Dive Brief:
- Almost 15 years after a security report unearthed glaring lapses at a Los Angeles Department of Water and Power transmission center and at other sites, fixes still have not been made according to a fresh analysis released last month by Navigant Consulting, the Los Angeles Daily News reports.
- The report found perimeter control and early warning systems, including inexpensive fixes which could be done with current LADWP staff, have not been implemented. While the water supply side of the nation's largest municipal utility takes a "proactive" security stance, Navigant said the electric utility portion "ignored most of the recommendations" in the a 2001 security assessment.
- LADWP issued a statement noting the security problems exist at just three of its hundreds of transmission facilities, and said it is"continuously assessing and implementing new measures to protect our assets."
Dive Insight:
Navigant's assessment of LADWP security was originally released in a redacted form, but the Los Angeles Daily News obtained an unredacted version of the specific recommendations, forcing utility officials to respond publicly.
Some 15 years ago, a security assessment identified critical infrastructure that was improperly secured or monitored, with nearby vegetation growing unabated, possibly providing cover for would-be intruders.
Those aren't likely expensive or difficult gaps to cover, but the Daily News was more serious findings in the report as well:
Navigant onsite staff did not observe any cameras in working order or intrusion detection on the perimeter fencing or access points. ... While significant security improvements have been made since 2001, Navigant found that site personnel are concerned for their safety as they have had security breaches in the past, including confrontation with unauthorized individuals.
The lapses in security underscore experts' criticisms on how the U.S. utility sector is handling security shortcomings, the Daily News noted, with the San Bernardino attacks propelling the topic to the forefront.
The utility responded that "significant steps have been taken to harden and protect both water and power facilities," including physical improvements, staffing and patrols, strengthening of security procedures, access control systems and remote monitoring.
"Our approach toward the physical security of our facilities is consistent with other utilities and complies with the standards established by the North American Electric Reliability Council," LADWP said in a statement. "We take the security of our infrastructure very seriously and are continuously assessing and implementing new measures to protect our assets."
The utility also said it is conducting a federally prescribed security review to comply with critical infrastructure protection standards, mandated by NERC, and said that it would use that process to "once again review the specific recommendations in the IEA report that have not already been acted on to determine what additional security measures if any are needed and we will make them."
The Daily News reports the blame is largely landing on utility management, with decentralized utility governance playing a role in security lapses.
“It raises deep concerns about the power system’s management culture,” Tony Wilkinson, chair of the DWP Neighborhood Council oversight committee, told the newspaper. “They’re smart engineers, but they’re not as efficient project managers as the water guys.”
City Councilman Felipe Fuentes told the newspaper he favors giving more oversight power to the Board of Water and Power Commissioners. “We’re never going to be secure and safe if you don’t have someone watching over the utility in a more systematic way,” he said.
