A variety of commercially available systems can be employed to provide varying levels of security in the substation. Caution should be used when employing sensing devices that are subject to erroneous activation due to movements caused by animals, wind, seismic events, or vibrations. All wiring for electronic security systems should be installed in a manner that will ensure operational integrity and resistance to tampering.
Perimeter systems using photoelectric or laser sensing may be utilized to provide perimeter security. Overall area security may be provided by motion-sensing devices; however, great attention should be shown in the placement of these devices since animal intrusion alarms may become a nuisance and sensors may be deemed ineffective.
Video surveillance systems
Video systems can be deployed to monitor the perimeter of the substation, the entire substation area, or the building interiors. Systems of this type require 24 h monitoring, which can be a costly alternative.Video systems are available that utilize microwave and infrared to activate a slow-scan video camera. This can be alarmed and monitored remotely and automatically videotaped.
One of the more common methods utilized is an intrusion alarm on control buildings. These systems include, at a minimum, magnetic contacts on all the doors, and have the provisions to communicate through the existing telephone network or SCADA systems.
A local siren and strobe light may be located on the outside of the building to indicate the alarm condition. The system should be capable of being activated or deactivated using an alphanumeric keypad, keyswitch, or a card reader system located inside the building. All siren boxes and telephone connections should have contacts to initiate an alarm if they are tampered with.
Computer security systems
Computer security systems can be subdivided into three major components: identification, authentication, and auditing. Identification is simply a login name or user identification (user id) to determine who wants access to the information.
Authentication is the process of verifying that the person logging in is who they say they are. Finally, the audit is an attempt to verify that only authorized personnel are accessing the data through the use of separate reporting and logging systems.
Probably the most widely used and most common form of protection is the user ID and password. All security systems, regardless of their sophistication, begin with a user ID and password protection system.
However, working alone, they are also the easiest to break. Keep in mind the following points:
a) Do not use personal information, such as birthdays, names, etc.
b) Do not use common words or names.
c) Use at least four characters and preferably more.
d) Memorize them.
e) Mix symbols, numbers, and both upper and lower case letters.
f) Change the password periodically.
g) Limit the number of attempts to enter a password.
This technique provides one of the best methods of protecting a system from external access. The system is based on the intended user first calling the equipment via modem, which initiates a dial-back response by the equipment using a predetermined telephone number.
Although this technique provides increased protection from external intrusion, it provides little protection from electronic intrusion by those within the organization.
This technique allows access for information purposes to a large group while restricting authorization for modification of files to a smaller group through the use of an additional password.
A computer virus is another form of electronic intrusion. With the increased use of desktop and laptop equipment to access substation equipment, it is possible that an infected computer could spread a virus to the substation equipment. The introduction of computer viruses can be limited by the following:
a) Employing virus scanning software.
b) Scanning all floppy discs prior to use on any computer system.
c) Destroying all discs suspected of infection.
Encrypting and encoding
Where it is suspected that intruders may be able to defeat the identification and authentication security measures and gain unauthorized access to the computer, further protection may be warranted. The program or its critical data can be encoded or encrypted to block access, even after access to the computer has been gained.