You are on page 1of 13


(Delete all text highlighted in yellow. Type entries in gray areas and add additional details outside gray
boxes as needed.)

DAM:       PROJECT:      

UTILITY:       REPORT DATE:       VERSION:      


The       Dam (FERC Project No.      ) has been classified by the Federal Energy Regulatory
Commission (FERC) as a “Group 2” dam. The dam is located on the       River, approximately
      miles upstream from the city of      ,       state. The Project produces       megawatts of
electricity, serving more than       million people. Other benefits of the facility include:      .

Description of dam type(s):      . (i.e. thin arch, slab and buttress, embankment, masonry gravity,
concrete gravity, massive concrete gravity, thick arch)

The Security Assessment (SA) for this dam was prepared by the       Utility in accordance with the
Division of Dam Safety and Inspections, FERC Security Program for Hydropower Projects – Revision
2 (June 3, 2009).


The SA was completed using the FERC Hydro Security Inspection Form (version 3 – May 8, 2009), a
critical asset spreadsheet (attached) and careful examination of the following:

 Asset evaluation
 Geographic, demographic, and political environment
 Visibility, notability, and accessibility
 Existing security systems and measures

The SA was conducted of the dam’s structure, assets, appurtenant structures, and SCADA systems.
The SA includes review of detection, assessment, delay, response, integration, risk management, and
protective measures. The list of assets considered to be of importance to the       Dam is shown on
the critical asset spreadsheet (attached).

The following personnel participated in conducting the assessment:

 Plant Managers
 Plant System Operators
 Plant Maintenance

Privileged - Security Sensitive Material


 Project Safety Engineers

 Security Division


The Dam is visible and accessible from State Route       on the       County side of the      
River, and from State Route       on the       County side. It is visible and accessible from both
upstream and downstream sides of the       River. (Alter visibility/accessibility as necessary.)

A “Visitor Center”, located on site and shown on the accompanying drawing, hosts approximately
      visitors per year.

(Add other dam/project facts as necessary.)

The       Utility Security Division manages a program of systems and measures that ensure
protection of the Dam and Project. The Physical layout of site security features for the Dam is
contained on drawings incorporated in the       Security Plan, which also includes potential routes of
intrusion. These systems and measures include (alter as needed):

 Guard posts (with barriers and “Tiger Teeth”) -- located at each access point
 Placement of fencing, barricades, and signage
 Placement of signage and buoy lines -- upstream and downstream of dam
 Credentials/electronic access badges for employees and approved contractors
 Screening process for contractors, vendors, and visitors
 Electronic barrier arms/doors
 Padlock and key control
 Security cameras with 24-hour, live monitoring
 Intrusion alarms with 24-hour monitoring
 Contracted security guard services
 Training & exercises
 Security policies and procedures
 Suspicious Activity Incident Reporting

There is no history of attempted sabotage at this Project. There is no history of unauthorized

intrusions. On rare occasions, there have been individuals who have attempted to trespass -- but they
were immediately observed and intercepted. In each of these cases, there was no malice or criminal
intent. There is no intelligence to suggest the       Hydro Project has been targeted for any type of
attack. (Alter above as necessary. Discuss if trespass or theft has occurred; if so, does this point to
any weaknesses in site security?)

The       Utility has developed strong partnerships with local Law Enforcement Agencies (LEA),
Fire, and EMS agencies. These agencies support the       Utility through collaborative training &

Privileged - Security-Sensitive Material


exercises, observation patrols, response to incidents, and proactive meetings. Coordination meetings
with LEA generally occur at the following intervals:      .

Procedures are in place to alter site security as threat conditions change as is shown in the Security
Plan for the       Dam.


4.a Results from Hydro Security Inspection Form:

A review of the Hydro Security Inspection Form indicates that      . (Describe general observations
from the form.)

4.a Results from Project “Asset List” Assessment Spreadsheet:

For each asset evaluated, a subjective ranking of each security element used to protect that asset
was assigned as: 1 (Requires attention); 2 (Limited acceptability); 3 (Acceptable-under modification);
4 (Acceptable). Three general routes of intrusion were considered in the assessment (foot, land
vehicle, and boat). A review of the Assessment Spreadsheet indicates that      . (Describe general
observations.) From this assessment, some assets have been shown to be in need of further
consideration. It should be noted that a full risk analysis has not been completed for this project, and
the level of protection necessary for identified assets may more accurately be dependent upon
resultant consequences and overall risk. The assets identified as not fully acceptable are indicated
below (applicable intrusion routes are marked with an “X”):

      :       (foot)       (veh.)       (boat)

      :       (foot)       (veh.)       (boat)
      :       (foot)       (veh.)       (boat)
      :       (foot)       (veh.)       (boat)

Based on values assigned, each asset will receive a score of 11 (poor) to 44 (excellent). Asset
security coverage values ranged from       to      , with an average foot entrance project score of
     , an average (land) vehicle entrance project score of      , and an average boat entrance
project score of      .


From this Security Assessment, the following recommendations for site security are proposed. An
indication of the priority assigned to each recommendation (Low, Medium, or High) and a plan and
schedule to complete each recommendation is also provided.

1. (List recommendation, mode of intrusion, priority, P&S.)

2. (List recommendation, mode of intrusion, priority, P&S.)

Privileged - Security-Sensitive Material


3. (List recommendation, mode of intrusion, priority, P&S.)


The       Utility’s existing Security Program is sufficiently effective in reacting to potential
adversaries – particularly, generic intruders who could attempt to gain access to the identified assets
at the       Hydro Project. The       Utility will continue to monitor, assess, and respond to its
security needs as they change or evolve. (Revise Conclusions as necessary.)

1) Assessment Definitions for “Asset List” Spreadsheet.
2) FERC Hydro Security Inspection Form (Version 3 – 5/08/09). Date of completion:      .
3)       Hydro Project “Asset List” Assessment Spreadsheet. Date of completion:      .

Privileged - Security-Sensitive Material

Drawing of Security Features Layout and Potential Routes of Intrusion (or reference to location of

Privileged - Security Sensitive Material

ATTACHMENT 1: Assessment Definitions for “Asset List” Spreadsheet FERC Group II
Assessment Form (Definitions)

This is a list of the data-entry values used in the Group 2 Security Assessment Template
spreadsheet. Definitions are also shown within the form itself by placing the computer
cursor over the small red “note triangles.” The values assigned should consider the overall
response to each question as it pertains to the site being assessed.


External Access (foot, vehicle, boat):
Visual access and asset protections based on structure/equipment, resiliency and facility security:
1. High visibility/highly accessible.
2. High visibility/good access control (barrier/electronic/human).
3. Low visibility/good access control (barrier/electronic/human).
4. Low visibility/inaccessible.
Mark as: 1, 2, 3, or 4.

Physical Security, site specific (foot, vehicle, boat):

 Key & lock protection on doors windows.
 Perimeter protection (gates/fencing).
 Photo ID/badge program.
 Electronic access control, CCTV monitoring.
 Guard patrol, days/week_____/______, hrs/days_____/_____.
Mark overall physical security as: 1. Requires attention (provide plan and schedule); 2. Limited
acceptability (requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification
(plan and schedule available); 4. Acceptable.

Detection and Assessment (foot, vehicle, boat):

Based on physical location, structure/equipment resiliency and protections currently in-place:
 Site manned...days/week_____/_____hours/days_____/______.
 Surveillance cameras in use/monitored by employees, guards.
 Personnel controlled/ID, badges required.
 Walking inspections/patrols - employees/guards.
 Frequency of patrols/walking tours_______________________.
Mark overall detection as: 1. Requires attention (provide plan and schedule); 2. Limited acceptability
(requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification (plan and
schedule available); 4. Acceptable.

Delay (foot, vehicle, boat):

 Dam/assets fenced with gates/doors access controlled.
 Access restrictions in-place (foot/vehicle/boat) and appropriate.
 Spillway, spillway gate controls secured from unauthorized access.
 Powerhouse-accessed controlled/alarmed/CCTV/motion detection.
 Physical protection equipment secured against tampering.

Privileged - Security-Sensitive Material

Mark overall delay as: 1. Requires attention (provide plan and schedule); 2. Limited acceptability
(requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification (plan and
schedule available); 4. Acceptable.

 Law enforcement numbers posted.
 Law enforcement notified quickly.
 Are there redundant communications.
 Quick detection and response on unauthorized access attempts.
 Law enforcement responders available: Local______State_______Fed_______
Mark overall response actions as: 1. Requires attention (provide plan and schedule); 2. Limited
acceptability (requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification
(plan and schedule available); 4. Acceptable.

Response time for law enforcement, site specific:

 Remote area, no law enforcement patrol, no intrusion alert.
 Remote area, warning signage, law enforcement numbers posted
 Intrusion alert with 30 minute plus law enforcement response.
 Intrusion alert with under 15 minute law enforcement response.
 Guard service/law enforcement on duty at location.
Mark overall response time as: 1. Requires attention (provide plan and schedule); 2. Limited acceptability
(requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification (plan and
schedule available); 4. Acceptable.


Assessment External:
Relative measure of threats/actions based on Utility experience and law enforcement
1. Current active threats/vandalism/theft/trespass.
2. Current oral threats/vandalism/theft/trespass.
3. Past active threats/vandalism/theft/trespass.
4. No known threats or past activity.
Mark overall external assessment as either: 1, 2, 3, or 4.

Assessment Internal:
Relative measure of threats/actions based on Utility experience and law enforcement
1. Current active threats.
2. Current oral threats.
3. Past active threats.
4. No known threats.
Mark overall internal assessment as either: 1, 2, 3, or 4.

Security Assessment Includes:

 Introduction/Scope/Methodology.

Privileged - Security-Sensitive Material

 List of critical physical dam assets, structures, appurtenant structures.
 Inherent accessibility and visibility of each identified asset.
 Security system procedures/responses to potential adversaries.
 Security improvement recommendations with plans and schedules.
Mark overall security assessment as: 1. Requires attention (provide plan and schedule); 2. Limited
acceptability (requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification
(plan and schedule available); 4. Acceptable.

Security Plan Includes:

 Documentation of restricted areas, physical dam related assets, physical security protections,
descriptions, layout and inventory.
 Security Operational Procedures (employee duties, education, training, document controls)
w/Emergency Responses (Bomb Threats, Civil Disturbance, Temporary Project Closure, etc...),
 Procedures for Site Access Control and Security equipment maintenance and testing (NERC.CIP
6, R6).
 Emergency notification, communication and redundancies (EAP coordination).
 DHS Threat Level Contingency Planning.
Mark overall security plan as: 1. Requires attention (provide plan and schedule); 2. Limited acceptability
(requires additions, upgrades-provide plan and schedule); 3. Acceptable-under modification (plan and
schedule available); 4. Acceptable.

Cyber/SCADA Security:
1. Systems not protected from Internet intrusion.
2. System is stand alone or has firewall protection from Internet intrusion.
3. Firewalls and internal systems in place and updated w/patches.
4. NERC/CIP standards in place.
Mark as: 1, 2, 3, or 4.

(CPME) = Critical Performance Monitoring Equipment

For the project as a whole, choose a value best representing the protection of CPME between
values of 11 (poorly protected) to 44 (excellent protection).

(CDP&R) = Critical Drawings, Plans & Records

For the project as a whole, choose a value best representing the protection of CDP&R between
values of 11 (poorly protected) to 44 (excellent protection).

At the end of the analysis, you will see a ranking score for each asset of concern ranging from11 (poorly
protected) to 44 (excellent protection). In general, a score of 44 indicates that security coverage of that
asset is fully acceptable, whereas a score of 11 indicates that attention to that asset may be required. A
discussion of these findings should be included in the Security Assessment narrative.

Privileged - Security-Sensitive Material

The average of all the individual asset security-protection scores is also presented to provide an indication
of the overall security findings at the site.ATTACHMENT 2: FERC Hydro Security Inspection
Form (Version 3 – 5/08/09)

Privileged - Security-Sensitive Material

Note: This version of the Inspection Form was filled out by the       Utility. Another
version of this form has been completed by FERC staff and may differ in content.
Project No.: Project Name: Dam: .
Owner: Security Group: Date: .

Inspector: Accompanied by: .

Field Observations: (Provide detailed Comments
supplemental information to the right) Y N NA (Provide additional details – especially any “No” answers – here and
separate sheets, if necessary. Indicate NA if not appropriate to site.)
1. Is the site manned? Dam? Days/week Hours/day .

Powerhouse? Days/week Hours/day .

2. Are there surveillance Dam?

cameras in use?


How are they viewed/checked?

3. Is the frequency of walking inspections Note the frequency of these inspections:

appropriate (safety and/or security)?

Personnel control/ID badges used?

4. Is the dam site fenced with gates/doors
locked (if appropriate to the site)?

5. Is access restriction to the Foot?

dam/facilities appropriate
and in-place?


6. Are spillway/gate controls secured

against unauthorized access?
7. Are powerhouse doors/
windows locked?

Alarms/motion detection/cameras? Specify details:

Can systems be easily bypassed?

8. Water conveyance Access restricted?


9. Is critical performance monitoring

Privileged - Security-Sensitive Material

equipment secured against tampering?
Field Observations Y N NA Comments
10. Are law enforcement phone numbers
11. Are there redundant communications?
12. How long it takes the operator if How is detection made?
detected to respond to unauthorized
What is that response?

13. Can law enforcement be quickly Identify enforcement agenc(ies): & capabilities:
Estimated time for arrival?
14. Describe assessment of threats,
vulnerable features and potential impacts.
Include switchyards & transmission lines,
etc. Also consider elements of operations
that could be subject to cyber attack. Last time consultation with law enforcement was made to determine threat:
15. Steps taken to improve Past year:
Long term plans:

16a. Is there a Security Plan If “Yes” is it acceptable?

(Group 1 or 2 required by 9/30/03) Is there a Response/Recovery Plan component?
Are there different site-specific Summarize levels/activities:
response levels covered in the
Security Plan for varying threat?
Are the measures on the day of If “no” explain:
inspection consistent with the
current threat level?
16b. Has Security plan been revised since
last field change? When it was last exercised & what type?
17. Is there a Vulnerability Assessment? If “Yes” is it compliant?
(Group 1 VA required by 9/30/03)
18. Is there a Security Assessment? If “Yes” is it compliant?
(Group 1 or 2 SA required by
19. Are all actions an plans fully
integrated? (Group 1 or 2 required
20. Do any security measures conflict
with any license requirements?

21. Is there HAZMAT/fuel storage on- Describe:

If so, is access secured?
22. Computer security has been addressed Is SCADA used on-site? If required, are NERC-CIPS being met? .
and is being coordinated with authorities If so, to what level/type controls are used to limit access?
23. Are critical drawings/plans/records
secured from unauthorized access?
24. We have no comments about the If no comments, check “No”; if comments needed, check “Yes”.
Security Measures observed:
If comments needed, follow-up List potential remediation discussed:

Privileged - Security-Sensitive Material

actions will be made and tracked
Project Security Summary Information –Form 2
Security Information Comments
(Provide detailed information on separate sheet, if necessary)
A. Number of security/surveillance incidents Description (indicate if it was it reported to FERC)
in past year.

B. Owner expressed specific security

concerns or questions.

C. Number (description) of data requests or

site visits by DHS PSA or other
assessment groups

D. Changes made to None made: Indicate “None” by checking here: .

security since Do previous studies show prior posture was adequate?(y/n) .
last inspection

Following changes were made If so, describe changes:

to physical site security:

Following changes made to If so, describe changes:

procedural operations (incl.
threat level increase additions,
employee actions, etc.):

Following changes/additions If so, describe changes:

made to cyber/SCADA

Overall Risk to security (Cite critical pre-modification ASR value(s) and show if
reduced due to above modifications decreased the ASR Risk value.)
modifications because of:

Privileged - Security-Sensitive Material


Privileged - Security-Sensitive Material

You might also like