One of America’s largest power grid operators has not done enough to protect its electricity transmission infrastructure from physical attacks, according to a federal audit.
The Department of Energy’s (DOE) inspector general released a report Thursday detailing how the Western Area Power Administration (WAPA) “had not always established adequate physical security measures and practices for its critical assets, addressed physical security measures recommended in prior risk assessments, and conducted performance testing to ensure that security measures for physical assets were performing as designed.”
WAPA is one of four DOE-run electricity transmission providers and is responsible for more than 17,000 miles of transmission lines which provide power to 680 utility and power companies that operate 328 substations across the western U.S. — WAPA is one of the top 10 largest electrical transmission operators in the country.
WAPA’s size makes it a prime target for attacks, and in the wake of the 2014 attack on a California substation DOE is pressing WAPA and others to do more to protect the grid. But WAPA has a long way to go in that regard, according to the IG.
“The issues we identified occurred in large part because Western had not placed sufficient emphasis on physical security,” the IG’s office wrote in its report. “We also found that Western lacked specific policies and procedures for maintaining security equipment, controlling access keys, implementing risk assessment recommendations, and conducting performance tests.”
“These concerns are not merely theoretical,” the IG reported. “Western had experienced instances where its critical assets had been penetrated and, in some cases, Western did not have the physical security capabilities to promptly detect the intrusions.”
“One of the intrusions resulted in damage to the perimeter fence and control building door, and the theft of a security camera and tools,” according to the report.
Grid security has become a major focus for national defense officials in recent years as they worry about hackers causing massive blackouts. Such fears aren’t completely unfounded. Russian hackers recently broke into Ukraine’s electric grid and caused power outages.
Federal officials are also worried about physical attacks on the electric grid, which some fear is vulnerable to attack. Lawmakers share this worry too, especially in the wake of a sniper attack on a California substation in 2013.
The sniper attack caused $15.4 million in damage and nearly took out power to Silicon Valley. Federal officials believe the attack was an “inside job,” but no suspects have been named.
“Because of these recent events and the importance of securing the bulk electric system, we made recommendations designed to improve Western’s physical security and to reduce the risk of damage to its critical assets,” the IG reported.
The IG report listed some things WAPA hasn’t done to adequately protect its infrastructure from a physical attack. Such things included:
Lack of barbed wire at the top of the perimeter fence to prevent unauthorized entry;
A perimeter access gate left unlocked and unattended;
Lack of audible alarms that would annunciate within 10 seconds of the substation control house or power system control center door not properly closing;
Lack of lighting that could be controlled remotely from the power system control centers; and
Landscaping that could permit the concealment of dangerous objects or obstruct the view of the perimeter by security personnel and cameras.
“Western officials informed us that as of October 2015, they had developed a draft approach to make the exemption process a more formal, documented process in which exemptions would be based on threat factor analyses,” the IG noted.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact email@example.com.