Utility Security Podcast

In the utility sector, the most formidable adversaries aren't always external threats. Often, the biggest hurdles are internal: complacency, misconceptions, and parochialism. In this episode, we dive into the critical need to challenge the "if it ain't broke, don't fix it" mindset. Discover why this internal resistance can be more dangerous than any external threat actor and learn practical strategies to dismantle these obstacles, foster a holistic security culture, and build a truly resilient and sustainable protection stance for our critical infrastructure.

Read the article written by Jim Willis - https://utilitysecurity.com/blog/rocking-the-boat-why-challenging-the-status-quo-is-essential-for-protection/

Key Takeaways

• Internal Obstacles are Formidable: The greatest challenges to enhancing utility security are often internal biases and resistance to change, specifically complacency ("it hasn't happened yet"), misconceptions about security, and parochialism (departmental silos).

• Complacency is the "Silent Assassin": A false sense of security, often built on a long period without a critical incident, leads to relaxed protocols and slashed budgets, leaving the organization vulnerable.

• Compliance Does Not Equal Security: Simply meeting minimum regulatory standards (like NERC-CIP) is not a comprehensive security strategy. A robust posture must be proactive, holistic, and continually evolving.

• Security is a Shared Responsibility: Effective security is not just an IT problem, a silver bullet technology, or the sole responsibility of law enforcement. It requires a collaborative, "all-hands-on-deck" approach that breaks down departmental silos and involves every employee.

• Challenging the Status Quo is Essential: To stay ahead of evolving threats, security professionals must be willing to "rock the boat" and push for change, even if it's unpopular. This involves fostering cross-departmental collaboration, promoting an "all in the same boat" attitude, and leveraging industry partnerships.

3 Questions & Answers

1. Q: The article mentions "complacency" as vigilance's silent assassin. Why is this specific mindset so dangerous in the utility industry? A: Complacency is dangerous because security threats are often intangible and can be easily overlooked. A utility might go decades without a major incident, which creates a false sense of security. This "it hasn't happened yet" attitude leads to security budgets being cut, protocols becoming optional, and a static security posture that is completely unprepared for the modern, evolving threat landscape.

2. Q: What is one of the biggest misconceptions about security that the article debunks? A: A primary misconception is that compliance equals security. Many utilities believe that by meeting the minimum regulatory requirements, like NERC-CIP standards, they are secure. The article argues that this is just "ticking off boxes." A truly robust security stance is proactive, inclusive, and protects against emerging threats on all fronts, going far beyond any minimum compliance standard.

3. Q: The article talks about "parochialism," or departmental silos. How can an organization overcome this "it's not my problem" mindset? A: To overcome parochialism, security must be redefined as a corporate-wide effort. The article suggests fostering cross-departmental collaboration through joint security task groups (with members from IT, OT, physical security, HR, etc.), promoting an "all in the same boat" attitude through comprehensive training so every employee understands their role, and leveraging industry partnerships like ISACs to build a strong collective defense.

#UtilitySecurity #CriticalInfrastructure #CyberSecurity #SecurityCulture #RiskManagement

Utility Security Podcast - Deep Dive - Substation Intrusion - Are You Ready To Respond?

Written by Ross Johnson on August 26, 2025. Posted in Infrastructure Security.

A critical security breach at a power substation on Christmas morning. It’s a nightmare scenario, but one that utilities must be prepared for. In this episode of the Utility Security Podcast, we explore the vital, yet often overlooked, steps required to forge an unbreakable link between utility security and local law enforcement. Discover why a simple 911 call is a "massive failure in preparation" and how to proactively equip police with the context and logistical details they need for a rapid and effective response.

Dive deep into the strategies that can drastically reduce police response times, as highlighted in a real-world case study from the Pacific Northwest where coordination slashed response from 12 to just 5 minutes. Learn about the importance of sharing threat intelligence, prioritizing critical sites, and using innovative tech like What3words for pinpoint location accuracy. For a more in-depth look at this topic, check out our companion article: Substation Intrusion: Are You Ready to Respond?

Key Takeaways

• Proactive communication is key: Don't wait for an emergency to establish a relationship with local law enforcement. Regularly share intelligence, detail the potential community impact of an outage, and jointly develop response plans.
  
  
• Response time dictates physical security: The time it takes for police to arrive directly informs the level of physical hardening required for a substation. A longer response time necessitates stronger fences, gates, and locks.
  
  
• Scripting 911 calls is crucial: Vague language can lead to a low-priority dispatch. Use pre-agreed, scripted phrases that clearly communicate the severity of the situation to ensure an immediate, high-priority response.
  
  
• Technology can save precious minutes: Tools like What3words for precise location mapping and secure, real-time video feeds can provide law enforcement with invaluable situational awareness during an incident.
• Joint training is non-negotiable: Conduct regular walkthroughs and scenario-based drills with police to test communication protocols and identify weaknesses in the response plan before a real incident occurs.

Questions and Answers

Q1: Why is simply calling 911 during a substation intrusion considered a "massive failure in preparation"?

A1: It's considered a failure because, without prior coordination, the 911 dispatcher and responding officers will lack the critical context to understand the severity of the event. They may treat the call as a simple trespassing or property damage incident, leading to a delayed, low-priority response. This lack of preparation means the police won't have the necessary logistical information, such as access codes, key locations, or an understanding of the immense public safety risk, which could result in catastrophic damage before they can effectively intervene.

Q2: What is the "de-energization dilemma" and how can utilities solve it?

A2: The "de-energization dilemma" refers to the fact that police officers are not trained to and will not enter a high-voltage substation while it is energized due to the extreme danger. To solve this, utilities must establish a clear, rapid, and rock-solid internal procedure for de-energizing the site, or a specific part of it, to allow for safe entry. This includes designating who has the authority to make that call 24/7 and ensuring they can be contacted instantly. This entire process should be practiced in joint drills with law enforcement.

Q3: How does police response time directly influence a substation's physical security engineering?

A3: The estimated police response time is a foundational metric for designing a substation's physical security. The security measures—fences, gates, locks, and other barriers—must be engineered to resist intruders for a duration that is

at least as long as the police response time. For example, if the police have a guaranteed 12-minute response time, the facility's physical barriers must be rated to delay an intruder for a minimum of 12 minutes. If the delay rating is less than the response time, you have engineered a "window for failure".

Editor Curtis Marquardt has a conversation with Martin Vojtek from Hexagon to discuss their work with EG. D, a Czech Republic Electric Utility that serves nearly three million customers, to secure substations using Lidar technology. Vojtek shares what expectations EG.D had for the technology and how they utilized the solution to not only achieve security goals, but safety and maintenance goals as well.

Tune in to stay updated and informed about securing our nation's utilities!

Subscribe to Utility Security Magazine at no cost! - https://utilitysecurity.com/subscribe-now/

#UtilitySecurity #DisasterResponse #CriticalInfrastructure #UtilityResilience #Lidar

In this episode of the Utility Security Podcast, host Curtis Marquardt, Jr. sits down with Ross Falisi of VRP Group—a seasoned expert in utility and disaster security. As hurricane, flood, and wildfire seasons ramp up, utilities must prepare to protect both their people and their reputation in the face of increasing threats—from natural disasters to civil unrest and targeted attacks.

Ross shares actionable strategies drawn from real-world experience, including how to build effective disaster response plans, why flexibility (or “Semper Gumby”) is essential, how to safely manage worker camps, and why hiring the right kind of security firm can make or break your operation. Whether you’re a utility executive, storm boss, or security leader, this episode is packed with frontline-tested insights that can help you prevent chaos, control risk, and come out of a crisis stronger than before.

Key Takeaways:

• Preparation is critical, but flexibility is what sustains effective disaster response.

• Command and control structures are vital—especially in chaotic, resource-limited environments.

• Camps for crews must be secured and alcohol-free to reduce risk of injury, crime, and reputation damage.

• Not all security is created equal: Vet security vendors thoroughly and ensure they specialize in disaster environments.

• Community engagement, cultural awareness, and proper de-escalation training are essential to protect both workers and public relations.

3 Q&As from the Episode:

Q1: Why should utilities prohibit alcohol in worker camps during disaster response?

A: Because 90% of camp incidents—injuries, assaults, and more—can be linked to intoxication. Eliminating alcohol drastically reduces operational risk.

Q2: What’s “Semper Gumby” and why is it important?

A: It’s the mindset of staying flexible. Even with a great plan, conditions change fast. Flexibility helps teams adapt while maintaining control and safety.

Q3: Why are off-duty police officers not always the best security option?

A: While experienced, they’re legally bound to public duties first. In disaster scenarios, this can compromise your assets and operations. Specialized, contracted security teams ensure focus, structure, and accountability.

Tune in to stay updated and informed about securing our nation's utilities!

Subscribe to Utility Security Magazine at no cost! - https://utilitysecurity.com/subscribe-now/

#UtilitySecurity #DisasterResponse #CriticalInfrastructure #UtilityResilience #FieldCrewSafety #StormRecoverySecurity

In this episode of the Utility Security Podcast, host Curtis Marquardt welcomes back Bill Edwards of Phoenix 6 Consulting to discuss the growing threat of drones (UAS) to critical infrastructure. They explore how rapidly evolving drone technology—like first-person view (FPV) control and signal-dark modes—poses unique detection and mitigation challenges. Bill breaks down the latest federal executive orders, outlines proactive, low-cost steps utilities can take now, and emphasizes the importance of risk assessment, training, and layered detection strategies. Whether you’re a utility security professional, emergency planner, or critical infrastructure manager, this episode provides expert insight on preparing for the next wave of air-domain threats. Stay ahead of evolving risks and learn practical ways to safeguard your assets, teams, and communities against this rapidly growing challenge.

Tune in to stay updated and informed about securing our nation's utilities!

Subscribe to Utility Security Magazine at no cost! - https://utilitysecurity.com/subscribe-now/

✅ Key Takeaways

1. Drone technology is evolving rapidly—with new capabilities like FPV control and signal-dark modes making detection harder.

2. Executive Orders signal growing federal support—but mitigation authority remains largely federal, requiring local facilities to prepare now.

3. Proactive planning matters—even without mitigation authority, utilities can do risk assessments, training, and policy development.

4. Layered detection is key—combining RF sensors, radar, optical, and acoustic approaches.

5. Education is foundational—understanding the threat ecosystem is essential for smart, cost-effective security investments.

3 Questions and Answers

Q1: Why is the drone threat to utilities growing so quickly?

A: Drone technology is advancing in weeks, not years. Features like first-person view (FPV), improved payload capacity, and “dark mode” make drones cheaper, easier to control precisely, and harder to detect.

Q2: What can utilities do if mitigation authority is federal-only?

A: They can still act now with low- or no-cost steps: educate leadership, assess vulnerabilities, develop emergency response plans, and integrate air-domain awareness into existing security programs.

Q3: How can utilities improve drone detection?

A: By implementing layered detection strategies using radio frequency sensors, radar for non-emitting drones, high-fidelity optical cameras, and acoustic sensors—ensuring redundancy and coverage.

#UtilitySecurity #DroneThreat #CriticalInfrastructure #AirDomainAwareness #EmergencyPreparedness

In this episode of the Utility Security Podcast, host Curtis Marquardt engages with Dominic Dillon of 3B Protection to delve into the escalating threats facing utility infrastructures, including theft, ballistic attacks, and explosive devices. They discuss how 3B Protection’s innovative solutions, such as advanced barriers and EMP-resistant materials, are evolving to meet these challenges. The conversation also covers the importance of fire-resistant materials and the role of integrated security systems in safeguarding critical utility assets. Listeners will gain insights into the latest technologies and strategies for enhancing the resilience of utility infrastructures.

Read the article: https://utilitysecurity.com/blog/theft-ballistic-threats-explosives-oh-my/

Key Takeaways:

1. Evolving Threat Landscape: Utility infrastructures are increasingly targeted by sophisticated threats, necessitating advanced protective measures.

2. Advanced Barrier Solutions: 3B Protection offers barriers designed to withstand ballistic impacts, forced entries, and explosive forces, enhancing physical security.

3. EMP and HEMP Protection: Incorporating copper-based compounds into building materials can shield facilities from electromagnetic pulses and high electromagnetic fields.

4. Fire Resistance Standards: Adhering to ASTM E119 standards ensures that materials can withstand extreme temperatures and direct water exposure, crucial for fire-prone areas.

5. Integrated Security Systems: Collaborations, like that between 3B Protection and Convergint, aim to provide comprehensive and cost-effective security solutions for utilities.

5 Questions & Answers:

1. Q: What types of threats are modern utility infrastructures facing?

   A: Utilities are confronting a range of threats, including theft, ballistic attacks, forced entries, and the use of explosives, all of which require robust and adaptive security measures.

2. Q: How does 3B Protection’s technology address these threats?

   A: 3B Protection develops specialized barriers and materials that provide resistance against ballistic impacts, forced entries, and explosive forces, enhancing the physical security of utility sites.

3. Q: Why is EMP protection important for utilities?

   A: Electromagnetic pulses can disrupt or damage electronic systems. Incorporating EMP-resistant materials helps ensure the continued operation of critical infrastructure during such events.

4. Q: What is the significance of the ASTM E119 fire resistance standard?

   A: ASTM E119 sets the benchmark for fire resistance, ensuring that materials can endure high temperatures and direct water exposure, which is vital for preventing fire-related damages in utility infrastructures.

5. Q: How do integrated security solutions benefit utility companies?

   A: Integrated solutions, like those from 3B Protection and Convergint, offer comprehensive security by combining various protective measures, leading to enhanced safety and potential cost savings for utility companies.

Tune in to stay updated and informed about securing our nation's utilities!

Subscribe to Utility Security Magazine at no cost! - https://utilitysecurity.com/subscribe-now/

#UtilitySecurity #InfrastructureProtection #EMPProtection #FireResistance #CriticalInfrastructure #UtilitySecurity

Live from ISC West 2025: Keeping critical infrastructure uninterrupted: ALCEA’s Vision for Secure Infrastructure

Utility Security magazine caught up with Jerry Burhans, Managing Director at ALCEA, live from the show floor at ISC West 2025. In this insightful episode, Jerry and editor Curtis Housh discuss the evolving landscape of utility security technology. From how ALCEA is addressing compliance challenges and contractor access management to engineering hardware for extreme weather and responding to the latest tariff news—this conversation highlights what it takes to protect critical infrastructure in a rapidly changing world. Plus, Jerry shares what excites him most about the future of utility security.

View the white paper: https://www.alceaglobal.com/en/markets/security-solutions-for-us-market/nerc-cip-standards-and-physical-security-solutions

✅ Key Takeaways:

• Compliance Evolution: ALCEA is partnering closely with integrators and utilities to design solutions that simplify compliance, especially with NERC CIP regulations.

• Smart Contractor Access: ALCEA’s electromechanical locks, paired with tools like Biosite and CrewSight, offer controlled, credentialed access for contractors.

• Extreme Weather Resilience: ALCEA’s hardware solutions—like those developed with Abloy—are engineered to withstand everything from hurricanes to deep freezes.

• Tariff Impact Response: The company is proactively communicating with customers and adjusting pricing in response to new tariffs, aiming for transparency and value.

• Collaboration Over Competition: ALCEA emphasizes partnerships—even with competitors—to deliver integrated, purpose-built solutions.

• People-First Approach: Jerry sees the biggest change not just in tech, but in customer sophistication—utilities are getting smarter, demanding better-fit, future-ready security solutions.

Subscribe to Utility Security Magazine at no cost! - https://utilitysecurity.com/subscribe-now/

#UtilitySecurity #CriticalInfrastructure #SmartAccessControl #ComplianceSolutions

#ExtremeWeatherReady #ISCWest

In this episode of the Utility Security Podcast, we explore the critical challenges facing substation security and the importance of comprehensive threat assessments. Inspired by Jim Willis’s article, Substation Security Challenges: Conducting Threat Assessments, we break down the three main threat categories—consequential, indirect, and direct threats—and explain why “hope is an expensive commodity” when it comes to protecting essential infrastructure.

From increasing risks of cyberattacks and vandalism to natural disasters and social unrest, our discussion dives into real-world examples, proactive defense strategies, and the four-step process to securing substations. Tune in to learn how utilities can stay ahead of evolving threats and keep the power grid resilient.

Key Takeaways:

✔️ Threat assessments are essential—security isn’t just about fences and cameras.

✔️ Utilities face three main types of threats: consequential (social/political unrest), indirect (natural disasters), and direct (deliberate attacks).

✔️ Understanding attacker motivations—from activists to cybercriminals—helps shape better defenses.

✔️ The four-step threat assessment process identifies vulnerabilities and prepares utilities for the worst.

✔️ Physical security, cybersecurity, and emergency response all play a role in protecting substations.

✔️ Trust and transparency between utilities, employees, and the public are key to a safer grid.

Tune in to stay updated and informed about securing our nation's utilities!

Subscribe to Utility Security Magazine at no cost! - https://utilitysecurity.com/subscribe-now/

#UtilitySecurity #SubstationSecurity #CriticalInfrastructure #CyberThreats #PowerGridProtection #ThreatAssessment