Eknoor B.

asked • 12/11/20

Question below.

Infrastructure Security Scenario 1

You are in charge of planning and implementing a security system for a new electrical substation that will be built next to a new housing development. The substation is equipped with high-voltage electrical switching gear for the surrounding community. It is not manned on a full-time basis but does have a control building that houses instrumentation and communication equipment, as shown in Figure 1.1.


Diagram of an electrical substation with a control building that houses instrumentation and communication equipment, and is equipped with high-voltage electrical switching gear for the surrounding community.

FIGURE 1.1 The Electrical Substation


The high-voltage switch gear accepts electrical power from different sources, which it then conditions and routes to the community users as needed. The energy arrives on a set of different high-voltage supply lines and leaves the facility via different sets of distribution lines.


The monitoring devices and control systems in the substation communicate with different parts of the utility’s transmission and distribution system to route electrical power where and when it is needed. These communication channels include wireless radio signals, signals transmitted across the power lines, and traditional network communications media.


Risk Assessment 1

From the information provided in this first scenario, consider the National Institute of Standards and Technology (NIST) functions detailed in this section and then record your observations as they relate to each category.


Identify

Create an inventory of physical assets (devices and systems) within the substation (NIST ID.AM-1).


Protect

Describe in general how you might go about protecting the physical assets identified in the previous point (NIST PR.AC-2).


Detect

How would you know if someone or something was attempting to access, disable, degrade, or destroy one or more of the devices and/or systems in the substation? How could you detect anomalies and events that might impact the operation of the substation (NIST DE.CM-2, 8)?


Respond

How would you need to respond to the anomalies and events you’ve identified through the devices, systems, and steps you would implement in the previous point (NIST RS.AN-1, 2, 3)?


Recover

Which steps could be put in place to recover from actions intended to access, disable, degrade, or destroy the assets you previously identified (NIST RC.RP-1)?

1 Expert Answer

By:

Emily C. answered • 06/11/25

Tutor
New to Wyzant

Computer Science Tutor & University Senior

See tutors like this
See tutors like this

Identify

NIST ID.AM-1 – Inventory of physical assets (devices and systems)

To create an inventory of physical assets in the substation, list and categorize all components by type and function:

Physical Assets Inventory:

  1. High-voltage electrical switching gear
  2. High-voltage supply and distribution lines
  3. Transformers and circuit breakers
  4. Control building
  5. Instrumentation panels
  6. Programmable Logic Controllers (PLCs)
  7. Communication equipment:
  8. Radio antennas and wireless transmitters
  9. Power line communication modules
  10. Ethernet/network switches
  11. Video surveillance (if present)
  12. Physical access control systems (locks, gates, badge readers)
  13. Backup power systems (generators, batteries)
  14. Environmental systems (HVAC, smoke detectors)

Each asset should be tagged with location, function, connectivity (if applicable), and criticality to operations.

Protect

NIST PR.AC-2 – Physical access control management

To protect these assets:

Physical Security Measures:

  1. Fencing and Perimeter Control: Install a secure perimeter with anti-climb fencing, motion-detecting floodlights, and signage indicating restricted access.
  2. Access Control: Use badge readers or biometric scanners at entry points to the control building. Maintain logs of all personnel entries.
  3. Locks and Secured Enclosures: Lock all cabinets, breaker panels, and communication hubs.
  4. Surveillance: Deploy CCTV cameras at key points (entry gates, control room, switchgear area).
  5. Visitor Management: Require visitor sign-ins and escorts. Keep logs for auditing.
  6. Cybersecurity Protections:
  7. Configure firewalls on all network-connected devices.
  8. Implement role-based access control (RBAC) on SCADA systems and PLCs.
  9. Regularly patch and update all software/firmware.

Detect

NIST DE.CM-2, DE.CM-8 – Detection of anomalies and events

To identify unauthorized access or damage to systems:

Detection Strategies:

  1. Intrusion Detection Systems (IDS): Deploy both physical intrusion detection (motion sensors, contact alarms) and network-based IDS to monitor communication traffic.
  2. Log Monitoring:
  3. Monitor logs from physical access systems.
  4. Monitor authentication logs for communication/control systems.
  5. Environmental Sensors: Use temperature and smoke detectors to identify signs of fire or equipment failure.
  6. Anomaly Detection Software:
  7. Monitor traffic across the substation’s network and power lines for irregular patterns.
  8. Use AI-based monitoring to flag abnormal control commands or data reporting from field devices.
  9. Visual Surveillance Monitoring: Use AI-assisted camera analytics to detect unusual movements.

Respond

NIST RS.AN-1, RS.AN-2, RS.AN-3 – Response analysis and coordination

Response Measures:

  1. Incident Response Plan (IRP):
  2. Establish predefined steps for power system operators and IT/cybersecurity teams.
  3. Assign roles and communication lines for emergencies (e.g., contacting local law enforcement, internal response team).
  4. Containment Actions:
  5. Physically isolate affected systems (e.g., disable switchgear remotely).
  6. Isolate compromised network segments or communication channels.
  7. Analysis Tools:
  8. Perform forensics on logs, surveillance footage, and network captures.
  9. Communication:
  10. Notify utility leadership and regulatory bodies as required.
  11. Update the public only if necessary (e.g., outage or safety risk).

Recover

NIST RC.RP-1 – Recovery planning

Recovery Steps:

  1. Disaster Recovery Plan (DRP):
  2. Restore communications and control systems from clean, validated backups.
  3. Document step-by-step recovery for both cyber and physical failures.
  4. Redundancy Planning:
  5. Use redundant network paths and backup control systems to minimize downtime.
  6. Physical Repairs:
  7. Maintain spare parts inventory for key components (switches, breakers, PLCs).
  8. Have pre-arranged contractor support for emergency physical repairs.
  9. Post-Incident Review:
  10. Conduct a lessons-learned session and update plans based on findings.
  11. Adjust asset inventory and threat models as needed.


Upvote 0 Downvote
More
Report

Still looking for help? Get the right answer, fast.

Ask a question for free

Get a free answer to a quick problem.
Most questions answered within 4 hours.

OR

Find an Online Tutor Now

Choose an expert and meet online. No packages or subscriptions, pay only for the time you need.