When addressing NERC CIP014 physical security requirements, substations and power transmission facilities must not only consider how to detect, deter and delay, but also the means to assess and respond.When addressing NERC CIP014 physical security requirements, substations and power transmission facilities must not only consider how to detect, deter and delay, but also the means to assess and respond. A traditional approach to address these components of a security plan might rely on a security officer to perform these tasks. However, when considering available funding and allocation of human assets, it is important to realize that today’s security technology can automate many of these tasks by quickly and effectively assessing, responding and deterring an intrusion event without requiring any interaction from security personnel.
Traditional response scenario
To understand the automation capability of today’s security systems, let’s first consider a typical intrusion scenario. The first task is understanding a threat has actually occurred. This may be accomplished by a security person physically monitoring video feeds, or some type of security sensor providing an intrusion warning. When such a threat is detected, a series of operations are set in place to validate the threat and determine if it warrants action.
Validate the event: In most cases, the first action requires the security guard to validate that a real threat exists. This is done through visual confirmation, via a video feed or a visual confirmation of a first responder. Once the threat is confirmed, responders must orient themselves to the location of the potential threat. This is often difficult, having to deal with a large number of monitors displaying imagery from different cameras at different locations and view angles.
Initiate response: Once the location is resolved, action can be taken to address the potential threat. The guard will most likely call a mobile team to physically intervene. Simultaneously, the guard in the command center must continuously relay the threat’s location.
Track/deter: As the intruder continues to move, the entire problem is made more difficult as the command center operator must control the cameras via joystick and continue to provide status information. This becomes increasingly more complex as the intruder transfers from one camera’s field of view to another. Additionally, valuable time is often lost in reacquiring the target on the new camera.
Although this response scenario is a valid approach to react to an intrusion, the following video technologies can automate these manual actions.
Automation 1: Target classification
The simplest definition for video-based “classification” is the “ability to determine the type of target” which is present. This is achieved through a technology referred to as video analytics or intelligent video, which analyzes the pixels from a camera video feed and extracts actionable security data. So rather than merely understanding that something is there, classification determines the type of target: human, animal, car or a truck and uses that information to assess whether an alarm is in order. By determining target type, this intelligence can eliminate false alarms, filter out nuisance events and alleviate the need to have an operator manually acknowledge an event before action is taken.
When video analytics is further enabled with geospatial (location-based) intelligence, additional target attributes may be determined such as, target location, target track, real size and real speed. In addition to providing a much richer data set for automatic alarm assessment, it also provides the means to dynamically display intrusion events on a map-based interface, meaning camera sensors and object locations are displayed in real-time on a map of a facility. Icons showing target classification types can also be presented at their real-time locations.
Automation 2: Slew to cue
Slew to cue is the automated response of the system to a verified target. Slew to Cue allows a pan-tilt-zoom (PTZ) camera to be automatically steered to the exact latitude, longitude and elevation of an alarm. This information may be provided via a camera utilizing location-based video analytics, as described previously, or it may be provided by other location aware security sensors, such as ground-based radars, access control systems, intelligent fence sensors, inground systems or proximity sensors. This action, also referred to as “slew to target,” results in visual confirmation of the target, which can then be provided to the security personnel. The guard may now focus his attention on relaying the pertinent information to all necessary individuals.
Automation 3: Camera auto follow
By equipping the PTZ camera with intelligence, this automation can go a step farther by automatically tracking the target as it moves about the area. Camera Auto Follow is a video analytic that continuously controls a PTZ camera to keep a target of interest centered in the camera’s field of view. The algorithm automatically controls a camera’s pan, tilt and zoom taking into account the target’s direction and speed to ensure the target does not exit the camera view. This camera auto follow automation will continue to track a target until the target is lost or the operator takes manual control. Much like slew to cue, the ability to maintain a visual image of the target without the need for operator intervention is a tremendous help for a responding security person.
Automation 4: Audio talk down
The next form of automation leverages the ability to detect, classify and follow a target with a camera, while knowing the target type and its location. Audio talk down is the attempt to deter, delay or hasten an intrusion through real time deterrent interaction with the intruder, typically using an audio device, spot light or dazzler. In these situations, a PTZ camera equipped with a co-mounted or nearby deterrent device can issue live commands or intelligently selected pre-recorded commands that corresponds to the system’s knowledge of the intruder’s current location and actions. This automated means to attempt to drive away the intruder is particularly beneficial for remote facilities or substations where a response may take 30 to 60 minutes or longer for an onsite response. Video-based “classification” is the “ability to determine the type of target” which is present. This is achieved through a technology referred to as video analytics.
Automation 5: Scan to target
A complementary automation technology is "scan to target." Scan to target is a useful capability when detecting at long ranges or detecting fast moving targets, where margins of location accuracies can compound. These might include the accuracy of the camera’s PTZ mechanism, a camera's position drift, installation variances, accuracy in the detecting sensor's reporting position or that fact that the target is moving quickly. The result: when the camera is steered to the point of intrusion (slew to cue), the target is not present in the camera's field of view.
"Scan to Target" was introduced to address this issue. This feature is designed to engage when the camera is slewed to a location but no target is found. In this case, the scan to target algorithm is invoked and will cause the camera to intelligently scan the area where the alarm was reported in an attempt to acquire the target. If the target is found, the PTZ camera will then automatically invoke automatic following.
Use of existing equipment
It is important to note that these automations do not require new cameras to be installed. In most cases, a single edge type computer can be installed at the remote facility, or a commercial off-the-shelf server at the central command facility. This edge device or dedicated server can work with existing cameras and monitor video feeds for detection and assessment, and interface with camera controls to allow camera automation functionality.
Securing our nation’s power grid is a serious issue, but the reality is substation and power generation facilities have limited capital and operational budgets to allocate to security. As such, security measures need to be effective and affordable in terms of acquisition and continued operation. Use of automation technologies outlined in this write up, can not only provide a high level of detection, but also provide target assessment, response and deterrence without increasing the need for additional security manpower.