CONFIDENTIAL

SECURITY ASSESSMENT
(Delete all text highlighted in yellow. Type entries in gray areas and add additional details outside
gray boxes as needed.)

DAM:       PROJECT:      

UTILITY:       REPORT DATE:       VERSION:      

1. INTRODUCTION:

The       Dam (FERC Project No.      ) has been classified by the Federal Energy Regulatory
Commission (FERC) as a “Group 2” dam. The dam is located on the       River, approximately
      miles upstream from the city of      ,       state. The Project produces       megawatts of
electricity, serving more than       million people. Other benefits of the facility include:      .

Description of dam type(s):      . (i.e. thin arch, slab and buttress, embankment, masonry gravity,
concrete gravity, massive concrete gravity, thick arch)

The Security Assessment (SA) for this dam was prepared by the       Utility in accordance with the
Division of Dam Safety and Inspections, FERC Security Program for Hydropower Projects – Revision
2 (June 3, 2009).

2. METHODOLOGY & SCOPE:

The SA was completed using the FERC Hydro Security Inspection Form (version 3 – May 8, 2009), a
critical asset spreadsheet (attached) and careful examination of the following:

• Asset evaluation
• Geographic, demographic, and political environment
• Visibility, notability, and accessibility
• Existing security systems and measures

The SA was conducted of the dam’s structure, assets, appurtenant structures, and SCADA systems.
The SA includes review of detection, assessment, delay, response, integration, risk management,
and protective measures. The list of assets considered to be of importance to the       Dam is
shown on the critical asset spreadsheet (attached).

The following personnel participated in conducting the assessment:

• Plant Managers
• Plant System Operators
• Plant Maintenance
• Project Safety Engineers
• Security Division
 2

3. FACTS & CONSIDERATIONS:

The Dam is visible and accessible from State Route       on the       County side of the      
River, and from State Route       on the       County side. It is visible and accessible from both
upstream and downstream sides of the       River. (Alter visibility/accessibility as necessary.)

A “Visitor Center”, located on site and shown on the accompanying drawing, hosts approximately
      visitors per year.

(Add other dam/project facts as necessary.)

The       Utility Security Division manages a program of systems and measures that ensure
protection of the Dam and Project. The Physical layout of site security features for the Dam is
contained on drawings incorporated in the       Security Plan, which also includes potential routes of
intrusion. These systems and measures include (alter as needed):

• Guard posts (with barriers and “Tiger Teeth”) -- located at each access point
• Placement of fencing, barricades, and signage
• Placement of signage and buoy lines -- upstream and downstream of dam
• Credentials/electronic access badges for employees and approved contractors
• Screening process for contractors, vendors, and visitors
• Electronic barrier arms/doors
• Padlock and key control
• Security cameras with 24-hour, live monitoring
• Intrusion alarms with 24-hour monitoring
• Contracted security guard services
• Training & exercises
• Security policies and procedures
• Suspicious Activity Incident Reporting

There is no history of attempted sabotage at this Project. There is no history of unauthorized

intrusions. On rare occasions, there have been individuals who have attempted to trespass -- but they
were immediately observed and intercepted. In each of these cases, there was no malice or criminal
intent. There is no intelligence to suggest the       Hydro Project has been targeted for any type of
attack. (Alter above as necessary. Discuss if trespass or theft has occurred; if so, does this point to
any weaknesses in site security?)

The       Utility has developed strong partnerships with local Law Enforcement Agencies (LEA),
Fire, and EMS agencies. These agencies support the       Utility through collaborative training &
exercises, observation patrols, response to incidents, and proactive meetings. Coordination meetings
with LEA generally occur at the following intervals:      .

Procedures are in place to alter site security as threat conditions change as is shown in the Security
Plan for the       Dam.
2
 3

4. RESULTS OF ASSESSMENT:

4.a Results from Hydro Security Inspection Form:

A review of the Hydro Security Inspection Form indicates that      . (Describe general observations
from the form.)

4.a Results from Project “Asset List” Assessment Spreadsheet:

For each asset evaluated, a subjective ranking of each security element used to protect that asset
was assigned as: 1 (Requires attention); 2 (Limited acceptability); 3 (Acceptable-under modification);
4 (Acceptable). Three general routes of intrusion were considered in the assessment (foot, land
vehicle, and boat). A review of the Assessment Spreadsheet indicates that      . (Describe general
observations.) From this assessment, some assets have been shown to be in need of further
consideration. It should be noted that a full risk analysis has not been completed for this project, and
the level of protection necessary for identified assets may more accurately be dependent upon
resultant consequences and overall risk. The assets identified as not fully acceptable are indicated
below (applicable intrusion routes are marked with an “X”):

•      :       (foot)       (veh.)       (boat)

•      :       (foot)       (veh.)       (boat)
•      :       (foot)       (veh.)       (boat)
•      :       (foot)       (veh.)       (boat)
•

Based on values assigned, each asset will receive a score of 11 (poor) to 44 (excellent). Asset
security coverage values ranged from       to      , with an average foot entrance project score of
     , an average (land) vehicle entrance project score of      , and an average boat entrance
project score of      .

5. RECOMMENDATIONS:

From this Security Assessment, the following recommendations for site security are proposed. An
indication of the priority assigned to each recommendation (Low, Medium, or High) and a plan and
schedule to complete each recommendation is also provided.

1. (List recommendation, mode of intrusion, priority, P&S.)

2. (List recommendation, mode of intrusion, priority, P&S.)
3. (List recommendation, mode of intrusion, priority, P&S.)

6. CONCLUSIONS:

Privileged - Security-Sensitive Material

 4

The       Utility’s existing Security Program is sufficiently effective in reacting to potential
adversaries – particularly, generic intruders who could attempt to gain access to the identified assets
at the       Hydro Project. The       Utility will continue to monitor, assess, and respond to its
security needs as they change or evolve. (Revise Conclusions as necessary.)

Attachments:
1) Assessment Definitions for “Asset List” Spreadsheet.
2) FERC Hydro Security Inspection Form (Version 3 – 5/08/09). Date of completion:      .
3)       Hydro Project “Asset List” Assessment Spreadsheet. Date of completion:      .
4) Drawing of Security Features Layout and Potential Routes of Intrusion (or reference to location
of drawing).

4
ATTACHMENT 1: Assessment Definitions for “Asset List” Spreadsheet
 6
FERC Group II Assessment Form (Definitions)

This is a list of the data-entry values used in the Group 2 Security Assessment Template
spreadsheet. Definitions are also shown within the form itself by placing the computer
cursor over the small red “note triangles.” The values assigned should consider the overall
response to each question as it pertains to the site being assessed.

DETECTION, ASSESSMENT, DELAY AND RESPONSE

External Access (foot, vehicle, boat):
Visual access and asset protections based on structure/equipment, resiliency and facility security:
1. High visibility/highly accessible.
2. High visibility/good access control (barrier/electronic/human).
3. Low visibility/good access control (barrier/electronic/human).
4. Low visibility/inaccessible.
Mark as: 1, 2, 3, or 4.

Physical Security, site specific (foot, vehicle, boat):

• Key & lock protection on doors windows.
• Perimeter protection (gates/fencing).
• Photo ID/badge program.
• Electronic access control, CCTV monitoring.
• Guard patrol, days/week_____/______, hrs/days_____/_____.
Mark overall physical security as: 1. Requires attention (provide plan and schedule); 2. Limited
acceptability (requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification
(plan and schedule available); 4. Acceptable.

Detection and Assessment (foot, vehicle, boat):

Based on physical location, structure/equipment resiliency and protections currently in-place:
• Site manned...days/week_____/_____hours/days_____/______.
• Surveillance cameras in use/monitored by employees, guards.
• Personnel controlled/ID, badges required.
• Walking inspections/patrols - employees/guards.
• Frequency of patrols/walking tours_______________________.
Mark overall detection as: 1. Requires attention (provide plan and schedule); 2. Limited acceptability
(requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification (plan and
schedule available); 4. Acceptable.

Delay (foot, vehicle, boat):

• Dam/assets fenced with gates/doors access controlled.
• Access restrictions in-place (foot/vehicle/boat) and appropriate.
• Spillway, spillway gate controls secured from unauthorized access.
• Powerhouse-accessed controlled/alarmed/CCTV/motion detection.
• Physical protection equipment secured against tampering.
Mark overall delay as: 1. Requires attention (provide plan and schedule); 2. Limited acceptability

Privileged - Security-Sensitive Material

 7
(requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification (plan and
schedule available); 4. Acceptable.

Response:
• Law enforcement numbers posted.
• Law enforcement notified quickly.
• Are there redundant communications.
• Quick detection and response on unauthorized access attempts.
• Law enforcement responders available: Local______State_______Fed_______
Mark overall response actions as: 1. Requires attention (provide plan and schedule); 2. Limited
acceptability (requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification
(plan and schedule available); 4. Acceptable.

Response time for law enforcement, site specific:

• Remote area, no law enforcement patrol, no intrusion alert.
• Remote area, warning signage, law enforcement numbers posted
• Intrusion alert with 30 minute plus law enforcement response.
• Intrusion alert with under 15 minute law enforcement response.
• Guard service/law enforcement on duty at location.
Mark overall response time as: 1. Requires attention (provide plan and schedule); 2. Limited acceptability
(requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification (plan and
schedule available); 4. Acceptable.

INTEGRATION AND RISK MANAGEMENT:

Assessment External:
Relative measure of threats/actions based on Utility experience and law enforcement
experience/intelligence:
1. Current active threats/vandalism/theft/trespass.
2. Current oral threats/vandalism/theft/trespass.
3. Past active threats/vandalism/theft/trespass.
4. No known threats or past activity.
Mark overall external assessment as either: 1, 2, 3, or 4.

Assessment Internal:
Relative measure of threats/actions based on Utility experience and law enforcement
experience/intelligence:
1. Current active threats.
2. Current oral threats.
3. Past active threats.
4. No known threats.
Mark overall internal assessment as either: 1, 2, 3, or 4.

Security Assessment Includes:

• Introduction/Scope/Methodology.
• List of critical physical dam assets, structures, appurtenant structures.

Privileged - Security-Sensitive Material

 8
• Inherent accessibility and visibility of each identified asset.
• Security system procedures/responses to potential adversaries.
• Security improvement recommendations with plans and schedules.
Mark overall security assessment as: 1. Requires attention (provide plan and schedule); 2. Limited
acceptability (requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification
(plan and schedule available); 4. Acceptable.

Security Plan Includes:

• Documentation of restricted areas, physical dam related assets, physical security protections,
descriptions, layout and inventory.
• Security Operational Procedures (employee duties, education, training, document controls)
w/Emergency Responses (Bomb Threats, Civil Disturbance, Temporary Project Closure, etc...),
• Procedures for Site Access Control and Security equipment maintenance and testing (NERC.CIP
6, R6).
• Emergency notification, communication and redundancies (EAP coordination).
• DHS Threat Level Contingency Planning.
Mark overall security plan as: 1. Requires attention (provide plan and schedule); 2. Limited acceptability
(requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification (plan and
schedule available); 4. Acceptable.

Cyber/SCADA Security:
1. Systems not protected from Internet intrusion.
2. System is stand alone or has firewall protection from Internet intrusion.
3. Firewalls and internal systems in place and updated w/patches.
4. NERC/CIP standards in place.
Mark as: 1, 2, 3, or 4.

(CPME) = Critical Performance Monitoring Equipment

For the project as a whole, choose a value best representing the protection of CPME between
values of 11 (poorly protected) to 44 (excellent protection).

(CDP&R) = Critical Drawings, Plans & Records

For the project as a whole, choose a value best representing the protection of CDP&R between
values of 11 (poorly protected) to 44 (excellent protection).

OVERALL SCORE:
At the end of the analysis, you will see a ranking score for each asset of concern ranging from11 (poorly
protected) to 44 (excellent protection). In general, a score of 44 indicates that security coverage of that
asset is fully acceptable, whereas a score of 11 indicates that attention to that asset may be required. A
discussion of these findings should be included in the Security Assessment narrative.

The average of all the individual asset security-protection scores is also presented to provide an indication
of the overall security findings at the site.

Privileged - Security-Sensitive Material

ATTACHMENT 2: FERC Hydro Security Inspection Form (Version 3 – 5/08/09)

Note: This version of the Inspection Form was filled out by the       Utility. Another version of
this form has been completed by FERC staff and may differ in content.

Privileged - Security-Sensitive Material

 Project No.: Project Name: Dam:
.
Owner: Security Group:
Date: .

Inspector: Accompanied by:

.
Field Observations: (Provide Comments
detailed supplemental Y N N (Provide additional details – especially any “No”
information to the right) A answers – here and separate sheets, if necessary.
Indicate NA if not appropriate to site.)
DETECTION AND
ASSESSMENT Days/week Hours/day .
1. Is the site manned?
Dam?

Powerhouse? Days/week Hours/day .

2. Are there surveillance

Dam?
cameras in use?
Powerhouse?

Other?

How are they

viewed/checked?

3. Is the frequency of walking Note the frequency of these inspections:

inspections
appropriate (safety and/or
security)?

Personnel control/ID
badges used?

DELAY
4. Is the dam site fenced with
gates/doors
locked (if appropriate to the
site)?

5. Is access restriction to the

Foot?
dam/facilities appropriate
and in-place?

Vehicle?

Boat?

Privileged - Security-Sensitive Material

 FERC HYDRO SECURITY INSPECTION FORM (version 3 – 5/08/09)
6. Are spillway/gate controls
secured
against unauthorized access?
7. Are powerhouse doors/
windows locked?

Alarms/motion Specify details:

detection/cameras?
Can systems be easily
bypassed?

8. Water conveyance Access

restricted?
system:
Surveilla
nce?

9. Is critical performance
monitoring
equipment secured against
tampering?
Field Observations Y N NA Comments
RESPONSE
10. Are law enforcement phone
numbers
posted?
11. Are there redundant
communications?
12. How long it takes the How is detection made?
operator if detected to respond
to unauthorized access?
What is that
response?

13. Can law enforcement be Identify enforcement agenc(ies): & capabilities:

quickly
notified?
Estimated time
for arrival?
INTEGRATION & RISK
MANGMT.
14. Describe assessment of
threats, vulnerable features and
potential impacts. Include
switchyards & transmission lines, Last time consultation with law enforcement was made to determine threat:
etc. Also consider elements of
operations that could be subject
to cyber attack.
15. Steps taken to improve
Past year:
security:
Long term plans:

16a. Is there a Security Plan If “Yes” is it acceptable?

(Group 1 or 2 required by Is there a Response/Recovery Plan component?

Privileged - Security-Sensitive Material

9/30/03)
Are there different site- Summarize levels/activities:
specific
response levels covered in
the
Security Plan for varying
threat?
Are the measures on the If “no” explain:
day of
inspection consistent with
the
current threat level?
16b. Has Security plan been revised since
last field change? When it was last exercised & what type?
17. Is there a Vulnerability If “Yes” is it compliant?
Assessment?
(Group 1 VA required by
9/30/03)
18. Is there a Security If “Yes” is it compliant?
Assessment?
(Group 1 or 2 SA required by
9/30/03)
19. Are all actions an plans fully
integrated? (Group 1 or 2
required
immediately)
20. Do any security measures
conflict
with any license
requirements?

21. Is there HAZMAT/fuel storage Describe:

on-site?
If so, is access
secured?
22. Computer security has been Is SCADA used on-site? If required, are NERC-CIPS being met? .
addressed If so, to what level/type controls are used to limit access?
and is being coordinated with
authorities
23. Are critical
drawings/plans/records
secured from unauthorized
access?
24. We have no comments about If no comments, check “No”; if comments needed, check “Yes”.
the
Security Measures observed:
If comments needed, List potential remediation discussed:
follow-up
actions will be made and
tracked
Project Security Summary Information –Form 2
Security Information Comments
(Provide detailed information on separate sheet, if necessary)
A. Number of security/surveillance incidents Description (indicate if it was it reported to FERC)
in past year.

Privileged - Security-Sensitive Material

 FERC HYDRO SECURITY INSPECTION FORM (version 3 – 5/08/09)

B. Owner expressed specific security

concerns or questions.

C. Number (description) of data requests or

site visits by DHS PSA or other
assessment groups

D. Changes made to None made: Indicate “None” by checking here: .

security since Do previous studies show prior posture was adequate?(y/n) .
last inspection

Following changes were made If so, describe changes:

to physical site security:

Following changes made to If so, describe changes:

procedural operations (incl.
threat level increase additions,
employee actions, etc.):

Following changes/additions If so, describe changes:

made to cyber/SCADA
operations:

Overall Risk to security (Cite critical pre-modification ASR value(s) and show if
reduced due to above modifications decreased the ASR Risk value.)
modifications because of:

Privileged - Security-Sensitive Material