The challenges & risks of substation security: What to do about it?

What is substation security?

Substation security refers to the measures and technologies used to protect critical electrical infrastructure from malicious acts. Unique combinations of access, video security, alarm and sensor systems help to ensure the reliability of the power grid by mitigating substation attacks.

Attacks against the U.S. power grid have risen by over 70% in recent years, with substations in both remote rural and dense urban areas viewed as targets. To help combat physical threats, substation security systems are used to proactively reinforce, restrict access to and provide continuous visibility over important and vulnerable infrastructure.

Why is protecting power substations important?

Protecting power substations is critical to national security as these facilities play a vital role in distributing power to most U.S. homes and businesses.

Failure to uphold substation safety best practices and safeguard vulnerable equipment can severely impact communities in multiple ways. Examples of common consequences include:

• Power outages: Physical damage to substations can leave large numbers of homes and organizations without power for weeks or months at a time, severely disrupting key business operations and risking the health and well-being of communities at large.
• Economic impacts: Disruptions to the power grid can cost millions of dollars in lost revenue and negatively affect supply chains nationwide; even small-scale substation security breaches can cause lengthy disruptions that require complex, costly repairs.
• Loss of critical facilities: Power outages can cause critical facilities like hospitals, water treatment plants and police stations to shut down or severely restrict essential operations, potentially placing numerous vulnerable people and communities at risk.
• Environmental damage: Physical substation attacks against exposed equipment like transformers can cause dangerous fires, explosions and oil spills, often leading to significant environmental damage that takes a lot of time and resources to address.
• On-site safety hazards: Substation security threats can cause immediate harm to on-site personnel and first responders, with damaged infrastructure posing risks of electrocution and fires that can be hard to assess and communicate with no power.

The unique challenges of substation protection

While many staple security technologies such as access control, video security and sensor systems, are present in both traditional business and substation security systems, the unique design, purpose and risk level of power substations necessitate site-specific deployments.

The unique challenges of substation protection include:

• Elevated risk level: Electrical substations are uniquely vulnerable to physical and cybersecurity threats posed by terrorist groups, organized criminals and vandals.
• Exposed infrastructure: Critical infrastructure like transformers and circuit breakers are visible at a distance, making them vulnerable to ranged drone and ballistic attacks.
• Secure accessibility: Substation security must balance security and accessibility by deterring intrusion events while ensuring streamlined access for maintenance teams.
• Unmanned sites: Many facilities are in remote locations that are not manned at all times, requiring substation security systems to be automated and remote-accessible.
• Compliance management: The equipment and measures used to ensure substation security must meet strict standards laid down by industry and government authorities.

Common threats to substation physical security

Substations face wide-ranging risks posed by both criminals looking to disrupt power grids and opportunistic criminals planning to steal valuable materials. To effectively safeguard critical sites, substation security teams must make provisions to combat the following threats.

Unauthorized access

External and internal threats may attempt to gain unauthorized access to sensitive areas and equipment to cause damage or steal valuable assets. All potential access points must be reliably secured and site operators must be able to investigate access events.

Ballistic attacks

Malicious actors use high-caliber rifles and other projectile-based weapons to damage key infrastructure like transformers and circuit breakers from range. Substation security systems will often leverage observational technologies to proactively identify potential ballistic threats.

Theft and vandalism 

Valuable equipment and materials like copper wire can attract the attention of thieves, while organized criminal groups and agitators have been known to intentionally damage substation control houses and infrastructure to cause power outages and disrupt essential operations.

Cyber-physical attacks

Cyber-attacks on critical infrastructure have risen significantly in recent years, with attacks against utility companies surging by over 40% in 2024. Without appropriate cybersecurity measures in place, system breaches can enable attackers to damage physical infrastructure.

Drone incursions

Unmanned, remote-controlled drones are being used more frequently by criminals to bypass traditional security measures and breach high-risk facilities. Drones can be used by attackers to collect images of sensitive sites and destroy equipment with explosive payloads.

The key components of a substation security system

To reliably and identify and address substation attacks, operations managers and security teams must implement layered protections built around site-specific needs. Below are some examples of key substation physical security that all leaders should consider utilizing.

Perimeter security measures

Physical obstructions like fences, barriers and gates should be erected around the perimeter of the site to shield infrastructure from view and limit entry points. Long-range bullet cameras and motion-activated lights should also be used to help deter and detect suspicious activities.

Substation security staff should consider installing License Plate Recognition cameras and vehicular access control systems at entrance roads to help ensure only known vehicles can gain site access, as well as erect signage warning of active substation security.

Access control systems

Access to all areas of power substations must be secured behind traceable credentials, with permissions managed via a role-based system. Authorized persons should be issued unique credentials that only grant entry to select areas and permissions must be regularly reviewed.

Multi-factor authentication should be applied to high-risk areas like substation control houses, with biometric facial recognition, iris or fingerprint scans required to gain access. All access events should also be recorded in a digital management platform to support frequent audits.

Video security 

IP security cameras should be installed to cover all critical areas and provide continuous visibility over the site. Cameras should have ruggedized housings to protect against impacts and explosions and be connected to a cloud management portal to support remote viewing.

Substation security cameras should have thermal imaging features to capture clear footage in all light conditions, as well as native video analytics to help detect risks; AI-driven cameras can autonomously detect and warn of threats like suspicious motion and contraband objects.

Environmental sensors

Internet of Things (IoT) sound, motion, pressure and temperature sensors can be deployed to improve substation security by automatically identifying and engaging responses to safety threats; sensors can be installed around the site and programmed to react to unique stimuli.

Via integrations, sensor data can be used to inform and enhance the operation of wider tools like entry systems, cameras and alarms. For example, workflows can be developed whereby suspicious motion instantly locks access points and flags relevant camera footage for review. 

Communication devices

Providing on and off-site teams with secure, accessible and portable communication devices is key to safely addressing substation physical security threats. Solutions like two-way radios and encrypted smart devices can enable teams to effectively communicate real-time insights. 

Ruggedized handheld radios with Wi-Fi connectivity and noise suppression capabilities can help to ensure on-site personnel are able to communicate potential threats securely, as well as provide off-site authorities a way to pass important response information over to workers.

Security management platforms

Substation security management platforms enable personnel to combine the operation and management of multiple security technologies within a centralized system, providing teams the ability to create unique automations and view insights from multiple devices simultaneously.

Operators can use data from one device to control the operation of another, e.g., suspicious access attempts trigger nearby cameras to record and alarms to sound, with authorized staff able to access the management platform remotely to investigate and address threats 24 / 7.

Substation security regulations and standards

Given the high-risk nature of the power and utilities industry, substation security teams are required to comply with strict regulations and standards when designing and implementing physical security; below are some examples of core substation security regulations.

Federal Energy Regulatory Commission Reliability Standard CIP-014 – 3

CIP-014 – 3 is a mandatory standard intended to help substation security personnel identify and protect facilities against physical attacks. The standard requires leaders to assess risks and implement security measures to prevent instability and failures in the bulk power system.

To maintain compliance with the FERC Reliability Standard CIP-014 – 3, operators must:

• Perform risk assessments to identify critical facilities.
• Have a trusted third-party review risk assessments.
• Implement thorough physical security plans for identified sites.

North American Electric Reliability Corporation Security Guideline

The North American Electric Reliability Corporation (NERC) Security Guideline is a voluntary set of best practices designed to help substation security staff combat common safety risks; the NERC guideline offers practical advice for developing effective responses to threat alerts.

The NERC Security Guideline provides actionable guidance on:

• Developing a process for communicating changes in threat alerts.
• Implementing security measures for site-specific threat conditions.
• Establishing communications between on-site teams and authorities. 

North American Electric Reliability Corporation Standard CIP-006 – 6

The NERC Standard CIP-006 – 6 is a mandatory regulation that requires substation security leaders to create, implement and maintain documented plans to protect bulk electric system cyber assets from unauthorized access in order to protect the power grid against instability.

Important aspects of NERC Standard CIP-006 – 6 compliance include:

• Documenting procedures for controlling physical access to computer systems.
• Leveraging intrusion detection systems and maintaining structured access logs.
• Deploying access control systems to restrict physical access to sensitive areas.

Occupational Health and Safety Administration 1926.966 — Substations 

The Occupational Health and Safety Administration (OSHA) Standard 1926.966 offers advice regarding safety requirements for performing construction and maintenance work in electrical substations, covering factors like access control and the safe operation of security equipment.

OSHA Standard 1926.966 — Substations covers information like:

• Rules for maintaining safe and sufficient access to electrical equipment.
• Guidance on safely operating perimeter security equipment like electric fences.
• Advice on providing safe role-based access to temporary staff, like contractors.

Important substation protection planning considerations

Site-specific environmental and operational factors will determine how decision-makers and leaders should approach substation protection planning. As no two substations are identical, the requirements of an effective physical security plan will vary across independent facilities.

When approaching substation security planning, consider the following factors: 

• Location and surroundings: Manned substations in dense urban areas will require different protection strategies from those of unmanned remote rural facilities; consider how the surrounding environment will influence the types of threats posed against the facility.
• Historic threat landscape: Substation security leaders should review historic threat reports to help identify security improvements most likely to provide practical benefits.
• Facility size and layout: The size and layout of a facility will influence the types and numbers of devices required to improve security; e.g., appropriate security camera models, volumes of access control readers and types of perimeter security measures.
• Staffing capabilities: Unmanned and low-staff facilities will benefit from automated, remote-accessible technology that requires minimal maintenance to function effectively.
• Budgetary constraints: Considerations concerning the upfront and long-term costs of substation security equipment must be made to help identify appropriate solutions.
• Future scalability: An effective substation physical security system will be designed to evolve as needs and risks change; prioritize integration-ready, scalable equipment.

Implement future-proof substation physical security

As the substation security threat landscape grows more complex, operations managers must identify practical security options designed to provide future-proof protection. Learn more about how smart video security helps to safeguard critical facilities against modern threats.