Beruflich Dokumente
Kultur Dokumente
SECURITY ASSESSMENT
(Delete all text highlighted in yellow. Type entries in gray areas and add additional details outside
gray boxes as needed.)
1. INTRODUCTION:
The Dam (FERC Project No. ) has been classified by the Federal Energy Regulatory
Commission (FERC) as a “Group 2” dam. The dam is located on the River, approximately
miles upstream from the city of , state. The Project produces megawatts of
electricity, serving more than million people. Other benefits of the facility include: .
Description of dam type(s): . (i.e. thin arch, slab and buttress, embankment, masonry gravity,
concrete gravity, massive concrete gravity, thick arch)
The Security Assessment (SA) for this dam was prepared by the Utility in accordance with the
Division of Dam Safety and Inspections, FERC Security Program for Hydropower Projects – Revision
2 (June 3, 2009).
The SA was completed using the FERC Hydro Security Inspection Form (version 3 – May 8, 2009), a
critical asset spreadsheet (attached) and careful examination of the following:
• Asset evaluation
• Geographic, demographic, and political environment
• Visibility, notability, and accessibility
• Existing security systems and measures
The SA was conducted of the dam’s structure, assets, appurtenant structures, and SCADA systems.
The SA includes review of detection, assessment, delay, response, integration, risk management,
and protective measures. The list of assets considered to be of importance to the Dam is
shown on the critical asset spreadsheet (attached).
• Plant Managers
• Plant System Operators
• Plant Maintenance
• Project Safety Engineers
• Security Division
2
The Dam is visible and accessible from State Route on the County side of the
River, and from State Route on the County side. It is visible and accessible from both
upstream and downstream sides of the River. (Alter visibility/accessibility as necessary.)
A “Visitor Center”, located on site and shown on the accompanying drawing, hosts approximately
visitors per year.
The Utility Security Division manages a program of systems and measures that ensure
protection of the Dam and Project. The Physical layout of site security features for the Dam is
contained on drawings incorporated in the Security Plan, which also includes potential routes of
intrusion. These systems and measures include (alter as needed):
• Guard posts (with barriers and “Tiger Teeth”) -- located at each access point
• Placement of fencing, barricades, and signage
• Placement of signage and buoy lines -- upstream and downstream of dam
• Credentials/electronic access badges for employees and approved contractors
• Screening process for contractors, vendors, and visitors
• Electronic barrier arms/doors
• Padlock and key control
• Security cameras with 24-hour, live monitoring
• Intrusion alarms with 24-hour monitoring
• Contracted security guard services
• Training & exercises
• Security policies and procedures
• Suspicious Activity Incident Reporting
The Utility has developed strong partnerships with local Law Enforcement Agencies (LEA),
Fire, and EMS agencies. These agencies support the Utility through collaborative training &
exercises, observation patrols, response to incidents, and proactive meetings. Coordination meetings
with LEA generally occur at the following intervals: .
Procedures are in place to alter site security as threat conditions change as is shown in the Security
Plan for the Dam.
2
3
4. RESULTS OF ASSESSMENT:
Based on values assigned, each asset will receive a score of 11 (poor) to 44 (excellent). Asset
security coverage values ranged from to , with an average foot entrance project score of
, an average (land) vehicle entrance project score of , and an average boat entrance
project score of .
5. RECOMMENDATIONS:
From this Security Assessment, the following recommendations for site security are proposed. An
indication of the priority assigned to each recommendation (Low, Medium, or High) and a plan and
schedule to complete each recommendation is also provided.
6. CONCLUSIONS:
The Utility’s existing Security Program is sufficiently effective in reacting to potential
adversaries – particularly, generic intruders who could attempt to gain access to the identified assets
at the Hydro Project. The Utility will continue to monitor, assess, and respond to its
security needs as they change or evolve. (Revise Conclusions as necessary.)
Attachments:
1) Assessment Definitions for “Asset List” Spreadsheet.
2) FERC Hydro Security Inspection Form (Version 3 – 5/08/09). Date of completion: .
3) Hydro Project “Asset List” Assessment Spreadsheet. Date of completion: .
4) Drawing of Security Features Layout and Potential Routes of Intrusion (or reference to location
of drawing).
4
ATTACHMENT 1: Assessment Definitions for “Asset List” Spreadsheet
6
FERC Group II Assessment Form (Definitions)
This is a list of the data-entry values used in the Group 2 Security Assessment Template
spreadsheet. Definitions are also shown within the form itself by placing the computer
cursor over the small red “note triangles.” The values assigned should consider the overall
response to each question as it pertains to the site being assessed.
Response:
• Law enforcement numbers posted.
• Law enforcement notified quickly.
• Are there redundant communications.
• Quick detection and response on unauthorized access attempts.
• Law enforcement responders available: Local______State_______Fed_______
Mark overall response actions as: 1. Requires attention (provide plan and schedule); 2. Limited
acceptability (requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification
(plan and schedule available); 4. Acceptable.
Assessment Internal:
Relative measure of threats/actions based on Utility experience and law enforcement
experience/intelligence:
1. Current active threats.
2. Current oral threats.
3. Past active threats.
4. No known threats.
Mark overall internal assessment as either: 1, 2, 3, or 4.
Cyber/SCADA Security:
1. Systems not protected from Internet intrusion.
2. System is stand alone or has firewall protection from Internet intrusion.
3. Firewalls and internal systems in place and updated w/patches.
4. NERC/CIP standards in place.
Mark as: 1, 2, 3, or 4.
OVERALL SCORE:
At the end of the analysis, you will see a ranking score for each asset of concern ranging from11 (poorly
protected) to 44 (excellent protection). In general, a score of 44 indicates that security coverage of that
asset is fully acceptable, whereas a score of 11 indicates that attention to that asset may be required. A
discussion of these findings should be included in the Security Assessment narrative.
The average of all the individual asset security-protection scores is also presented to provide an indication
of the overall security findings at the site.
Note: This version of the Inspection Form was filled out by the Utility. Another version of
this form has been completed by FERC staff and may differ in content.
Other?
Personnel control/ID
badges used?
DELAY
4. Is the dam site fenced with
gates/doors
locked (if appropriate to the
site)?
Vehicle?
Boat?
9. Is critical performance
monitoring
equipment secured against
tampering?
Field Observations Y N NA Comments
RESPONSE
10. Are law enforcement phone
numbers
posted?
11. Are there redundant
communications?
12. How long it takes the How is detection made?
operator if detected to respond
to unauthorized access?
What is that
response?
Overall Risk to security (Cite critical pre-modification ASR value(s) and show if
reduced due to above modifications decreased the ASR Risk value.)
modifications because of: