•
Vehicle barriers
Work with city for traffic calming
– Unrestricted Parking less than 5 feet from the building
•
•
•
Remove parking immediately adjacent to building
Assign parking adjacent to building
– Work outward (higher trust = closer parking)
Vehicle screening
– Use randomization to reduce resource burden
– Two open access points, one unmonitored, one intermittently monitored
•
•
Increase security staffing to monitor 24/7
Restrict access through unmonitored door
– Hotel across North Temple
•
•
W
E
S
T
E
R
Work with hotel to identify suspicious behavior
Ask hotel to avoid long-term guests in rooms facing north
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
CIP-014-2 R4: Practical Exercise
• Vulnerabilities:
– Mass transit facilities on south and west sides
•
•
Pay closer attention to these areas as surveillance points
Work with transit authority to promote suspicious behavior reporting
– See something say something
– Long-term construction to the north
•
•
Pay closer attention to this area as a surveillance point
Work with construction company to identify suspicious behavior
– Unusual interest in Hardware Building
– Unexplained short-term employment
– Elevated crime area
•
•
•
Work with local law enforcement for increased patrols/presence
Work with neighboring businesses to create security group (neighborhood watch approach)
Crime Prevention Through Environmental Design (CPTED)
– Building construction
•
W
E
S
T
E
R
Retrofits
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
At Your Service
• PSWG- Get plugged in!
• http://www.wecc.biz/committees/StandingCommittees/OC/CI
IMS/PSWG/default.aspx
• Phone call away
• We want to help.
• Always willing to provide our audit approach
W
E
S
T
E
R
N
E
L
E
C
T
R
I
C
I
T
Y
C
O
O
R
D
I
N
A
T
I
N
G
C
O
U
N
C
I
L
Questions?
Nick Weber, CPP, PSP, CBRM, CBRA
Compliance Auditor, Physical and Cyber Security
Western Electricity Coordinating Council
155 North 400 West, Suite 200
Salt Lake City, UT 84103
(801) 386-6288
[email protected]