RMEL Electric Energy Issue 1 2016 by Alive Publishing Group

SPOTLIGHT ON CRITICAL ENERGY ISSUES ISSUE 1 / 2016 www.RMEL.org

SECURING & PROTECTING AMERICA’S ELECTRICITY Proactive Physical Security

Protecting Substations and Bulk Electric System Assets

Stepping Up the Electric Utility Security Game

SCADA Security

Transformer Security Tactics

P�� F�� S��

Where you need us. When you need us.

½½ Ê Ãs. ½½ ÙÊã ã®Ä¦ Øç®ÖÃ Äã. Ä ó ®ÄÝã ½½ ã®ÊÄ, Ã ®Äã Ä Ä , Ù Ö ®ÙÝ, çÖ¦Ù Ý Ýã Ã | ÊÃ çÝã®ÊÄ | «ù ÙÊ | Äç ½ Ù

TçÙÄ» ù Oçã ¦ S Ùò® Ý F® ½ Ι S«ÊÖ R Ö ®ÙÝ T «Ä® ½ F® ½ AÝÝ®Ýã Ä

OÖ Ä, C½ Ä, IÄÝÖ ã, C½ÊÝ (OCIC) F® ½ IÄÝÖ ã®ÊÄ Ι AÝÝ ÝÝÃ ÄãÝ CçÝãÊÃ®þ TÊÊ½®Ä¦

Ö ÊÖ½ . Ý ¥ ãù. Øç ½®ãù. Ý « ç½ . ò ½ç .

Oçã ¦ M Ä ¦ Ã Äã Ι P½ ÄÄ®Ä¦ CÙ ¥ã SçÖ Ùò®Ý®ÊÄ Ι L ÊÙ S « ç½®Ä¦ [ÖÙ®Ã ò Ù Ö6, ÃÝ ÖÙÊ¹ ã]

877.363.5702 | óóó.ãçÙ ®Ä ÖÙÊÝ. ÊÃ

contents

29 22

FEATURES 12 Current Issues within Utility Physical Security By Jay Spradling, Security Manager, SRP

16 Responsible and Cost-Effective Means to Protect Substations and Bulk Electric System Assets By Keith Cloud, Chief Security Officer, Western Area Power Administration

22 Moving Beyond Awareness: What the Electrical Industry Can Do to Step Up Its Security Game By John B. Dickson, CISSP, Principal of Denim Group, Ltd.

29 How to Secure Your SCADA System Cyberattack mitigation techniques and intrusion detection methods can help protect your control system devices and networks. By Tom Bartman and Kevin Carson, Schweitzer Engineering Laboratories, Inc.

34 Power Transformer Physical Security Prototype Recovery Transformer and Ballistic Protection Solutions Offer Practical Solutions to Enhance Substation Resiliency By Craig L. Stiegemeier, Director of Technology and Business Development, ABB

ELECTRIC ENERGY | SPRING 2016

DEPARTMENTS. 06 Presidentâ&#x20AC;&#x2122;s Message 08 Board of Directors and

Foundation Board of Directors

10 2016 Spring Management, Engineering & Operations Conference

42 RMEL Membership Listings 45 2016 Calendar of Events 46 I ndex to Advertisers OPINIONS EXPRESSED IN ELECTRIC ENERGY MAGAZINE DO NOT NECESSARILY REFLECT THE OPINIONS OF RMEL OR HUNGRY EYE MEDIA.

RMEL INFORMATION

President’s Message DEAR RMEL MEMBERS AND PARTICIPANTS, For the past 113 years, membership engagement has been the cornerstone of RMEL’s success. I am proud to see that continued success and excited about the potential for 2016. Looking forward, RMEL is well positioned to deliver on its commitment to facilitate the discovery of solutions and strategies for vital issues facing the electric utility industry. As the RMEL Foundation continues to break records in dollars raised the RMEL Foundation Silent Auction and RMEL Golf Tournament, you’re going to see more scholarships given in new ways that best benefit the industry. For example, in 2016 there will be more craft scholarships awarded. The RMEL Foundation Named Scholarship Program is also seeing some exciting growth with a South Dakota School of Mines & Technology (SDSM&T) Scholarship, which was set into motion by a SDSM&T alum’s anonymous donation of $100,000 to the RMEL Foundation. Platte River Power Authority started Named Scholarships in 2016. They join Named Scholarship Companies: Babcock Power; Black & Veatch Corp., Burns &McDonnell, Kiewit, Ulteig and Zachry Group. Nearly 400 high school and college students applied for scholarships this year. Remember that RMEL members have access to the RMEL Foundation’s National Electric Energy Career Jump Start Directory, which is a vetted list of scholarship applicants from across the country. Contact RMEL at (303) 865-5544 to gain access to this important list. I hope it’s gratifying to all of you to see how your support of the RMEL Foundation is helping to grow the industry. Since the inception of the scholarships 15 years ago, the Foundation has awarded a half-million dollars to deserving students! For 2016, the Spring Management, Engineering and Operations Conference is coming home to Colorado, May 15-17th at the Hyatt Regency Denver Tech Center in Denver, CO. Former NBA All-Star Mark Eaton is this year’s keynote speaker, and he has a powerful leadership message that benefits everyone in our industry. New this year, we are connecting the keynote message

ELECTRIC ENERGY | SPRING 2016

to RMEL in more ways than one. For the first time, the keynote speaker will also facilitate a strategy session with current and past winners for RMEL’s Emerging Leader Award. We are excited to start adding even more value from keynote speakers in ways like this. The theme of the 2016 Fall Executive Leadership and Management Convention is The Evolution of American Power: Reliability, Resiliency, Reinvention. The program will offer a multifaceted look at our American Power Industry as we now stand in a time when so many different scenarios can play out. We have a part in the electric energy future, and executives who attend this event will have an opportunity to stand together and discuss strategic approaches to new and existing challenges. As we look at 2016 and beyond, we are pleased to welcome four new directors on RMEL’s Board – Scott Heidtbrink, COO, Kansas City Power & Light; Elaina Ball, Interim COO, Austin Energy; Susan Gray, VP, T&D Operations/Engineering, UNS Energy Corporation; and Mike Kotara, VP, Business Development, Zachry Group. All four of these new directors represent very active RMEL member companies, and I am looking forward to having them join the conversation with their new perspectives. Thank you for continuing to support fellow RMEL members, staff and Board Members. Together, we are preparing for vital issues facing our industry and are investing in the scholarship recipients, employees, emerging leaders, managers and executives that will face these challenges. I look forward to seeing you at upcoming RMEL events. Sincerely,

Anthony Montoya 2015-2016 RMEL President Executive VP and Chief Operating Officer Western Area Power Administration

WE LISTEN. WE SOLVE.â&#x201E;˘ With over 70 years in the engineering industry, our clients choose Ulteig to improve the design and reliability of critical infrastructure and deliver vital engineering, program and technical solutions.

www.ulteig.com | 888.858.3441

RMEL INFORMATION

RMEL Board of Directors OFFICERS PRESIDENT Anthony Montoya Western Area Power Administration COO PRESIDENT ELECT Jon Hansen Omaha Public Power District VP, Energy Production & Marketing PAST PRESIDENT Stuart Wevik Black Hills Corporation VP, Utility Operations VICE PRESIDENT, FINANCE Tom Kent Nebraska Public Power District VP & COO

VICE PRESIDENT, EDUCATION Joel Bladow Tri State Generation and Transmission Assn. Sr. VP, Transmission VICE PRESIDENT, VITAL ISSUES Mike Hummel SRP Associate General Manager VICE PRESIDENT, MEMBERSHIP Scott Fry Mycoff, Fry & Prouse LLC Managing Director VICE PRESIDENT, MEMBER SERVICES Kelly Harrison Westar Energy VP, Transmission

DIRECTORS Elaina Ball Austin Energy Interim COO

Mike Kotara Zachry Group VP, Business Development

Paul Barham CPS Energy Sr. VP, Energy Delivery Services

Tammy McLeod Arizona Public Service VP, Resource Management

Doug Bennion PacifiCorp VP, Engineering Services & Asset Management Tim Brossart Xcel Energy VP, Construction Operations & Maintenance Susan Gray UNS Energy Corporation VP, T&D Operations/ Engineering Scott Heidtbrink Kansas City Power & Light Executive VP & COO

Andy Ramirez El Paso Electric Company VP, Power Generation Jackie Sargent Platte River Power Authority General Manager Dan Schmidt Black & Veatch Corp. Sr. VP, Power Generation Services Neal Walker Texas New Mexico Power President, TNMP SECRETARY Rick Putnicki RMEL Executive Director

ELECTRIC ENERGY | SPRING 2016

Foundation Board of Directors

OFFICERS PRESIDENT Paul Compton Kiewit Sr. VP, Business Development

CHAIR, MEMBER DEVELOPMENT Mike Jones SRP Director

VICE PRESIDENT, FINANCE Kent Cheese Bureau Veritas North America, Inc. VP, Sales

CHAIR, SCHOLARSHIP Karin Hollohan Platte River Power Authority Director, Corporate Services

CHAIR, FUNDRAISING Jim Helvig AMEC Foster Wheeler Director, Power Delivery

DIRECTORS Bob Gresham Zachry Group VP, Engineering Development

Kevin Noblet Kansas City Power & Light VP, Generation Services

Kelly Harrison Westar Energy VP, Transmission

Rick Putnicki RMEL Executive Director

John Johnson Black & Veatch Corp. VP, Power Generation Services

STAFF LIAISON James Sakamoto RMEL Coordinator, Analytics and Communications

www.RMEL.org Published Spring 2016

PUBLISHED FOR: RMEL 6855 S. Havana St, Ste 430, Centennial, CO 80112 P: (303) 865-5544 F: (303) 865-5548 www.RMEL.org

Kathryn Hail EDITOR (303) 865-5544 kathrynhail@rmel.org Electric Energy is the official magazine of RMEL. Published three times a year, the publication discusses critical issues in the electric energy industry. Subscribe to Electric Energy by contacting RMEL. Editorial content and feedback can also be directed to RMEL. Advertising in the magazine supports RMEL education programs and activities. For advertising opportunities, please contact Susan Wist from HungryEye Media, LLC at (303) 378-1626.

P U B L I S H E D BY:

www.hungryeyemedia.com

800.852.0857 Brendan Harrington PRESIDENT

Susan Wist ACCOUNT EXECUTIVE

(303) 378-1626 susanwist@hungryeyemedia.com Lindsay Burke ART DIRECTOR

Susan Humphrey MARKETING OPERATIONS MANAGER

2016 SPRING CONFERENCE

RMEL’s Spring Conference Returns to Colorado in 2016 DENVER, CO.

Denver, CO May 15-17, 2016

OIN 300 MEMBERS OF RMEL’S trusted community to learn, network and discover solutions at RMEL’s Spring Management, Engineering and Operations Conference, May 15-17, 2016 in Denver, CO. If you are managing people or projects, engineering, planning or operating systems in the electric utility industry, this conference is for you. The Spring Management, Engineering and Operations Conference has been a tradition since RMEL’s early beginnings. Known for providing outstanding continuing education and networking opportunities, this conference is a must-attend event for engineering, operations and management personnel in the electric energy industry. With 30 presentations, this conference covers issues in generation, transmission, distribution, safety, customer service, human resources and other management topics. The timely topics and breakout structure of the conference allow attendees to

ELECTRIC ENERGY | SPRING 2016

customize their education experience to focus on presentations and resources that address their needs. Ample time is also provided to network with industry peers and visit with exhibitors. The event will feature a keynote presentation on the Four Commitments of a Winning Team from NBA All Star Mark Eaton, President, 7ft4.com. In this highenergy, insightful presentation, Mark shares how he rose from auto mechanic to NBA All-Star and, after twelve amazing years with the Utah Jazz, reinvented himself and became a business leader, entrepreneur, radio and TV personality and subject of a soon-to-be released film. You’ll experience the excitement and drama of how he challenged himself and his beliefs and found the courage to keep going and achieve success beyond anything he thought possible. Imagine the value as you discover: · What it takes to consistently play at the top of your game

· How to build trust and loyalty · The secret to establishing an inspiring, energizing and harmonious work environment An Executive Leadership Panel will feature Jason Frisbie, Chief Operating Officer, Platte River Power Authority; Paul Lau, Cheif Grid Strategy & Operations Officer, Sacramento Municipal Utility District; Eric Tharp, Chief Energy Services Officer, Colorado Springs Utilities and Ken Wilmot, Director, Power Production, Associated Electric Cooperative, Inc. Educational breakout sessions will take place in three tracks: generation; transmission and distribution; and management. The slate of generation track presentations will guide attendees through topics like a Photovoltaic Utility-Scale Solar Panel, Decommissioning Power Plants – What to Consider, The implications of Environmental & Renewable Regulation in the

Association is Training, Developing, Mentoring, Attracting, and Retaining Engineers in the Workforce; Clean Power Plan Update; Where do We go When the Coal Stops Burning; Reviving the Onboarding Experience; The Changing Customer Profile; Rethinking Rates; and Execution Models for Integrating Renewables. This event offers something for every person in the utility industry, whether you need to make the right contacts or find the right answers. Utilities of all types of ownership participate including IOU, G&T, municipal, cooperative and others. Vendors of all types are valued participants in the conference and community dialogue to improve operations and enhance customer service.

providing electrical

construction

since

1977

co ok tx

NETWORKING GOLF OUTING Enjoy a golf outing at Arrowhead Golf Club on May 15th. The format will be a four-person scramble and proceeds will benefit the RMEL Foundation scholarship program. Power Generation sector on Natural Gas Transmission, First On Last Off: GRDA’s New Combined Cycle Unit 3, Utility Data Analytics – Beyond the Business Case, SOx, NOx and Hg Controls – Operating Experience at Xcel Energy’s Pawnee Station, Colorado’s 2015 State Water Plan; and Effluent Limitation Guideline - a Case Study for a Mid-size Coal Plant. In the T&D Track, look forward to topics like a Physical & Cyber Security Panel; Dynamic System Stability with Variable Generation Study; Life Cycle Strategies to Manage T&D Assets; Distribution Volt VAR Control and Optimization; Future Grid – Technologies, Architectures & Opportunities; SolarRewards Community – Providing Customers Choice; FERC Order 1000: Perspectives on Competitive Transmission Development; and Unmanned Aerial Systems (UASs) and Utility Operations. The third track of presentations, focused on management, covers a Utility Core Competency Panel; How Tri-State Generation & Transmission

GUESTS AND SPOUSES ARE WELCOME Bring your guest to the 2016 Spring Management, Engineering and Operations Conference. If your guest registers for the full conference, they are registered for all meals and the Champions Receptions on Sunday and Monday. If they register for an individual day, they will be registered for meals and the Champions Reception for that day only. Guest registration prices simply cover the cost of meals. Guests can also register for the Guest Activity. More details about the Guest Activity will be available soon. All attendees will receive a continuing education certificate. The certificate provides professional development hours based on participation. For more information and to register for the Spring Management, Engineering and Operations Conference, go to www.RMEL.org or call (303) 865-5544.

W W W. R M EL .O R G

CURRENT ISSUES WITHIN UTILITY

PHYSICAL SECURITY By Jay Spradling, Security Manager, Salt River Project and WECC Physical Security Working Group Chair

ELECTRIC ENERGY | SPRING 2016

N RECENT YEARS OUR INDUSTRY has put a lot of emphasis on cyber security and rightly so. Having the ability to remotely access our systems or information could be devastating. Yet, as the 2013 attack on a California substation showed us, we cannot let our guard down on the physical security front. There continue to be physical threats that we should both plan and prepare for.

SUBSTATION PROTECTION A large portion of the nation’s electric infrastructure is in open and often remote areas. From a true security perspective, much of what is in place to protect these assets is more about safety than security. Someone intent on committing a crime would often meet with little resistance. The NERC CIP-014 standards were designed to better protect our most critical infrastructure. This can be achieved using the well-known security mantra of “Deter, Detect, Delay.”

DETER Ideally, the stronger presence you are able to mount, the less likely you are to have an attack. Simply put, a 6 foot chain-link fence is not the same as a 10 foot masonry block wall. Creating a strong perimeter not only better protects from a possible attack or sabotage, but also from more common incidents like metal theft or stray bullets from hunters. If deciding to bolster your perimeter fencing, do not forget to invest in better protection of the weakest point of a fence line, the gates. Crash rated gates and duel gate vehicle trap systems are strong considerations depending on the asset.

DETECT Even with a strong perimeter deterrence, a suspect may still make an attempt to enter a facility or site. Knowing that this is occurring as soon as possible allows for a quicker response by security personnel or law enforcement.

There are some excellent forms of detection on the market today. They include motion sensors, ground sensors, fence vibration or inertia sensors, radar, video analytics, microwave, gunshot detection systems, etc. To avoid unnecessary false alarms, care must be taken to select the best application for the environment.

DELAY A strong perimeter system, coupled with a good detection methods, can delay an attack long enough for a security or law enforcement response. But, what happens if the remote nature of the site could result in a longer than normal response time by law enforcement? There are technologies to help delay an intruder. A couple of notable ones are acoustic hailing devices and laser dazzlers. Acoustic hailers are loudspeakers that can be used to give a directed message to an intruder. For example, “You in the blue sweatshirt. Back away from the fence.” If the subject does not respond appropriately, a hailer can also emit intense sound waves that make it uncomfortable to carry on with what you are doing without covering your ears. This should prevent a suspect from tasks like climbing a fence

or holding a weapon. Dazzlers are devices that shoot laser light intended to temporarily blind or disorient a potential trespasser or attacker. Both of these devices can effectively delay an intruder while a human response is in progress. CIP-014 is still new, but is fully expected that changes and additions will come with maturity. Right now the standards are fairly flexible for the owner/operator. Yet, many believe that the standards will get much more prescriptive as the industry improves in this area. It is also believed that the standards will also incorporate generation over time.

THREATS TO GENERAL INFRASTRUCTURE Security professionals are also preparing for many other forms of attacks on our infrastructure. These include Electromagnetic Pulse (EMP), Unmanned Aerial Vehicles (UAV) or Drones, and even simple threats like the partial cutting or dismantling of utility poles for later collapse.

PROTESTS Protests and acts of civil disturbance against utility companies are becoming much more commonplace. Issues like

W W W. R M EL .O R G

the environmental concerns (coal and land management), big business (Occupy Movement), and policy decisions (rate hikes) are among some of the causes that have been taken on by protesters. In many cases these protesters are made up of citizens that just want to be heard on a topic. However, utilities need to be prepared for the “professional” protesters that are attracted to these events. These individuals often come prepared with gas masks, battle plans for getting media coverage, and methods of locking themselves to each other or fixed objects at the site. In many cases there are also those that have been predetermined to be arrested when the time is right. One of the primary tactics of these individuals is shut business down for some period of time. A part of a good security plan will include a business continuity plan to continue work if portions of the business are shut down by protestors.

ACTIVE SHOOTER/ WORKPLACE VIOLENCE Sadly, another thing today’s physical security professional should be prepared for is an active shooter or workplace violence incident. The number of incidents has continued to climb over the last few years. And, unfortunately, demographics like the locations of attack or the suspect’s relationship to the victim/s do not favor the utility industry. Good overall security practices are a deterrent to these types of crimes. That could include security measures like a uniformed guard force, cardkey access, cameras, and policies and procedures on workplace violence. Yet, education is an excellent and often overlooked tool to keep employees safe. Panic and/or moments of indecision can be deadly. An employee is much better prepared to survive an incident when they have given the topic some thought beforehand and have a mental plan of what they would do. A great primer on this issue can be viewed on YouTube with the “Run Hide Fight” video created by the City of 14

ELECTRIC ENERGY | SPRING 2016

Houston. The video highlights the three primary responses you have no matter where the incident may be occurring. Other tactics to be considered by an organization include having a Threat Management Team, an insider threat program, and strong security protocols around employee terminations.

CLOSING THOUGHTS The single most important aspect of both good physical and cyber security is each of us. Any security technology, policy, or protocol can be circumvented by an employee.

Common examples include forgetting to reset an alarm system, allowing others to “tailgate” through a card-key access system, giving out a password or pin, or failing to report suspicious activity. Even giving out too much information about your work or your employer over social media can create an increased risk of social engineering or manipulation against you or your company. By being a good advocate for good security practices, you increase the overall security culture of your company and lower the chances of an incident occurring.

Responsible and Cost-Effective Means to Protect Substations and Bulk Electric System Assets By Keith Cloud, Chief Security Officer, Western Area Power Administration

ELECTRIC ENERGY | SPRING 2016

NE OF THE CHALLENGES in today’s rapidly evolving threat environment as it pertains to effective mitigation and protection strategies for our Bulk Electric System (BES) assets is the cost impacts associated with protection. These costs can influence customer rates as well as overhead and operating revenues for an entity. The balance between effective protection and associated costs does not have to be a burden for an organization provided it uses a risk-based approach to mitigation. Risk is simplified as a study of threat, vulnerability and impact or consequence specific to an asset. First, an entity needs to understand just what it is protecting against; the overall impact of the loss of an asset determines its criticality. How an entity determines criticality and impact should be managed and collaborated across the organizational enterprise. Further, an entity should not determine on its own which impacts might occur from a catastrophic event. Instead, the security element should work with stakeholders in the organization to determine critical assets. Criticality of an asset can be categorized into simple levels: low, medium and high. Each of those categories should have a defined baseline level of protection package assigned to its mitigation strategy. This means each level should have a subset of protection strategies to be applied to mitigate a predefined set of threat scenarios. Once criticality is assigned, the organization needs to assign the asset to corresponding level of protection and baseline mitigations strategies. Then, actual assessments can be initiated. At Western, our security team uses the risk-based approach to each individual asset in order to maintain a defendable, responsible and cost effective physical security protection. Our assessments begin with a threat vector analysis. We incorporate 30 defined threats, assessed specifically to the site; not to the facility

type nor to the criticality level. This is important. “Threat” can be any circumstance or event that can cause harm to the asset. The threat vector analysis is not just assessing the threat, but also an adversary’s intent, capability and probability of carrying out an attack on the specific BES asset and its site. This includes an analysis of several facets of the threat scenario, including an adversary’s ability to acquire the resources to carry out the attack and his technical ability to actually employ those resources. Once the assessment team analyzes each of these threat scenarios, each scenario is assigned a threat vector score indicating the potential likelihood of the threat becoming actualized against the defined asset. The next study requires an actual analysis of the asset to determine what vulnerabilities exist in relation to the threat vector analysis. Vulnerability is, simply, any means by which an adversary can exploit existing conditions in order to carry out an attack and promote success in the attack. This entails an onsite review of existing mitigation strategies and the physical plant as well

as other measures and systems that can lend to the success of the attacker. The assessment should always focus on the specific threats reviewed in the threat vector analysis. If the decision is made to approach this study from an all-hazards approach, not just manmade events, then the assessment becomes much more involved, but the process remains the same. Once this analysis is complete, it is time to begin to match the numbers / rankings from all these studies. Analyzing all this data is simplified through math and a variety of models, which exist to illustrate the impact of increasing protective measure in the risk equation. The methodology, software tools, training, and personnel requirements may be unique to the agency. The methodology chosen should adhere to the fundamental principles of a sound risk assessment. It must be credible and assess the threat, consequences and vulnerability to specific acts. It must be reproducible and generate similar or identical results when applied by various security professionals. Further, it must be defendable, providing sufficient justification

W W W. R M EL .O R G

RMEL Ad 2

The average Nebraska homeowner pays about $3.56 to keep the lights on, the appliances running, and the room temperature perfect for 24 hours. A drive-thru meal costs more than that. Affordable energy costs benefits everybody, and thatâ&#x20AC;&#x2122;s what public power is all about.

ELECTRIC ENERGY | SPRING 2016

for any deviation from the baseline. The determination of risk for each undesirable event should be mitigated by countermeasures providing a commensurate Level of Protection (LOP). The LOP is determined by risk; the higher the risk, the higher the LOP. The overall security level determination is an estimation of the level of risk at a facility. The baseline LOP is intended to mitigate that estimated risk before a site specific analysis is done. Next, the organizationâ&#x20AC;&#x2122;s security team should determine whether countermeasures contained in the baseline LOP adequately mitigate known or anticipated risks to the asset being analyzed. The baseline LOP may be too high (more stringent than necessary) or too low (leaving a vulnerability unmitigated), compared to the level of risk. Variations in the nature of mission, location, and physical configuration of a facility may create unique risks, or risks that are relatively higher or lower in some cases than at other facilities with the same level of risk. The baseline LOP may not address those risks appropriately. It may provide too little protection (e.g., the baseline LOP is medium, but the assessed risk to larceny is very high), resulting in an unmitigated risk. On the other hand, it may provide more protection than is necessary (e.g., the baseline LOP is medium, but the assessed a ballistic attack is very low), creating an unnecessary expenditure of resources and reducing availability of resources that could be applied elsewhere. However, unmitigated risk and waste can be negated by determining the necessary LOP according to a risk assessment. Identified excess resources in one risk-area then can be rolled over to underserved areas ensuring cost effective implementation of the overall security program. Risk acceptance is an allowable outcome of applying this risk management process. In this industry, every day, the decision to accept risk is taken seriously and at full value. The threat to Federal facilities is very real. Nevertheless, it must be understood that the decision to accept that level of risk could have serious consequences. Therefore, it is critical that decision-makers obtain all the information they deem necessary to make a fully informed decision. With that, it is also understood that multiple competing requirements, standards, and priorities cannot always be reconciled. All budgets have some limitation, and political and mission requirements cannot be ignored. This is why all project documentation must clearly reflect reasonable justifications for not fully implementing an LOP, if that is a final decision that is made. Just as it is extremely important to completely document the rationale for accepting

PERSPECTIVE

INNOVATION

RESULTS

The requirements for a successful strategy... Today’s complex global business environment, rife with mega-mergers, divided loyalties, relationships of convenience and ever-changing trends that affect how companies do business, proves to be a worthy opponent. We’ve been told that, “ERG is always two moves ahead of the game.” cial and Energy & Resource Consulting Group, LLC (ERG) provides economic management consulting services to utilities, insurance ancial institutions, law private developers, governmental, and industrial entities involved in the energy industry. ERG’s highly experienced professional consultants bring to every client engagement the s of Perspective, Innovation and Results — vital attributes that are a strategic advantage to achieve optimum results. Contact us today to plan your next move.

Energy & Resource Consulting Group, LLC Engineering, Financial & Management Consultants 8055 E. Tufts Avenue, Suite 1250, Denver Colorado 80237 303-843-0600 • email: info@ergconsulting.com • www.ergconsulting.com

We require our students to do more than learn their program of study. Our students live it - through internships, research, and hands-on experience in our state-of-the-art labs. Our teachers know what you need for your workforce.

success starts here. Norfolk, Nebraska 402-371-2020 | northeast.edu 20

ELECTRIC ENERGY | SPRING 2016

risk, including alternate strategies considered or implemented, and opportunities in the future to implement the necessary LOP, it is equally important to outline decisions against accepting that risk. The days of ‘gates, guns and guards’ are long gone; Nowadays, the best approach isn’t necessarily throwing everything, including the proverbial “kitchen sink” at a problem, but rather critically analyzing the situation, with decision makers, from the perspective of “deter, detect, assess, delay and respond.” This is why a true analysis in a collaborative environment is key and critical to protecting substations and BES assets. The best decisions result when the security team and decision makers of an organization have full collaboration. For any recommended countermeasure, the security team must provide all information pertinent to the decision, which includes the nature of the threat, the specific vulnerabilities that must be addressed, a complete understanding of the potential consequences,

and the costs. The asset owner has the ‘need-to-know’ information in order to make as informed a decision as possible. By working together in this kind of mutually beneficial partnership, the security team, the decision makers, and the organization as a whole can best determine the appropriate, most strategic and cost effective approach to implementing an agile risk-management system. Western institutes this philosophy regularly so that we can concurrently ensure our approaches to mitigation and security are beneficial and reduce unnecessary waste. We are building a strong security culture, to compliment the already strong safety culture in the industry. Our efforts have gained the attention of the U.S. Department of Energy and other utility partners, who are beginning to work with us on rolling out new approaches and methodologies, collectively, for superior protection of substations and BES assets. With such cooperation, we all can continue to safely and securely protect and power the energy frontier.

F O C U S E D O N O U R C U S TO M E R S, POSITIONED FOR THE FUTURE. Our commitment to serving rural America has never been stronger than it is today. We continually strive to be a trusted advisor to cooperative electric utilities and the consumers they serve. And when those

Nivin Elgohary Senior Vice President, Electric Distribution, Water & Community Facilities (202) 650-5867 nelgohary@cobank.com

cooperatives need a financial partner that understands their unique challenges, CoBank is there to meet their business needs.

Todd Telesz Senior Vice President, Power, Energy and Utilities Division (303) 740-4327 ttelesz@cobank.com

www.cobank.com

MOVING BEYOND AWARENESS:

WHAT THE ELECTRICAL INDUSTRY CAN DO TO STEP UP ITS SECURITY GAME BY JOHN B. DICKSON, CISSP, PRINCIPAL OF DENIM GROUP, LTD.

HAT DO A SMALL DAM IN

upstate New York and three Ukrainian power stations have in common? They were both on the receiving end of a cyber attack likely initiated by a nation state. Although rarely proven that a certain nation state was a perpetrator, it is widely assumed that only nation states were likely involved given the confluence

ELECTRIC ENERGY | SPRING 2016

of national interests combined with the level of resources and sophistication involved in the attack. They should also serve as wakeup calls for an industry that is poorly equipped to defend against sophisticated attackers who have deeply talented players and significant resources. Unfortunately for our country, and the electrical industry specifically, nation state attackers are

the most likely adversary to prosecute an inevitable attack against our critical infrastructure. It will not likely be the organized Eastern European criminal hacker consortia because thereâ&#x20AC;&#x2122;s little money involved. It will not likely be "Hackavist" organizations like Anonymous or Lulzsec because they have more pressing agenda items, like attacking certain presidential candidates.

It will likely be nation state players China, Russia, and Iran - in that order, and when it happens it will be too late. Why is the electrical industry, as a whole, behind other industries in its preparation against cyber attacks? I would argue that the threat remains abstract and over the horizon for the industry â&#x20AC;&#x201C; breaches are still something that happen to others,

which is not the case in other sectors. Other sectors perceive the threat to be real and organizations are under constant attack, and have been so for years. If you engage with most military leaders they understand the cyber security threat because they have been defending against the most sophisticated attacks, namely from other nation states, for nearly two

decades. To give you some sense of history, I served in the U.S. Air Forceâ&#x20AC;&#x2122;s Computer Emergency Response Team (AFCERT) in the late 1990â&#x20AC;&#x2122;s when the af.mil domain was one of the top five attacked domains on the Internet. The U.S. military has been constantly under attack for nearly 20 years, so they understand the threat. If you were to visit with security leaders at

W W W. R M EL .O R G

banks or financial institutes, they would also understand how deeply important cyber security is to their businesses. Daily, they withstand barrages of attacks. They continually face social engineering and phishing attacks designed to trick their customers into sending fraudulent wire transfers and the like. Contrast that will the electrical industry, where the attacks are less frequent, but the attacker is more likely to gain access, maintain and stay below the radar screen, keeping for a potential future attack when the geopolitical situation warrants. This is the scenario that worries our national security leaders most. Why do I feel so strongly about the topic cyber security in the electrical industry? I’ve been in the information security arena for over 20 years. Although the field is now called “cyber security” by most, it’s essentially the same space. I have helped organizations over the last 20 years protect themselves from outside attackers who use electronic means to disrupt, deface and knock down organizations. As part of protecting these organizations, I typically am able to conduct rigorous technical testing to find security holes – or vulnerabilities – before the attackers do. Nothing provides a more accurate picture of the security health of an organization that a technical test that mimics how attackers – hackers in the public parlance – would view the organization. These tests can come in many forms, from top-to-bottom technical assessments, to penetration tests, to the use of “hunt teams” to find malware that is already installed in a network. In my opinion, this viewpoint is the “ground truth” of an organization’s security posture – it separates public pronouncements and rhetoric from the sobering truth of what’s actually out there facing the public, potentially at risk for exploitation. I have helped organizations in numerous industries including banks, financial services, insurance companies, state government agencies, Department of the Defense organizations, and electrical providers, to name a few. In the electrical provider arena, I’ve had the opportunity to help investor owned utilities, municipally owned utilities, and coops, via a variety of security services, most notably technical security testing. I’ve come to the conclusion that as a group, the electrical industry is far behind that of other industries in the cyber security realm. The severity and number of vulnerabilities that we typically find in typical assessment of an electrical utility are order of magnitude worse than we find in financial services or retail clients. Examples include: 24

ELECTRIC ENERGY | SPRING 2016

Outdated wireless encryption protocols (WEP) installed in wireless access points years after these protocols have been compromised. Pernicious web application vulnerabilities such as SQL injection hanging off customer payment portals. Highly exploitable web and network vulnerabilities that repeatedly show up in test after test, leading us to wonder if they were ever fixed or were reintroduced via broken production deployment processes. Outdated, end-of-life, security equipment that is highly exploitable by attackers attached to production IT networks. As security practitioners that conduct a tremendous amount of security testing, we are constantly reminded how different our electrical clients look versus everyone else that we test. Unfortunately, that is in spite of the stakes and role that the electrical industry plays in society. They – literally – keep the lights on! I’m not alone in this assessment. In November 2014 in one of his first public speeches, the newly-minted Director of the National Security Agency and the Commander of U.S. Cyber Command, Admiral Rogers, stated publicly that one of things that keeps him up late at night is thinking about

DELIVERING A DIVERSE, SAFE, RELIABLE SUPPLY OF ELECTRICITY. When Portland General Electric decided to integrate renewable resources into their system and build a versatile source of power to complement an existing combined cycle unit near Clatskanie, Oregon, they called on Black & Veatch. Delivering engineering, procurement, construction (EPC) and startup for PGE’s Port Westward Unit 2, Black & Veatch applied an efficient technology capable of quick starting and fast ramp‑up and ramp‑down rates to fulfill the electric grid’s need for flexibility. The end result also supports PGE’s commitment to its renewable portfolio requirements.

Visit bv.com/portwestwardunit2 to learn more.

our vulnerable critical infrastructure. Specifically, he singled out the electrical industry as one particular area of concern. If anyone should know, I would argue, it’s the Director of the NSA. My hands-on experience working with numerous electrical providers mirrors his concern. Because I have the vantage point of being able to compare and contrast electrical utilities with commercial companies, I have a more acute understanding of how vastly different they are. How has the electrical industry arrived at this point? I’ve stated publicly before, the electrical industry shares many of the same security challenges as other industries. However, as a group, they also have a risk profile that makes them singularly unprepared for sophisticated threats. This risk profile includes: Moving from a closed to more open systems. Most electrical providers have had two production networks, namely the IT production network based upon Internet concepts and TCP/ IP, and the more closed electrical production network used for the production and transmission of electrical power. For some time, these were separate networks, but that is changing with smart meter initiatives and advanced metering infrastructure. As a result, the electrical production networks of most providers are more connected than they have ever been. The ability for an attacker to gain access to the IT production network and hop to the production electrical network has never been higher. Not to mention the complexity of such combined systems are understood by an increasingly smaller number of senior IT leaders within electrical companies. False sense of security. Because there have been so few high-profile breaches in the electrical industry and the perception that breaches happen to other organizations, a false sense of security exists in many purveyors. However, a

ELECTRIC ENERGY | SPRING 2016

recent McAfee and Aspen Institute survey of industry leaders revealed that roughly half believe that a major attack will occur against U.S. infrastructure within three years that results in loss of life. Although many electrical leaders are aware of the threat, that awareness has yet to translate to meaningful security investment to make up for the years of technical security debt that exists. Also, FERC security standards are a great baseline, but organization relying exclusively on FERC standards to address all cyber security risks are likely going to fall short. Too much trust in vendors. One observation I’ve made working with the electrical industry is a strong trust that production engineers have with large systems and product vendors such as Siemens and GE. There is nothing wrong with strong vendor relationships, but rarely have I observed that these vendors are asked the rigorous security questions that their IT counterparts ask of their vendors. In the IT world, security leaders ALWAYS question vendor claims because they have been burned too many times when vulnerabilities are exposed in production systems and software. These are three attributes that are somewhat unique to the electrical industry that contribute to the current state of affairs. Although the trend is changing for the positive, there’s much ground to make up, and time is largely not on the side of the electrical utilities. Having said that, there are several strategies that industry leaders can consider that might accelerate the maturity of their cyber security posture. Several strategies include, but are not limited to: Make cybersecurity a Board and Leadership team issue. In most commercial companies, cybersecurity is regularly discussed at the Board level and has become a central business risk issue. CEO’s and CFO’s have become savvy and regularly ask their CIO colleagues to characterize the cybersecurity risk they are facing. This is less so in the electrical industry, where cybersecurity is a less frequently addressed risk issue. Making cybersecurity a priority given the potential threat will align the organization and help address accrued technical security debt. Conduct regular, rigorous technical security testing. Although FERC compliance is necessary and helpful, it doesn’t fully address the entire risk of cybersecurity breach, or worse, disruption. The true understanding of what is exposed to attack can only be quantified by deep technical testing, either through third parties or via an internal security testing time. At a minimum this includes testing of the exposed network, as well as applications, both web and mobile, that might be externally facing. Sophisticated

commercial companies test regularly via internal teams, and augment that testing via a portfolio of different external testers. This overlapping testing catches potential vulnerabilities at all levels of production and assumes certain vulnerabilities might make it into production. Continually monitor your IT and electrical production networks. Hire the best security talent you can afford and constantly monitor your internal IT network and all aspects of your electrical production network to identify ongoing attacks. Assume that attackers will get through what perimeter defenses you have in place, and actively hunt for malware in your production network. Deeply understand your baseline network operations so you can identify anomalies that could indicate a broader attack on your systems. Conduct Information sharing. One way to better understand the threats facing the electrical industry and to better prepare for these threats is to actively participate in industry information sharing opportunities. The Electrical Sector Information Sharing and Analysis Center (E-ISAC) provides sector-specific threat intelligence and collaboration opportunities that will provide more context to help organizations better protect themselves. One of the value

adds of the E-ISAC is access to great case studies â&#x20AC;&#x201C; it was this organization that provided the most in-depth analysis of the Ukrainian power disruption, for example. Build Your Smart Meter Infrastructure with Security in Mind. For those that have not already embarked on the smart meter journey, now is the time to build a system from ground up with security in mind. Industry studies have shown time after time that if an organization builds software or security correctly the first time, it saves countless dollars that would have been spent fixing bugs at the last second. Giving the privacy concerns, and more complex network topology, industry leaders are well served to ask security questions about the design and rollout of smart meters. These are but a few potential strategies that electrical utilities can implement to better prepare for a more complex and dangerous operating environment. Cyber security has become a central risk issue for most businesses, and will be more so for electrical utilities in the not-to-distant future. While that future plays out, industry leaders should consider taking a page out of the playbook from their commercial company counterparts and have more serious discussions about how to protect themselves, and follow those discussions with more concrete action.

W W W. R M EL .O R G

Powerful connections. From concept to completion, our professionals plan, design and build as your partner to meet and exceed your expectations. Learn more at burnsmcd.com/RMEL.

Offices Worldwide

Cyberattack mitigation techniques and intrusion detection methods can help protect your control system devices and networks. BY TOM BARTMAN AND KEVIN CARSON, SCHWEITZER ENGINEERING LABORATORIES, INC.

safe and reliable electric power system is essential for the economic well-being of any community, region or country. Utilities realize this, and securing the power system against cyberattacks has become a significant area of focus for the power industry. Fortunately, the threat environment is similar for every utility regardless of size or service territory. Whether the organization is a rural cooperative or large

investor-owned utility, cyber threats, attack vectors and their mitigation techniques are the same, and protection of the power system comes down to the protection of the tangible and intangible assets of industrial control systems. Industrial control systems (ICSs) are responsible for safe and reliable operation of many critical infrastructure services; theyâ&#x20AC;&#x2122;re the backbone of the electric power system, water and gas systems and manufacturing and production

W W W. R M EL .O R G

systems. While protection and security of physical assets is important, the threat of an availability loss is equally crucial. A loss of availability is a loss of revenue and could lead to a significant impact to an organization.

SCADA SYSTEMS Communications protocols are necessary for the movement of electric power, gas and oil and for transportation, making SCADA an attractive target for attacks. In recent years, much attention has been given to computer viruses that specifically targeted programmable logic controller (PLC) and SCADA systems. Even today, SCADA protocols rarely use any authentication or encryption methods and often use cleartext communications to conduct their communications. This presents a vulnerability, allowing the insertion of illegitimate commands or the capture, modification and replay of system commands by an attacker. As new protocols have emerged, Ethernet has become popular in the electric power industry. Because the use of SCADA products is expected to increase, and because more systems are becoming connected on networks,

special care must be taken to ensure that these systems are not vulnerable. Online threats against SCADA pose as much risk as physical attacks. As cybercriminals become more sophisticated and understand more about SCADA and ICSs, the risk of attack becomes greater. In order to defend against such an attack, it is helpful to learn the sequence of events and methods that allow an attacker to be successful. In addition to SCADA systems presenting information to an operator, the systems acquire data from remote locations. Communications between devices are the foremost attack

avenue. Communications in ICSs and SCADA systems come in many forms, such as Internet protocols, RF, fiber, Bluetooth速 and older technologies, such as telephone networks.

COMMON ATTACK TYPES AND THEIR MITIGATION TECHNIQUES Every known method attackers use to gain access, gather intelligence and execute malicious activity has a mitigation technique that reduces risk. See chart below. In a replay attack, an intercepted password or data transmission is

Cybersecurity Attack Types and Mitigation Techniques ATTACK TYPE

MITIGATION TECHNIQUE

Replay attack

Message sequencing (IPsec), time stamps

Man-in-the-middle attack

Strong encryption (IPsec) with PKI

Brute force attack

Strong password policy, account locking and delaying

Dictionary attack

Strong password policy, account lockout

Eavesdropping

Strong encryption and authentication

Denial of service or DDoS

Rapid detection, IP filtering (firewall)

War dialing

Switched-in modem when needed, enabled modem callback option, inbound call whitelisting

Default passwords

Use of unique passwords, strong password policy

Emanations (and tapping)

Shielded copper cables, limited fiber bend radius

Data modification (or injection)

Hash-based Message Authentication Code (HMAC) authentication

Platform vulnerabilities

Patching via security operations policy, asset management and change control

Unauthorized access

Stateful firewall, access controls (Lightweight Directory Access Protocol [LDAP])

ELECTRIC ENERGY | SPRING 2016

replayed. With IPsec, a sequence number is incremented for each packet sent; these sequence numbers built into IPsec prevent replay attacks. A message received with an out-ofsequence number will be dropped. A similar technique exists for manin-the-middle attacks. These types of attack involve the interception of data through eavesdropping and tapping of signals that emanate from copper and fiber-optic cables. After tapping the signal, malicious traffic is injected, replacing the original data to force misoperation of a process, prevent an action or change the value of a measured value or database entry. Defense against such attacks is accomplished through authentication. Using both strong encryption and authentication can provide adequate defense. Data modification and data injection defenses also rely on authentication. One method of authentication is a Hash-based Message Authentication Code (HMAC) used within IPsec. Using a hash function along with a key, a message authentication code is generated. An HMAC is used to verify that data’s integrity and authenticity. Because the authentication code is based on the contents of the data, if the data are changed, the authentication code won’t match from source to destination, indicating the data are not authentic. In the past, dial-up access to substation intelligent electronic devices (IEDs) was frequently accomplished using modems over a plain old telephone system (POTS) circuit. This practice is still in use at some utilities, but it’s becoming less popular for several reasons, including security. Because the phone circuits normally are provided by the local telephone company, communication is established over infrastructure that isn’t under the utility’s

control. This presents the risk of unauthorized access. Keeping the phone number secret isn’t enough. War dialing software is available for an attacker to identify modems. Although war dialing can’t be prevented, the goal of war dialing can be defeated. The best practice is to disconnect modems when not in use. Some utilities require a phone call to an operations center to request access to the modem. After access is granted, the modem is physically switched into the system. If this method of switching is not possible, inbound numbers can be

Corporate Office 562.220.1450 www.total-western.com www.total-western.com Corporate Office 562.220.1450 Contact Ezra Jenkinson or Ron Matson Contact Ezra Jenkison or Ron Matson

W W W. R M EL .O R G

“People Do Projects”

EPC for Power Projects Simple Cycle, Combined Cycle, Reciprocating Engines, Biomass, CHP & Alternative Energy Our people each possess more than 30 years of experience in the power business; working as Developers, Contractors, and as Owners Tier 1 Financial Strength, with the flexibility and responsiveness of a small firm Contact our VP of Business Development, Dennis Pungitore Dennis.Pungitore@Mastec.com | 303-475-6149

4600 South Ulster Street, Ste 800 Denver CO 80237 | 888-419-6432

WWW.MASTECPOWER.COM

ts, i K re u t c Stru oles e t ple Just P m o C NOT • Complete structure kits • Includes all hardware & foundation system • 6 to 8 week lead time • Clearly marked packaging

E-LAM® Structures, The Industry Standard Since 1992 Laminated Wood Systems, Inc.

800-949-3526 www.lwsinc.com

ELECTRIC ENERGY | SPRING 2016

whitelisted. Another possibility is to enable the call-back feature, which enables more security on dial-in lines. Utilities are moving toward building their own communications infrastructure, such as synchronous optical network (SONET) systems. This has resulted in Ethernet becoming more widely available. Securing Ethernet through the use of virtual private networks (VPNs) and firewalls is becoming more popular with utilities. Defending against attacks on passwords, such as dictionary and brute force attacks, requires strong passwords. Recent breaches into physical devices were successful because the passwords were never changed from the factory defaults. Attackers know the factory default passwords of manufacturer equipment, and it’s critical to change these to strong passwords. A good password policy should include a requirement for a minimum number of characters, one or more symbols, and both uppercase and lowercase characters. Passwords such as “Oaks Sub$tat1on Deliv3rs!” make dictionary and brute force attacks difficult. Denial-of-service and DDoS attacks require special attention. They can typically be defeated by filtering and rejecting the source IP address. However, a Distributed Denial-of-Service (DDoS) attack is more difficult because the traffic is coming from many devices and must be handled by a network team. Firewalls are an important mitigation control to allow or deny traffic to relays, IEDs or other devices. A firewall analyzes data packets and, based on a set of rules, determines if the data are allowed to pass to the device. There are several types of firewalls, including a type known as a stateful firewall, which inspects data packets and keeps track of the state of the connection by storing attributes of the connection such as IP addresses, port numbers and the sequence numbers of the packets. Computer systems, and the platforms they operate under, can contain newly discovered vulnerabilities. These are a serious risk because computer systems are potentially connected to equipment. As new vulnerabilities are discovered, firms work to issue patches. Most major cyberattacks in the past few years have targeted known vulnerabilities for which patches existed before the outbreaks. Before beginning a patch and vulnerability management program, conduct an inventory of all of the devices on the system; an unpatched and unaccounted-for computer is at risk of being exploited. Use automated patch management tools to fix potential vulnerabilities.

A rule-based IDS uses predefined rules to analyze traffic on the SCADA or ICS network. The IDS inspects each packet for information such as the source and destination, protocol, port and message content based on the rule shown in Figure 2. The rule contains information on how to inspect each packet and alert if action is necessary. Figure 2. A rule-based intrusion detection system (IDS) uses predefined rules to analyze traffic on the SCADA or ICS network, inspecting each packet for information on the rule shown here.

ADVANCED PERSISTENT THREATS

NETWORK INTRUSION DETECTION

Another threat to the secure operation of SCADA systems is called an advanced persistent threat (APT). The goal of an APT is to gain access to a system and move slowly and deliberately enough to not be noticed. They are delivered via a well thought out attack vector, such as an email with a link to what appears to be a website but, in fact, is a launch platform for a cyberattack on the targeted infrastructure. Once system access has been accomplished, the APT will not trigger the attack until a specific reason or time has surfaced. This makes it very difficult to know that the system has been compromised. The APT attack is designed to swiftly accomplish the desired goal so that it cannot be stopped before the goal is met. Because of the high complexity of an APT, they are generally targeted at organizations for political reasons or because of nation state-level conflicts. Once an APT enters an industrial network, it expands in stages to different networks and tries to discover equipment. It may even be able to contact outside resources or the attacking group that created it for updates or commands. This is one reason that business and operational networks should be strictly separated. Allowing email and Internet traffic on an operational network is never a safe practice.

A network intrusion detection system (IDS) is an important piece of the security framework. While firewalls and antivirus protection are a must for protecting SCADA networks, the ability to know if a network has even been breached relies on an IDS. It monitors both inbound and outbound communications on a network and between devices, and records events such as unauthorized access attempts, port scans, probes, buffer overflows, operating system (OS) fingerprinting and other forms of attack. In addition to detecting malicious threats, an IDS also is valuable for detecting policy violations. For example, security incidents have occurred when a utility engineer placed an Ethernet cable with Internet access into a device on a secure network with the intention of using the connection temporarily to update the device. The cable was forgotten and found months later after allowing the system to be exposed to the outside world. An IDS would have detected this policy violation.

SECURITY IS VITAL Risks to SCADA and ICSs are not limited to the attack vectors described here. Although risks cannot be completely eliminated, they can be diminished by safeguarding data, preventing unauthorized access and securing communications. For a SCADA protocol to be secure, it must provide end-to-end authentication, integrity and nonrepudiation. If the protocol can’t provide these security features, then a secure wrapper (encryption) must be provided to encapsulate the communications. Compensating controls, such as placing an encryption wrapper around serial protocols, are additional steps that must be taken to secure systems that are inherently nonsecure, and they are a necessity for legacy systems. By following the basic principle of implementing data and user authentication and authorization with strong encryption, utilities and other critical infrastructure operations can create a network with data integrity assurance.

Figure 2: How to Inspect Each Packet and Alert if Action is Necessary

alert Action

tcp

any

Source IP Protocol

--> Direction

Source Port

any

(msg: “Telnet connection”;)

Destination Port

Destination IP

Message

W W W. R M EL .O R G

power transformer Prototype Recovery Transformer and Ballistic Protection Solutions Offer Practical Solutions to Enhance Substation Resiliency By Craig L. Stiegemeier, Director of Technology and Business Development, ABB

ELECTRIC ENERGY | SPRING 2016

PhysicalSecurity T

he grids that make up North Americaâ&#x20AC;&#x2122;s power infrastructure have had a long, proud history of relative stability over the past century. And the U.S. electric utility industry has earned a long, well-deserved track record of reliability. Extended outages have been rare. The financial and emotional impact of a long-term outage on a nation cannot be underestimated. For example, the damage that led to astronomical costs associated with regional severe-weather related outages such as Superstorm Sandy, the major hurricane and severe weather system that hit the Northeast in 2012, directly impacted the economy as well as the U.S. presidential race. In 2012, a Congressional Research Service study estimated the inflation-adjusted cost of weather-related outages at $25 to $70 billion, annually. Fortunately, proper planning and quick reaction following Sandy kept major outages under control, and power was restored to more than 95 percent of customers within two weeks. Âť

W W W. R M EL .O R G

STORMS AND SNIPERS And now in this post-9/11 era, on top of these major weather-related disaster concerns, comes a wave of physical attacks on targeted substations and power transformers around the country. Between 2011 and 2014, according to USA Today, electric utilities reported 348 physical attacks that caused outages or other power disturbances. The most high-profile incident occurred in 2013 in California, where snipers took direct aim at a substation by cutting fiber optic communication lines and firing high powered rifle shots at 17 transformers and six circuit breakers, causing 52,000 gallons of oil to be spilled and $15.4 million in estimated restoration costs.

ELECTRIC ENERGY | SPRING 2016

Fortunately, there were no significant outages, as there was a massive – and successful – effort to reroute power and restore service. These physical attacks led the North American Electric Corporation (NERC) to quickly file a petition for the approval of reliability standard NERC CIP-014 requiring transmission owners to assess the vulnerability of critical substations and development and implement security plans. The implementation schedule for this order started in October 2015 and requires completion by August 2016. NERC created this project to address the directives issued in the FERC Order on Reliability Standards for Physical Security Measures under Docket No. RD14-6-000 issued March 7, 2014.

THE IMPORTANCE OF POWER TRANSFORMERS Large power high voltage (HV) transformer units today make up less than three percent of the total number of transformers on the grid; however, they carry 60-70 percent of the nation’s electricity, so it is vital to protect these assets. Power transformers are widely recognized to be the most critical asset in the substation. Many utilities have some version of spare transformers on hand, however there is a very limited availability of spares. Spares are often in the same location as a potential attack, and there is rarely more than one available per substation. Every transformer in America is designed for a particular application, and few transformers are alike, especially at high voltages. Manufacturing lead times are long, and involve complex processes around design, procurement, production, testing and deployment. There are difficulties with transportation, as large, heavy units are rarely able to be transported on trucks. Most transformers are shipped via rail transportation, which often takes weeks of planning and implementation. And finally, there is much specialty equipment and skill required in the installation of these transformers. Dimensions are critical.

ZACHRY GROUP

Long-Term Productivity

Successful power generation economics depend on certainty of capacity and facility uptime. In more than 100 projects spanning fossil, renewable and nuclear fuel technologies, our lifecycle services model has delivered immediate and sustainable performance. Zachry Group is Americaâ&#x20AC;&#x2122;s pace-setter in turnkey construction, engineering, maintenance, turnaround and fabrication services in the power, energy, chemicals, manufacturing and industrial sectors.

For more information, visit zachrygroup.com.

Zachryâ&#x20AC;&#x2122;s project lifecycle business approach delivers distinctive value to utilities and independent power producers. Using the largest, highly skilled merit-shop workforce in the industry, we ensure cost effectiveness and schedule certainty during the planning, building and renewal phases of each facility.

Many times, new concrete pads must be created, and many hours of civil work are required. Absolute physical security of America’s grid infrastructure or its substations is not practically achievable if not downright impossible. Vulnerabilities hinge on attackers’ intentions, skill and resources. There is no way to absolutely protect a substation transformer and other electrical equipment from severe damage from an intentional attack. It is possible to make the damage less severe, prolong service and restore service more quickly with a layered approach to physical security. When damages exceed repair capabilities, rapid replacement strategies play an important role in transformer recovery. Critical transformers need spares, universal spares, and an on-the-shelf design for critical assets. 38

ELECTRIC ENERGY | SPRING 2016

SUCCESSFUL “RECX” CONCEPT DEMONSTRATION In 2012, a new consortium led by the U.S. Department of Homeland Security (DHS), which included ABB, the Electric Power Research Institute (EPRI), and CenterPoint Energy, launched a new Rapid Recovery Transformer (RecX) program. The concept actually

concepts. DHS became involved after the project created a less-than-one week storage to transformer energization concept. And CenterPoint, the utility host, supported a trial deployment and designated one of its substations to house the first RecX. The RecX consortium held a timed concept demonstration, a “fire drill” for

Large power transformers carry almost 70 percent of the nation’s electric power. They are essential to maintaining grid reliability. Replacements can take from 12-24 months to make. Quick access to spare transformers would dramatically reduce the risk of a prolonged outage. began prior to 9/11 with EPRI’s Infrastructure Security Initiative (ISI), where the feasibility of a fast-to-install transformer design was first examined. ABB was tasked with designing a conventional oil-filled spare transformer with ease-of-transport and fast-to-install

deployment of the spare transformer, in 2012. The consortium would transport and complete installation of this prototype transformer that could replace a failed large extra-high voltage (EHV) transformer in less than a week as opposed to several months for a

normal large power transformer. A trio of single-phase 200-MVA, 345/138-kV autotransformers were drained of their oil, disassembled, transported more than 900 miles (1,448 km), reassembled and energized in less than one week in the designated substation. Two transformers were transported by widely available lowboy trailers while one was loaded onto a specially designed over-the-road trailer. The first two were placed on a typical concrete pad in the substation, while the other one came with its own integrated pad, demonstrating the ability to place the transformer on compacted gravel. This eliminates the need of a crane to unload, which is a big time saver as opposed to pouring and curing a concrete base. The drill began on a Monday morning, March 12, 2012 at the ABB

transformer manufacturing plant in was done, it was near completion. St. Louis, Missouri. The partially asThe project was indeed completed sembled units were pulled from storon Saturday morning, March 17. The age, simulating an actual RecX transformer and emergency scenario, and associated units were Absolute physical placed onto two convensuccessfully energized security is not tional lowboy trailers and by Saturday evening â&#x20AC;&#x201C; practically a 65-ton capacity trailer Five days, 10 hours and achievable. It is (MA65) specially designed 10 minutes after the possible to make for a trip to Houston. The simulation first started. the damage less MA65 was modeled after A one-year monitoring severe, prolong an over-the-road Schnaperiod for evaluating service and bel railcar, and proved to performance was then restore service be amazingly versatile. successfully started and more quickly The trailers all arrived completed. And today, with a layered by Tuesday evening, as of late 2015, the RecX approach to and assembly began on prototype spare transphysical security. Wednesday morning. And former is still humming on Friday evening, after along and working as experienced CenterPoint assembly originally designed. crews worked 12-14 hour days and Utilities have noted the RecXâ&#x20AC;&#x2122;s large much of the testing and installation power capabilities, allowing for high

We design power. We build relationships.

Sega Inc. is a Kansas City-based consulting and engineering firm dedicated to providing engineering and technical services for the production and distribution of energy. As a single-source provider of energy-related services, we have experienced engineers and technical specialists in the areas of Power Generation, Power Delivery, Air Quality & Environmental, Control Systems, and Renewables.

Learn more at www.segainc.com

W W W. R M EL .O R G

voltage ratings; its compact and flexible design, including and practical concerns. The U.S. Department of Energy (DOE) three individual single-phase units, hybrid NOMEX® insulahas picked up where DHS left off, issuing a well-received tion system for reducing size while maximizing power, and report, “Large Power Transformers and the U.S. Electric Grid,” its remote cooling system. Just as important, these spare around how the loss of large power transformers (LPT’s) transformers enable rapid deployment, with transportation could result in grid exposure. NERC CIP-014 has been initiand installation now happening in days versus weeks. ated, requiring utilities to be compliant by August 2016. A recent study concluded that the single And ABB, in consultation with several electrimost utilized transformer in the U.S. holds a cal utilities and the DOE, has recently launched Between 2011 voltage ratio of 345-138 kV. This demonstraa “Substation Physical Security and Resiliency and 2014, tion exercise successfully created, deployed Initiative” to help utilities reduce the impact of electric utilities and energized three single-phase 200 MVA, and quickly restore the grid after a natural or reported 348 345-138 kV units that are small enough to man-made disaster. This initiative covers five physical attacks be transported over U.S. Interstate highways, strategic elements that will help these utilities that caused dramatically reducing transport times as comrestore power as quickly as possible. These outages or pared with conventional rail transportation. steps include: other power · Assessment – Assess the asset risk to disturbances FIVE STEPS TO BETTER extreme weather events, intentional criminal – USA Today SUBSTATION RESILIENCY attacks, geomagnetic disturbances (GMD) and Since the first Rapid Recovery Transformer electromagnetic pulses (EMP) (RecX) was first installed in 2012, technology advancements · Hardening – Harden substations and power equipment have continued and the power industry has come together to against malevolent attack and extreme environments begin working out the complex weave of economic, security · Monitoring – Remote monitor the asset and surroundings and automate response to abnormalities · Rapid Repair – Rapidly repair lightly damaged power equipment, allowing utilities to quickly restore their equipment following an incident · Rapid Replacement – Rapidly replace seWhy should utilities verely damaged power consider a Rapid equipment Recovery (RecX) To aid in the concept spare hardening portion of transformer? the process, ABB has developed a ballistic • Fast and easy resistant system called transportation/ AssetShield™. This installation of a large system can be used to power transformer protect a new trans• Adaptable to fit a former by constructing variety of site locations the tank with the ballistic resistant system, or • Simple design it can be retrofitted and maximizes reliability integrated on existing • Reduced size and critical power transweight for hauling over formers. AssetShield™ U.S. roadways a first-of-its-kind • Modular components solution to shield and supports rapid protect large power installation transformers and other substation equipment • Ability to maintain from ballistic attack. power during and after AssetShield™ currently the recovery period of meets the Level 10 an outage 40

ELECTRIC ENERGY | SPRING 2016

rating of the UL-752 Ballistic standard. AssetShield™ is an impact and fragmentationprotective system for substation equipment such as transformers, switchgear, circuit breakers, and capacitors. It reduces the kinetic energy of the bullets and reduces spalling and the potential damage after the impact of a high-energy projectile. AssetShield™ has been tested to protect transformers and their sensitive subsystems and components. While absolute physical security for a substation is not practically achievable, but with AssetShield™ and the other protective solutions developed by ABB it is possible to minimize the damage, prolong service and restore service more quickly when there is an attack. In addition to the AssetShield™ protection, systems to isolate cooling system damage which supports protection of the transformer core and coils have been developed. Those solutions include the introduction of a new type of dry bushing that not only helps minimize the impact of ballistic attacks but supports the ability to store bushings for long periods of time without the need for specialized storage systems. The advantages and potential of these rapid recovery transformers, coupled with wider access to spare large power transformers and the ability of utilities to quickly assess, monitor, harden and replace this equipment, will better prepare our power grid for any man made or natural emergency situation. More details, including video of the AssetShield™ system at work can be found at: http://new.abb.com/us/issues/physical-security

Time is MONEY Project Management expertise is critical to completing projects on time and on budget. Our Grid Solutions team can help you achieve project success by providing value-added services. » Project estimation and planning » Bill of materials reviews

» Staging and kitting » Procurement and material management

» Material take-offs

Toll-free: 877.273.3323 | borderstates.com Supplying products and services to the construction, industrial and utility industries. 10-061 (2016-03)

A MYR GROUP COMPANY

YOUR BEST ELECTRICAL CONNECTION

ABOUT THE AUTHOR

Craig L. Stiegemeier is the Director of Technology and Business Development ABB’s North American Transformer Remanufacturing and Engineering Services (TRES), and is responsible for developing effective processes supporting condition evaluation and assessment tools, life extension solutions and training programs for utility and industrial users of power transformers. Craig led the ABB team that developed the RecX transformer and provided leadership to the RecX consortium with the Dept. of Homeland Security and EPRI. Craig and his family are based in St. Louis, Missouri. Craig may be reached at: craig.stiegemeier@us.abb.com.

SINCE 1912

Since 1912, Sturgeon Electric has been one of the region’s top specialty contractors providing quality electric utility construction including overhead and underground distribution, transmission, substations, service and maintenance and emergency restoration. STURGEON ELECTRIC COMPANY, INC. | 303.286.8000 | STURGEONELECTRIC.COM MYR GROUP INC. AND ITS SUBSIDIARIES ARE EQUAL OPPORTUNITY EMPLOYERS. M/F/DISABLED/VETERAN ©2016 MYR GROUP INC.

W W W. R M EL .O R G

MEMBER LISTINGS

RMEL Member Companies 1 ABB, Inc. 2 ABCO Industrial Sales, Inc. 3 ADA Carbon Solutions, LLC 4 ADA-ES, Inc. 5 Advanced Electrical & Motor Controls, Inc. 6 AECOM 7 Alberici Constructors Inc. 8 Alexander Publications 9 Altec Industries, Inc. 10 AMEC Foster Wheeler 11 American Coal Council 12 American Public Power Association 13 Andritz Inc. (APC Division) 14 Arizona Electric Power Cooperative, Inc. 15 Arizona Public Service 16 Arkansas River Power Authority 17 Asplundh Tree Expert Co. 18 Associated Electric Cooperative, Inc. 19 ATCO Emissions Management 20 Atwell, LLC 21 Austin Energy 22 AZCO INC. 23 Babcock & Wilcox Company 24 Babcock Power, Inc. 25 Barton Malow Company 26 Basin Electric Power Cooperative 27 Bear Valley Electric Service 28 Beckwith Electric 29 Beta Engineering 30 Black & Veatch Corp. 31 Black Hills Corporation 32 Black Hills Electric Cooperative 33 Boilermakers Local #101 34 Boone Electric Cooperative 35 Border States Electric 36 Bowman Consulting Group 37 Brooks Manufacturing Company 38 Burns & McDonnell 39 Butler Public Power District 40 C.I.Agent Solutions 41 Carbon Power & Light, Inc. 42 Cargill Industrial Specialties 43 Casey Industrial, Inc. 44 CB&I 45 CDG Engineers, Inc. 46 Center Electric Light & Power System 47 Chad Hymas Communications, Inc. 48 Chimney Rock Public Power District 49 City Light & Power, Inc. 50 City of Alliance Electric Department 51 City of Aztec Electric Department 42

ELECTRIC ENERGY | SPRING 2016

52 City of Cody 53 City of Farmington 54 City of Fountain 55 City of Gallup Electric Department 56 City of Gillette 57 City of Glenwood Springs 58 City of Imperial 59 City of Yuma 60 Cloud County Community College 61 Clyde Bergemann Power Group 62 Co-Mo Electric Cooperative 63 Colorado Highlands Wind LLC 64 Colorado Powerline, Inc. 65 Colorado Rural Electric Association 66 Colorado Springs Utilities 67 Colorado State University 68 Commonwealth Associates, Inc. 69 ComRent 70 Corporate Risk Solutions, Inc. 71 CPS Energy 72 CTC Global Corporation 73 Culture Change Consultants 74 D.C. Langley Energy Consulting, LLC 75 Davey Utility Services 76 Delta Montrose Electric Assn. 77 DIS-TRAN Packaged Substations, LLC 78 E & T Equipment, LLC 79 E3 Consulting 80 El Paso Electric Company 81 Electrical Consultants, Inc. 82 ElectroTech, Inc. 83 Emerson Network Power - Electrical Reliability Services 84 Emerson Process Management Power & Water Solutions 85 The Empire District Electric Company 86 Empire Electric Association, Inc. 87 Encompass Energy Services LLC 88 Energy & Resource Consulting Group, LLC 89 Energy Education Council 90 Energy Providers Coalition for Education 91 Energy Reps 92 ESCÂ engineering 93 Evans, Lipka and Associates, Inc. 94 Evapco - BLCT Dry Cooling, Inc. 95 Exponential Engineering Company 96 Fairbanks Morse Engine 97 Finley Engineering Company, Inc. 98 Foothills Energy Services Inc. 99 Fort Collins Utilities 100 Fuel Tech, Inc.

101 GE Power & Water 102 Genscape, Inc. 103 Golder Associates, Inc. 104 Grand Island Utilities 105 Grand Valley Rural Power Lines, Inc. 106 Great Southwestern Construction, Inc. 107 Greer CPW 108 Gunnison County Electric Association, Inc. 109 Hamilton Associates, Inc. 110 Hamon Research - Cottrell 111 Harris Group, Inc. 112 Hartigan Power Equipment Company 113 HDR, Inc. 114 High Energy Inc. (HEI) 115 Highline Electric Assn. 116 Holy Cross Energy 117 Hubbell Power Systems 118 Hughes Brothers, Inc. 119 IBEW, Local Union 111 120 IEC Rocky Mountain 121 IMCORP 122 Incorporated County of Los Alamos Department of Public Utilities 123 Independence Power & Light 124 Intercounty Electric Coop Association 125 Intermountain Rural Electric Assn. 126 ION Consulting 127 Irby 128 Irwin Power Services 129 James Industries, Inc. 130 Kansas City Board of Public Utilities 131 Kansas City Power & Light 132 KD Johnson, Inc. 133 Kiewit Power 134 Kit Carson Electric Cooperative 135 Kleinfelder 136 Klute Inc. Steel Fabrication 137 La Junta Municipal Utilities 138 La Plata Electric Association, Inc. 139 Lake Region Electric Coop Inc. 140 Lamar Utilities Board 141 Laminated Wood Systems, Inc. 142 Lampson International LLC 143 Las Animas Municipal Light & Power 144 Lauren Engineers & Constructors 145 Leidos 146 Lewis Associates, Inc. 147 Lincoln Electric System 148 Llewellyn Consulting 149 Longmont Power & Communications

150 Loup River Public Power District 151 Loveland Water & Power 152 Luminate, LLC 153 Magna IV Engineering Inc. 154 Marsulex Environmental Technologies 155 MasTec Power Corporation 156 Merrick & Company 157 Missouri River Energy Services 158 Mitsubishi Hitachi Power Systems Americas, Inc. 159 Monk Engineering Inc. 160 Morgan County Rural Electric Assn. 161 Morgan Schaffer Inc. 162 Mountain Parks Electric, Inc. 163 Mountain States Utility Sales 164 Mountain View Electric Assn. 165 Mycoff, Fry & Prouse LLC 166 NAES Corp. 167 Navopache Electric Cooperative, Inc. 168 Nebraska Public Power District 169 NEI Electric Power Engineering, Inc. 170 New Mexico State University 171 Nooter/Eriksen, Inc. 172 Norris Public Power District 173 Northeast Community College

174 Northwest Rural Public Power District 175 Novinium 176 NRG Reliability Solutions LLC 177 Omaha Public Power District 178 Osmose Utilities Services, Inc. 179 PacifiCorp 180 Panhandle Rural Electric Membership Assn. 181 PAR Electrical Contractors, Inc. 182 Peterson Co. 183 PFES 184 Pioneer Electric Cooperative, Inc. 185 Pipefitters Local Union #208 186 Platte River Power Authority 187 PNM Resources 188 Poudre Valley Rural Electric Assn. 189 Powder River Energy Corp. 190 Power & Industrial Services Corp 191 Power Contracting, LLC 192 POWER Engineers, Inc. 193 Power Equipment Specialists, Inc. 194 Power Pole Inspections 195 Power Product Services 196 PowerQuip Corporation 197 Precision Resource Company

198 Preferred Sales Agency, Ltd 199 Provo City Power 200 PSM (Power Systems Mfg., LLC) 201 QuakeWrap, Inc. 202 Quanta Services 203 REC Associates 204 Reliability Management Group (RMG) 205 Reliable Power Consultants, Inc. 206 RES Americas 207 RRC Power and Energy 208 Safety One Training International, Inc. 209 San Isabel Electric Assn. 210 San Marcos Electric Utility 211 San Miguel Power Assn. 212 Sangre De Cristo Electric Assn. 213 Sargent & Lundy 214 Savage 215 Schweitzer Engineering Laboratories 216 Sega Inc. 217 Sellon Engineering Inc. 218 Siemens Energy Inc. 219 Sierra Electric Cooperative, Inc. 220 Solomon Associates 221 South Central PPD 222 Southeast Colorado Power Assn. 223 Southeast Community College

TRISTATE.COOP

Providing vegetation management services to the power and energy industries. Line Clearance Storm and Emergency Response Right-of-way Management

25% OF OUR ELECTRICITY

IS FORECASTED TO BE GENERATED FROM RENEWABLE RESOURCES.

Herbicide Applications

Trees, Inc. 1-866-865-9617

Approximately 25 percent of the energy Tri-State and its member systems delivers to cooperative members in 2016 is forecasted to be generated from renewable resources, making the association one of the leading utilities in the country for using renewable power. Solar system installed at Devils Thumb Ranch Resort & Spa, a member of Mountain Parks Electric

info@treesinc.com

W W W. R M EL .O R G

MEMBER LISTINGS

224 Southern Pioneer Electric Company 225 Southwest Generation 226 Southwest Public Power District 227 Southwest Transmission Cooperative, Inc. 228 Southwire Company 229 Springfield Municipal Light & Power 230 SPX Transformer Solutions, Inc. 231 SRP 232 St. George Energy Services Department 233 Stanley Consultants, Inc. 234 Stantec Consulting 235 STEAG SCR-Tech, Inc. 236 Storm Technologies Inc. 237 Sturgeon Electric Co., Inc. 238 Sulphur Springs Valley Electric Cooperative 239 Sundt Construction 240 Sunflower Electric Power Corporation 241 Surveying And Mapping, LLC 242 Switchgear Solutions, Inc. 243 T & R Electric Supply Co., Inc. 244 Technically Speaking, Inc. 245 Tenaska Marketing Ventures

• • • • •

Feasibility Studies Siting & Permitting Power Plant Design Plant Upgrades & Retrofits Air Quality Control Systems

246 Tetra Tech 247 TIC - The Industrial Company 248 Towill, Inc. 249 Trachte, Inc. Buildings & Shelters 250 Trans American Power Products, Inc. 251 TRC Engineers, Inc. 252 Trees Inc 253 Tri-State Generation and Transmission Assn. 254 Trinidad Municipal Light & Power 255 TurbinePROS 256 U.S. Water 257 UC Synergetic 258 Ulteig Engineers, Inc. 259 United Power, Inc. 260 Universal Field Services, Inc. 261 University of Idaho Utility Executive Course College of Business and Economics 262 UNS Energy Corporation 263 Utility Telecom Consulting Group, Inc. 264 Valmont Newmark, Valmont Industries, Inc. 265 Vanderbilt University 266 Victaulic

• Transmission & Distribution • Substations & Switchyards • Construction Management & Inspection Services • Owner’s Engineer

Connect with us: www.stanleyconsultants.com/energy 800.878.6806 |

267 Wärtsilä North America, Inc. 268 Wave Engineering, Inc. 269 Westar Energy 270 Western Area Power Administration 271 Western Industrial Contractors, Inc. 272 Western Line Constructors Chapter, Inc. NECA 273 Westmark Partners LLC 274 Westwood Professional Services 275 Wheat Belt Public Power District 276 Wheatland Electric Cooperative 277 Wheatland Rural Electric Assn. 278 White River Electric Assn., Inc. 279 Wichita State University 280 Wilson & Company, Engineers & Architects 281 Wyoming Municipal Power Agency 282 Xcel Energy 283 Y-W Electric Association, Inc. 284 Yampa Valley Electric Association, Inc. 285 Zachry Group TOTAL NUMBER OF MEMBERS: 285

JULY 27 & 28

2016

presented by

NORFOLK,

GENERATE DELIVER

Photo Courtesy of Matanuska Electric Association

ELECTRIC ENERGY | SPRING 2016

NEBRASKA

For information call (402) 844-7216.

Gold Sponsors: Energy Solutions Inc., Kriz Davis Co., Hughes Brothers Inc., WESCO, Evans, Lipka Association, Altec In Cooperation with: Nebraska Rural Electric Association Suppliers Group, Nebraska Rural Electric Association, League of Nebraska Municipalities Utility Section

CALENDAR OF EVENTS

2016 Calendar of Events January 14, 2016

April 5-7, 2016

August 3-4, 2016

Introduction to the Electric Utility Workshop Lone Tree, CO

Distribution Overhead and Underground Design and Staking Workshop Lone Tree, CO

Transmission Project Management Conference Western Area Power Administration â&#x20AC;&#x201C; Electric Power Training Center Golden, CO

January 26-27, 2016 Physical and Cyber Security Conference Phoenix, AZ

February 9-10, 2016 Utility Financing for NonFinancial Personnel Workshop Denver, CO

April 19-20, 2016 Safety and Technical Training Conference Lone Tree, CO

April 19, 2016 Safety Roundtable - April 2016 Lone Tree, CO

Feb 26, 2016

May 15-17, 2016

Safety Roundtable - February Westminster, CO

Spring Management, Engineering and Operations Conference Denver, CO

March 1-2, 2016 Power Supply Planning and Projects Conference Lone Tree, CO

March 2, 2016 Generation Vital Issues Roundtable Lone Tree, CO

March 8-9, 2016 Transmission Planning and Operations Conference Lone Tree, CO

March 9, 2016 Transmission Vital Issues Roundtable Lone Tree, CO

March 15-16, 2016 Distribution Overhead and Underground Operations and Maintenance Conference Lone Tree, CO

March 16, 2016 Distribution Vital Issues Roundtable Lone Tree, CO

June 15, 2016 RMEL Foundation Golf Tournament Littleton, CO

June 23, 2016 Transmission Operations & Maintenance Conference Lone Tree, CO

July 14, 2016 Field and Engineering Customer Service Conference Lone Tree, Co

July 26-27, 2016 Plant Management, Engineering and Operations Conference El Paso, TX

July 27, 2016

August 26, 2016 Safety Roundtable - August Western Area Power Administration â&#x20AC;&#x201C; Electric Power Training Center, Golden, CO

September 11-13, 2016 Fall Executive Leadership and Management Convention Summerlin, NV

September 29, 2016 2017 Spring Management, Engineering and Operations Conference Planning Session Lone Tree, CO

October 5-6, 2016 Distribution Engineers Workshop Lone Tree, CO

October 13, 2016 Renewable Planning and Operations Conference Lone Tree, CO

November 2-3, 2016 Electric Energy Environmental Conference Lone Tree, CO

November 4, 2016 Safety Roundtable November Fort Collins, CO

Generation Vital Issues Roundtable El Paso, TX

CONTINUING EDUCATION CERTIFICATES

Continuing education certificates awarding Professional Development Hours are provided to attendees at all RMEL education events. Check the event brochure for details on the number of hours offered at each event.

W W W. R M EL .O R G

ADVERTISERâ&#x20AC;&#x2122;S INDEX

AMEC

www.amec.com

(770) 810-9698

www.bv.com

(913) 458-2000

Border States Electric

www.borderstateselectric.com

(701) 293-5834

Burns McDonnell

www.burnsmcd.com

(816) 333-9400

California Turbo, Inc.

www.californiaturbo.com

(800) 448-1446

CoBank

www.cobank.com

(800) 542-8072

Commonwealth Associates

www.cai-engr.com

(360) 466-2214

Empire Electric Association, Inc.

www.eea.coop

ERG Consulting

www.ERGconsulting.com

(203) 843-0600

Great Southwestern Construction, Inc.

www.gswc.us

(303) 688-5816

Black & Veatch

Kiewit

(970) 565-5555

Back Cover

www.kiewit.com

(913) 928-7000

Laminated Wood Systems, Inc.

www.lwsinc.com

(402) 643-4708

MasTec Power Corp

www.mastecpower.com

(303) 542-6960

Mitsubishi Hitachi Power Systems

www.mhpowersystems.com

(908) 605-2800

Nebraska Public Power District

www.nppd.com

(402) 564-8561

Northeast Community College

20 & 44

www.northeast.edu

(402) 371-2020

www.pike.com

(336) 789-2171

Pike POWER Engineers

15 5

www.powereng.com

(208) 788-3456

Sega, Inc.

www.segainc.com

(913) 681-2881

Siemens

Inside Back Cover

www.siemens.com

(303) 696-8446

Stanley Consultants, Inc.

www.stanleygroup.com

(303) 799-6806

Sturgeon Electric Co. Inc.

www.myrgroup.com

(303) 286-8000

T & R Electric Supply Co., Inc.

www.t-r.com

(800) 843-7994

Total Western

www.total-western.com

(562) 220-1450

Trees Inc.

www.treesinc.com

(866) 865-9617

Tri-State Generation

www.tristategt.org

(303) 452-6111

www.turbinepros.com

(877) 363-5702

Ulteig Engineers, Inc.

www.ulteig.com

(877) 858-3449

Zachry Group

www.zhi.com

(210) 588-5000

TurbinePROs

Inside Front Cover

ELECTRIC ENERGY | SPRING 2016

Go from 4 MW to 66 MW, efficiently and reliably. Siemens gas turbines are energizing the smart power movement with a full portfolio of gas turbines.

The world’s need for power isn’t just growing, it’s changing. Our comprehensive portfolio of industrial and aeroderivative gas turbines provides flexibility and choice for optimal power production. We offer models ranging from 5MW to 66MW, able to meet any application with the highest levels of efficiency and reliability. And, we’re setting the standard for service, with innovations like digital remote monitoring, that maximizes performance and ROI over the entire life cycle. From fast-start power plants that support the move to renewable energy, to efficient oil and gas transportation, to combined heat and power plants that ensure reliable energy where it’s most needed, more businesses are relying on Siemens to power their future. Discover how Siemens powers the world with innovative gas turbines.

siemens.com/gasturbines

Scan the QR code for a free download.

Shepard Energy Centre Calgary, Alberta

Powering the future. As a long-time industry innovator, Kiewit has extensive experience in gas-fired, air quality control systems, power delivery, renewable and nuclear markets. From concept to commercialization, we offer clients a full suite of engineering, procurement, construction and start-up services. No job is too large or too small â&#x20AC;&#x201D; we deliver world-class solutions to projects of every size. Kiewit Power Group Inc. 9401 Renner Boulevard Lenexa, KS 66219 (913) 928-7000

KIEWIT.COM