Critical LADWP power infrastructure found at risk
The Los Angeles Department of Water and Power, the nation’s largest municipal electricity utility, neglected to make fundamental security fixes at its critical power facilities, according to City Hall consultants who recently followed up on 9/11-era recommendations.
Nearly 15 years later, they found basic recommendations ignored and that the problems remained, an assessment obtained by this news organization revealed.
A critical transmission center had no working security cameras or alarms on its doors. Delivery trucks could enter without inspection or documentation at another major power hub. Weeds, brush and trees were so overgrown at one generating station that saboteurs could hide without detection.
With transmission facilities spanning five states and 3,507 miles, the DWP supplies electricity to more than 1.4 million customers.
If sophisticated intruders breached a major power hub, they could cripple the local economy and daily life by cutting off power to transportation systems, home refrigerators, military installations and other key facilities.
The agency’s lapses highlight how the nation’s utility industry has been slow to improve security, experts say — a topic that gained renewed attention after the recent San Bernardino terror attack.
City officials, consultants and DWP observers blame the agency’s decentralized governance and management for the failure to address the security gaps. Until those systemic issues are fixed, they say, vulnerabilities will persist.
“Security should be our primary focus,” said Councilman Felipe Fuentes, who chairs the Energy and Environment Committee, “but all of this underscores our need to fortify the governance structure of the utility.”
GAPS CAUSE CONCERN
Every five years, City Hall hires outside consultants to analyze the sprawling DWP, with its roughly 9,000 employees. They make recommendations on topics from security to customer service. Los Angeles-based Navigant Consulting conducted the 2015 “Industrial, Economic and Administrative Survey,” which was publicly released by Controller Ron Galperin in December.
Officials redacted the section that describes the specific security shortcomings, but this news organization obtained an unredacted copy.
“Navigant onsite staff did not observe any cameras in working order or intrusion detection on the perimeter fencing or access points,” the authors wrote about a transmission facility that manages power for millions of homes. “While significant security improvements have been made since 2001, Navigant found that site personnel are concerned for their safety as they have had security breaches in the past, including confrontation with unauthorized individuals.”
The 2001 “Security and Terrorism Threat Assessment” found no intrusion alarms on any exterior building doors at the facility, according to Navigant.
Federal regulators require major transmission facilities to have “physical access control systems” with electronic doors that alert operators when breached, according to Kevin Carey, a physical security specialist at Grid Subject Matter Experts, which advises major utilities. Surveillance cameras, while not required by law, are considered a best practice in the industry, he said.
“The government is concerned about the absolute protection of these assets,” Carey said. “The risk could be a power outage, though it would have to be someone with really technical capabilities to make any changes to that system.”