Threats against power utilities in the United States have never been as real or diverse as they are today. Combating rising theft, vandalism and cyber assaults in today's economy is a challenge for power providers throughout the country. Utilities must also defend against the looming threat of terrorism, which holds catastrophic potential for damage.

Multi-billion dollar economic losses are no longer the hypothetical scenario of a successful attack, but are expected even for short-term regional outages. Industry experts concede that the economic impacts in a worst-case scenario are incalculable.

Regulators have, in recent years, developed a number of security mandates which apply to power providers, transmission operators, reliability coordinators and other service providers. Planning security program improvements while faced with looming regulatory compliance deadlines requires a comprehensive set of security strategies. This article highlights strategies the nation's top utilities have used to achieve their goals.

Strategy 1: Start a Cultural Evolution

Most utility infrastructures are many decades old and their facilities were not built with security in mind. Throughout the 20th century, attacks against power facilities and infrastructures were relatively minor and infrequent. Overall, security risks during this time were appropriately categorized as low. The culture of security for power utilities from their beginnings centered around the notion that even with easy access to their facilities and control systems, it would be too difficult or dangerous for someone to attack their facilities.

When incidents did occur, they were usually linked to vandalism or other petty crimes of low consequence. These facts validated the cultural mindset that security concerns were not a priority. Increasing threats from wire thieves, cyber adversaries and others has changed the perception of security and underscored the need to change every utility's security culture.

Power control systems have evolved from a maze of rudimentary logic devices that required physical access and special operational knowledge. Modern SCADA systems are now computerized and easy-to-use systems that can be operated from anywhere in the world with an Internet connection and readily available software. Smart grid initiatives bring with them a whole new subset of risk. Fortunately, the industry as a whole appropriately recognizes many of these emerging threats and new best practices are addressing these issues.