Executive Brief: Power Utilities - Physical Security Regulatory Compliance

Why Medeco Intelligent Key Systems are an Efficient & Effective Solution

How Vulnerable are U.S. Utilities?

Securing the electric power grid is a top priority for critical infrastructure protection in the United States. Historically, access control and surveillance at power grid facilities varied based on facility type and location, primarily focusing on public safety and preventing vandalism or theft. More recently, federal agencies, Congress, and the utility industry have increased focus on the vulnerability of the power grid, particularly the high-voltage transmission system, to terrorist attacks that could cause widespread, extended blackouts.

Until 2013, the emphasis was on cybersecurity. However, a 2013 rifle attack on an electric transmission substation in Metcalf, CA, shifted attention to the physical security of critical power grid assets. Since 2014, security risks to the power grid have become a greater concern in the electric utility industry.

Whether threats originate from terrorists, disgruntled former employees, or pranksters, unauthorized access and tampering at a utility facility can disrupt electrical power supply and utility generation and transmission. Following the Metcalf attack and other incidents, the Federal Energy Regulatory Commission (FERC) mandated physical security standards for substations in 2014. Congress also passed legislation to strengthen power grid physical security and facilitate recovery from attacks.

FERC directed the North American Electric Reliability Corporation (NERC) to propose reliability standards requiring utilities with critical assets to address physical security risks and vulnerabilities.

Achieving and Maintaining Physical Security Regulatory Compliance

Today, NERC's Critical Infrastructure Protection (CIP) Standards mandate that all electric utilities implement a physical security plan and program to monitor and manage physical access, protecting critical infrastructure, cyber assets, and Bulk Electric System (BES) cyber systems. To comply, utilities must define operational or procedural controls to restrict physical access. For authorized individuals requiring access to critical infrastructure or security perimeters, utilities should:

Implement at least one physical access control system; two or more control measures are recommended.
Monitor unauthorized access through all physical access points.
Maintain records (automated or manual) of entry, including time and date, for each individual with authorized, unescorted, or unauthorized access.
Issue an alarm or alert if unauthorized access is gained.
Keep physical access logs capturing the date and time of individual access.

Standard CIP-006 specifically addresses managing physical access to BES Cyber Systems to protect them from compromise. Standard CIP-014 focuses on identifying and protecting Transmission stations, substations, and their associated primary control centers, whose failure could result in widespread instability or cascading failures within an Interconnection.

Role of Locking Systems in Critical Infrastructure

Utilities require robust resiliency strategies to assess, prevent, detect, and recover from security events. This includes perimeter hardening, cybersecurity, communication and equipment redundancy, hardening of System Operations Centers, protecting critical substation assets, and recovery from all events, both manmade and natural.

Secure locks are indispensable tools for addressing complex security scenarios in critical infrastructure. Internally, locking devices on doors, elevators, machines, shutters, cabinets, and switchgears prevent unauthorized access. In critical infrastructure environments, locks must withstand extreme temperatures, dust, toxic substances, fire, and explosions. For outdoor sites, locks must perform reliably in challenging conditions like ice, snow, rain, and resist manipulation, securing gates, fences, doors, switchgears, and key safes.

Critical infrastructure facilities often span large geographic areas with multiple remote locations and require access for numerous personnel, including third-party companies and contractors needing temporary access. Locking systems must accommodate these challenges. A high-security locking system that combines electronic and mechanical security, offering an intelligent combination, is particularly beneficial.

Programmable keys are powered by batteries that energize the lock cylinder upon insertion. Communication between the cylinder and key is encrypted for high security. Programmable cylinders for various applications require no wiring, enabling fast installation and minimal on-site maintenance. When a key is inserted, an audio indication is given, and LED indicators inform the user of access rights. Key management software and programming devices allow administrators to program, amend, or delete keys remotely and instantly. Keys can be assigned short authorization time-windows to minimize risks from lost keys. Security managers can generate timestamped audit trails for any lock or key, tracing access workflows.

In Summary, Utilities are Looking for:

Flexible access and key management for permanent staff, part-time staff, and third-party contractors.
Interior and exterior locking and access points supporting doors, elevators, machines, windows, shutters, cupboards, cabinets, gates, fences, and switchgears.
Global access to management software with minimal IT investment and support.
Multiple administration possibilities with defined roles (e.g., receptionist, security manager) and minimal administration time.
Easy support for NERC CIP audits for physical security.
Simple key and access management tailored to different users and their requirements.
Health and safety compliance, working with existing processes.
Integration possibilities with HR systems, access control systems, and task management software.

Medeco Intelligent Key Systems are a Smart Business Decision

In response to NERC CIP Standards 006 compliance, utility companies have deployed various solutions, including physical and electronic access control systems, cameras, security locks, and fences. CIP-014 allows utilities flexibility in determining appropriate security measures. Medeco offers solutions like the Medeco XT electronic locking system and the Medeco CLIQ electro-mechanical locking system, providing controlled access, accountability, physical security, and system management.

Medeco Intelligent Key Systems offer benefits similar to electronic access control systems but with significant advantages. The cylinders retrofit existing hardware without hardwiring, reducing installation time and cost. Medeco locks are built to high standards, offering strong protection against forced entry and tamperproof features in an attack-resistant design.

While some utilities opt for elaborate Electronic Access Control (EAC) systems, the high installation cost due to extensive hardwiring is a major drawback. Medeco Intelligent Key Systems draw power from the electronic keys themselves, eliminating the need for hardwiring and ensuring continued operation during power failures. Medeco XT Intelligent Keys use rechargeable batteries providing power for 1,800 openings per charge. Medeco CLIQ Intelligent Keys use replaceable coin cell batteries with a 20,000-cycle battery life. Their wire-free design allows deployment in all interior and exterior climates, from office spaces to outdoor perimeters secured with padlocks.

Installation of a Medeco Intelligent Key system is straightforward: remove the old cylinder and install the new one, enabling fast and efficient deployment crucial for CIP Standards compliance.

Medeco CLIQ

Medeco XT

Trusted Security for Critical Infrastructure

Medeco Intelligent Key Systems offer owners and operators the following benefits:

Key Management and Access Control: Respond quickly to security threats, lost or stolen keys, or personnel changes using expiring intelligent key validation intervals and remote programming. One key can access doors, cabinets, gates, and outdoor areas. Flexible access, electronic scheduling, and key management ensure the right person is at the right location at the right time. Administrators have the freedom to manage the system anytime, anywhere.
Access Control for Mobile Workforce: Bluetooth connectivity with iOS or Android mobile phones allows users to update key access rights wirelessly, anywhere, anytime.
Audit Accountability: Audit information recorded in both the lock and key provides a time-and-date stamped record of every event, including authorized accesses and unauthorized attempts. The CLIQ Intelligent Key System offers customized software integration possibilities with third-party solutions or customers' own IT systems via an XML/SOAP Web Services interface.
Physical Security: Medeco XT and Medeco CLIQ Intelligent Key Systems enhance security without compromising physical integrity. Their attack-resistant design and tamper-proof features provide strong protection against forced entry.
Reduce Costs: Cost-effective solutions eliminate the need for users to return to an administrator to update keys or replace batteries. Operational costs are reduced due to the use of existing hardware, easy wire-free installation, and the fact that Medeco intelligent keys power the cylinder, negating the need for hard wiring or external power supplies. Simply replace the existing mechanical cylinder with a Medeco XT or CLIQ intelligent cylinder. Access control for a mobile workforce is enabled via Bluetooth connectivity for wireless key updates. Reduced IT infrastructure costs are achieved through Medeco's hosted Software as a Service (SaaS) solution using Amazon Web Services (AWS) or AWS GovCloud, which provides secure cloud solutions for vetted government customers. Medeco has achieved ISO/IEC 27001:2013 certification for its information security management in the production and sale of Intelligent Key systems.
Service Availability: Medeco offers 24/7 high-availability environments (SLA 99.9%, excluding planned maintenance), with all services monitored 24/7. Optional professional support is available 24/7.

The CIP Compliance Solution that is Easy and Cost-Effective

In a world of unpredictable disruptive events, utility security is paramount. Federal actions have mandated that all North American power utilities comply with rigid physical security regulations. Replacing a vulnerable mechanical key system with a Medeco Intelligent Key System is one of the most cost-effective and efficient ways for a utility to meet and sustain compliance with several key NERC CIP Standards. It offers all the benefits of an electronic access control system without the high cost of expensive hardwiring.

Medeco Intelligent Key Systems are a significant component in a power utility's strategy to dramatically lower the cost and complexity of CIP physical security compliance. Numerous small, medium, and large utility customers across the USA and Canada successfully use Medeco Intelligent Key solutions (CLIQ and XT) to protect their facilities and ensure physical security compliance.

For more information about Medeco Intelligent Key Systems, contact:

Andy Hummel
US Business Development Manager
Medeco Security Locks, Inc.
andy.hummel@assaabloy.com
(919) 740-3433

	Medeco Intelligent Key Systems for Utility Physical Security and NERC CIP Compliance This document outlines how Medeco Intelligent Key Systems provide robust physical security and streamline regulatory compliance for U.S. power utilities, addressing NERC CIP standards with advanced access control and audit capabilities.
	Medeco Intelligent Key Systems for U.S. Power Utility Physical Security Compliance An executive brief detailing how Medeco Intelligent Key Systems (Medeco XT and Medeco CLIQ) provide efficient, cost-effective, and secure solutions for U.S. power utilities to meet NERC CIP physical security regulatory compliance requirements, enhancing access control and audit accountability.
	Medeco 2025 Product Catalog: Comprehensive Security Solutions Explore the Medeco 2025 Product Catalog for a wide range of high-security locking systems, intelligent key solutions, and mechanical products. Discover key control programs, ordering information, and technical specifications.
	Medeco 2020 Product Catalog: Comprehensive Security Solutions Explore the Medeco 2020 Product Catalog, featuring a wide range of high-security locks, intelligent key systems, and mechanical solutions. Discover key control programs, ordering information, and online tools designed for enhanced security and efficiency.
	Medeco 2019 Product Catalog: Comprehensive Security Solutions Explore the Medeco 2019 Product Catalog, featuring a wide range of high-security locks, key systems, and access control solutions from ASSA ABLOY. Discover Medeco's advanced technologies including Medeco³, Medeco X4, and CLIQ systems for enhanced key control and security.
	2015 Medeco Product Catalog - High Security Locks & Cylinders Explore the comprehensive 2015 Medeco Product Catalog featuring high-security locks, cylinders, key control systems, and electronic access solutions from Medeco and ASSA ABLOY.
	Medeco 2020 Product Catalog: Comprehensive Guide to Security Solutions Explore the Medeco 2020 Product Catalog, featuring a wide range of high-security locks, key control systems, and intelligent access solutions from ASSA ABLOY. Discover detailed product information, ordering guides, and key management tools.
	Medeco Key System Conversion Guide: Enhance Security & Efficiency A quick reference guide from Medeco (ASSA ABLOY) detailing common reasons for key system failure, emerging threats like 3D printing, challenges in system conversion, and a step-by-step implementation process. Includes planning considerations and product highlights.