Power plants deliver usable energy to the world and are among the top-rated, high-risk facilities. Conservative and regimented in tried and proven SOPs, these energy generators operate on strict day-to-day practices that ensure the security and safety of people and assets.
As the threat of terrorist attacks become more real, governments, energy and electric organizations, and plant owners must review and increase security measures. Depending on the plant and its location, threats can include syndicated theft and extreme environmental activities. "You must understand your adversary, to define, design and plan your security system," said Javier Prieto, Security Leader for Spain and Portugal, Honeywell Building Solutions.
Most power plants today follow regulations and best practices for critical infrastructure. However, system guidelines are broad, leaving actual equipment specifications to be agreed upon by plant owners, integrators and the operations team.
Planning and installation must be carefully considered at the onset, to avoid using equipment unfit for the environment. The type of plant and its location makes every solution unique.
Current systems installed at power plants are analog and becoming obsolete. Introducing digital systems gradually brings more hybrid systems to the fore. However, integration is challenged by a lack of support from existing equipment manufacturers, some of whom are no longer in business.
Information management and sharing is still at a basic level and often done manually. As most power plants are privately-owned, external information is shared through e-mail distribution lists and hotlines. Within the plant, information is distributed from the command and control center. SCADA systems dominate, but have rudimentary mapping capabilities, which is crucial for response during an emergency. Fully integrated platforms, such as sophisticated CMS or PSIM, have yet to reach power plants.
When existing systems break down, outdated parts are becoming more difficult to find. Users are gradually moving towards IP-based systems, which offer more flexibility, scalability and cohesive information management. The time is ripe for change.
Regulations and Standards
Excluding nuclear plants, no regulations govern power plant security, so best practices and recommendations are followed. However, government organizations such as the US Nuclear Regulatory Commission (NRC), North American Electric Reliability Corporation (NERC) and the US Department of Homeland Security have been actively involved in standardizing requirements for the energy sector.
"The U.S. pioneered nuclear power stations, and many countries around the world, such as Japan, Mexico and Canada, follow American standards," said Hagai Katz, Senior VP of Marketing at Magal S3.
NERC requires power plants to look outside service territories and establish security principles based on the electric grid's reliability, which requires visibility at a higher level. "This means that security technologies applied should be designed with a 'protection-indepth' philosophy — to deter, detect, assess and respond to an incident," said Dale Zahn, VP of Business Development at Intellibind Technologies.
The corporation holds quarterly Critical Infrastructure Protection Committee meetings with representatives from the federal government, as well as industry representatives from the eight NERC operating regions. "Representatives have IT, operations or physical security backgrounds, and come from the investor-owned municipal and cooperatives," Zahn said.
System guidelines are broad, leaving users flexibility to specify their equipment wants and needs, said Darryl Polowaniuk, Manager of Security and Fire Safety Solutions at Johnson Controls.
The market is large and relatively untapped.
Power companies will need to spend US$1.4 trillion over the next 22 years to meet power demands and modernize the transmission and distribution grid, according to the "Improving Power Plant Performance Through Technology Upgrade" white paper by Honeywell Process Solutions. Most power plants have been using the same security systems installed 10 or 20 years ago, making refurbishment or replacement a priority.
"In Europe, power plants are increasingly implementing security systems with 12 to 15 percent growth," Prieto said. Global growth is slightly lower, averaging 6 to 8 percent.
In India, there are one or more plant projects underway in each state. Some are old plants, with little surveillance. "There is a big opportunity to install video surveillance systems in these plants," said Anantharam Varayur, Director of Webcom Information Technology.
In South Africa, security makes up at least a quarter of the project's budget. "If security systems are found noncompliant, plants can be fined," said Kevin Pearman, AccountManager, Integrated Security and Building Management Systems, Bytes Systems Integration.
Designing and Planning
Most project tenders are indiscreet — there can be separate tenders for video surveillance, access control and intrusion detection systems. "At this time, orders can be awarded to multiple vendors, which creates a challenge in integrating the systems," Varayur said. "Customers must take the initiative of putting requirements together at the project onset for a comprehensive tender."
Driven by the need to meet local requirements, planning and design is usually standards-driven, Zahn said. Involved parties include representatives from plant operations, engineering, safety, the supply chain, IT, security and plant maintenance. Once needs are determined, an experienced system integrator will be hired to ensure consistency across a fleet of generating stations, involving equipment selection, operation, maintenance and repair of applied technologies.
As power plants are often located at remote sites, maintenance for faulty equipment requires long waits for repair technicians. "Sometimes customers actually buy spare parts, including cameras, network switches, encoders, additional servers, monitors and power supplies, to lessen the downtime of a system breakdown," Varayur said.
Security managers and their corporate security departments have a vested interest in the final design, as they will likely be stewards of the system upon completion, Polowaniuk said. IT managers also play a crucial role in supplying the network, involved in considerations for bandwidth requirements and redundancy.
The type of power plant and its environment impacts security requirements. In general, hydroelectric, coal and fossil fuel, solar and wind plants follow best practices.
Security systems at nuclear power plants are doubled or tripled compared to other plants, as they should comply with legislation, Prieto said. For example, all systems at nuclear plants must be redundant, including networks, fences, control rooms and servers. In comparison, a solar plant might have a single perimeter solution equipped with cameras and fences, but nuclear plants can have up to three layers of perimeter protection.
Coal and other fossil burning plants in the environmental spotlight must follow procedural detection measures to protect against activists, Polowaniuk said.
Hydroelectric plants typically border large bodies of water, exposing them to more complex risks. "If a terrorist was to strike via a boat coming into the dam, it would be disastrous," said Aluisio Figueiredo, COO of Intelligent Security Systems. Armed military personnel usually patrol seaside or water borders at all times.
Cameras equipped with video analytics are necessary to track boats coming into secure areas. "This unique requirement is very common for water dams," Figueiredo said.
For seaside plants, noncorrosive solutions need to be implemented.
The salty and moist environment of ten results in equipment replacement after just one or two years. "Even standards such as IP66 or IP67 are sometimes not enough to protect against corrosion, so special anti-corrosive standards and practices must be used," Katz said.
Power plants located in rural areas with limited natural barriers become simpler to protect, Polowaniuk said. Thermal cameras and radars can be used to survey areas beyond the plant's perimeter. This is not so in urban environments.
In urban environments, plants must be careful not to disturb neighboring residences or commercial buildings. For example, strobe lighting and audible alarms could be disruptive, Polowaniuk said.
The high foot traffic in cities presents unique challenges. "Security incidents related to conventional delinquency, such as theft, increase for plants located in urban areas," Prieto said. "You cannot use long-range perimeter devices to survey areas beyond your perimeter, which means that other perimeter protection systems need to be considered."
Paired with a preference for aesthetics, perimeter security in urban areas can opt for noninvasive systems such as buried cables or decorative fences, Katz said.
Most power plants are dated facilities, with traditional analog systems in place. Systems and parts become obsolete, which make integration with management platforms difficult. In security, the shift toward convergence is an appealing solution to all high-risk critical facilities, but power plants are adopting slowly.
"The maturity of the market is an issue, and often security managers at power plants, who have been trained and are familiar with traditional systems, are reluctant to switch out existing systems," Prieto said.
Aging systems are the most pressing issue, and at some point, when the system is no longer scalable or does not provide adequate protection, it should be replaced, Polowaniuk said.
Most security systems in power plants are stand-alone and manually controlled. For example, if an alarm from the perimeter sounds, a security operator will maneuver a joystick to pan a camera toward the detection zone. "This is the common practice," Katz said. A balance must be struck between manpower and technology — as technology develops and becomes more automated, power plants can save on manpower.
Experts agreed that the energy sector, once at the forefront of security technology, is now lagging. "Most of these systems are coming to the end of their useful lives, and next generation power plants will be free to go straight into IP-based systems," said Richard Lack, Sales and Marketing Director at ASL Safety and Security.