A detailed road map for securing dams and associated power generation stations
There are more than 90,000 dams and power-generating facilities in the United States, according to the U.S. Department of Homeland Security. These dams play a critical role in the infrastructure of our country, providing water for irrigation and for communities to drink, generating power that allows our modern lives to function, maintaining navigable waterways for transportation and freight and protecting our farms and communities from flooding.
With millions of acre feet of water and thousands of square miles of surface area and coastline, these assets are big, and the consequences of a security breach on a dam or power-generating facility could be catastrophic and far reaching. While there are obvious threats – including damage to surrounding areas and loss of services – the less obvious threats are just as critical. These facilities often create recreational areas that generate economic dollars for surrounding communities, thus the loss of function and changes to the landscape could endanger the livelihoods of hundreds or thousands. Ensuring the security of these critical infrastructures is paramount for the protection of communities across the U.S.
Based on a decade of experience securing 33 dams and other power facilities in critical regions across the country, and having worked with agencies in California, Oregon, Washington and Georgia to support individual installations and networked water control systems, we at Trofholz have developed a standardized process to achieve the necessary security. At each site, it is necessary to balance the threats to the facility, the needs of the community and needs of onsite personnel. While each installation is different, security professionals can ensure they achieve a site’s hardening goals by following a standard process while adapting the tools to meet the individual needs of each site. This process, with pre-project preparation, a site survey, a customized design plan, installation, testing and then cybersecurity and information assurance hardening, gives dams the full, integrated physical and information security system that is needed for this critical infrastructure.
Everyone should begin each project by reviewing and understanding the appropriate national codes, standards, installation requirements and other applicable documents. On such critical installations, it is important to integrate compliance to regulatory requirements in to your project management plan. On government-run dams, it is often a requirement to have employees complete the Anti-Terrorism Level I awareness training. As a best practice, an operational security standard operating procedure plan should be established and tailored to each installation.
By conducting a site survey, the team can evaluate installed infrastructure, validate equipment quantities and identify any performance issues or operational limitations of the proposed system. With this information, the team can create a current site conditions report, which describes the site and facility, infrastructure, existing systems, equipment quantities and performance issues or operational limitations. This report can also address all regulatory compliance concerns, provide technical recommendations on improvements and list assumptions, giving the team a foundation to discuss the true needs of the facility, the specific dangers it faces because of its location, environment and role in the water system. These discussions will lead to the creation of a customized design plan.
Customized Design Plan
Prior to breaking ground with construction activities, the project will need thorough and accurate design plans that depict all electrical, civil, mechanical, electronic, excavation and infrastructure facets. This design plan should address the particular concerns of each location. Work on any installation could include the technology, electrical, civil and communications to support access control, intrusion detection and video management. More public sites may need vehicular crash barriers carrying U.S. Department of State K-12 crash ratings. All systems integrate into one common security management system (SMS) for ease of system monitoring and management.
Integrated Physical and IT Security
Many dam and power customers use truly integrated solutions with all access control systems and video surveillance delivered through single graphic user interfaces. To ensure successful performance, it is recommended to test multiple technologies in each terrain to ensure implementation of the most appropriate equipment and take advantage of the most advanced security tools available, combined into a user-friendly system. The system design should provide high system usability by integrating all technologies into a common SMS. Using a SMS ensures a system provides seamless, easy-to-use protection and management.
The SMS monitors and records to a database all system events, including authorized transactions, violation of either physical or virtual boundaries, procedural policies and system/equipment failures or malfunctions. The SMS allows separate groups to share a single database while partitioning the data through access permissions to maintain individual group security.
Based on the needs of the facility, a combination of pan-tilt-zoom (PTZ) and fixed cameras are typically used, chosen at the site survey in conjunction with the site security manager. Thermal imaging PTZ cameras and analytics may also be employed to support the desired security posture. At many facilities, the intrusion alarms are linked to cameras, so if a forced entry is detected, the nearest camera zooms in. A variety of intrusion-detection sensors are used, both indoors and out. Higher-risk facilities often install long-range acoustic devices, so security personnel can observe and deter intruders with pre-recorded messages or tones. The project will also include physical security barriers, sometimes including fencing, crash bars, gates and bollards. The goal of consultants and integrations should be to support security assessments done by the site security manager, with the overall goal of increasing the posture and providing added security.
For some installations, a security control center (SCC) is used as the primary security monitoring and administration center. The SCC can be set up so the system can be expanded (scaled) to accommodate the monitoring and administration of additional remote security systems. In some cases, the primary SCC is combined with an additional secondary remote-client workstation as a backup.
Most dam and power-generation facilities are not standalone sites but are part of a linked network. These sites are often remote and can have limited connectivity; while a few have some cell coverage, many are not even connected to landline, fiber or other communication networks. The team must adapt to coordinating with the available communication tools. Standard phone lines, microwave communications and wireless point-to-point solutions have all been used to ensure the systems remain interconnected. Dams are generally moving to centralized operations with only one main site in a string of sites staffed at any time. This means that the supervisory control and data acquisition (SCADA) and Generic Data Acquisition and Control System (GDAC) are dam controls, with all work done through programmable logic controllers (PLCs) and touch screens. With power generation and water levels controlled by a centralized location, the access control systems should follow suit; however, it is important to maintain the ability to monitor and administer each individual system locally.
Microwave communication is put in place with a router “network.” The security system is included in the network. On multi-site or multi-facility dams, the facility separates the SCADA, GDAC and Electronic Security Systems (ESS) systems through the microwave. At each point/facility, there is a microwave, router and switch on site. A port on the facility router can be used for an additional router and second switch for the security systems. The security devices connect to the second route and bank of switches, creating a dedicated security network inside of the facility network. Microwave is useful when fiber is not an option because of the remote terrain or other limitations, and it is faster than phone lines when regularly maintained.
In other instances, wireless communication provides point-to-point radio communications, allowing the integrator to extend the network to remote locations within each facility. Facility size and location play a huge role in communications challenges. Distance limitations on both fiber and copper create communication challenges and require different components to make each network connection work. Finding a solution to support system communications with the most effective and least disruptive results for the facility ensures the operator can achieve the highest level of facility hardening with the most on-site buy in.
Federal Identity Credential and Access Management (FICAM)/Federal Information Processing Standards (FIPS) 201 Compliant Systems
FICAM is the U.S. federal government’s implementation of identity, credential, and access management (ICAM). It is meant to provide a common set of ICAM standards, best practices and implementation guidance for federal agencies. A FICAM/FIPS 201-compliant system begins with the readers. In a compliant system, the person requesting access goes through a two-factor authentication process. When the user presents the badge to reader, the certificate on the badge hits the certificate manager and sends a request to the federal bridge. The system receives a response from the federal bridge that the credential is either valid or invalid. A valid credential proceeds to the next step; an invalid credential is denied. If a valid credential is presented, the access request is then sent to the access control system. If the user is allowed in that area, the system unlocks the door; if not, the door remains locked and access is denied. In this system, all users must pass a thorough background check before the cards with certificates are issued.
Installation of security systems will typically require the use of above- and below-ground conduit throughout the entire facility, there is also the matter of high-voltage electrical distribution, fencing and gates. Each site follows a specific, logical installation plan, keeping any existing security equipment in place and operational until the new system is online and functional. Civil engineering analysis can be needed to ensure proper foundation depths for towers and equipment, while still accounting for wind-load thresholds.
When installation appears complete, contractor field testing (CFT) begins. During the CFT, all equipment is tested and calibrated, and the integrated systems are placed into service. After the CFT procedure, a detailed report is delivered to the customer describing the results of the system tests, diagnostics and calibrations and provides written certification that the system is calibrated and ready to begin performance verification testing (PVT). It is then recommended that the integrator conducts PVT and endurance testing and documents the results. During endurance testing, the goal is to identify all system failures, explain the cause of the failures and list the corrective action taken to repair the failure.
It is recommended that the quality control program works with and complements the U.S. Army Corps of Engineers’ three-phase control system. Testing procedures will be performed and reports will document performance verification tests following quality assurance surveillance plans (QASPs). We include QASP tasks from the performance work statement (PWS) in our schedule and measure completion of these tasks against the performance objectives given in the QASP.
Cybersecurity and Information Assurance
The team should plan implementation, validation and accreditation of information assurance controls, including timely and effective configuration and vulnerability management. The team should develop and maintain the system security plan and artifacts for information security through receipt of accreditation. This ensures that administrators use information security engineering to implement or modify the information assurance component of the system architecture in compliance with the systems security plan and enforce accreditation decisions for information security. Because this data is so critical, the solution provider should work with the customer to develop a disaster recovery plan for this system and integrate the risk management framework into all systems, including hardware, software and other equipment.