Welcome Your New Expert Interview Series: Christopher Ott, New Expert in the Digital Utility Group – [an Energy Central Power Perspectives™ Expert Interview]

Join us as we explore Christopher’s journey and expertise, offering a deeper understanding of the current and future states of utility security and the strategies driving this essential transformation.

Matt Chester: Welcome to the expert network, Chris. As this will be a real introduction for you into our community, we’d love for you to start off by introducing yourself. Tell us a bit about your background in the energy sector and how you found yourself in your current role with POWER Engineers, including what you tend to work on these days.

Chris Ott: I usually tell people that my career in this industry started back in the late 90s during my Marine Corps days. I joined the Marine Corps as a power distribution and generation specialist. My initial job was to set up mobile camps for field operations and training purposes, and I received extensive training and education for electronic repair.

After 9/11, funding and the military’s focus changed. Operation Iraqi Freedom began, marking a turning point in my career. I started focusing more on anti-terrorism within the critical infrastructure and utility space. Towards the latter half of my military career, my responsibility was to help identify critical targets in foreign nation-states—specifically in the Middle East—determining how to neutralize critical infrastructure locations, particularly the power grid.

After leaving the Marine Corps, I took advantage of the GI Bill, went back to college, and earned a degree in  Electronic Engineering. I started working for a series of security integrator companies, focusing on large commercial and industrial systems for sectors such as corrections, healthcare, and education. Eventually, I transitioned to the utility and electrical space, doing a lot of security design work. One of my major clients was Portland General Electric (PGE).

Because my expertise was frequently needed by PGE, their corporate security department manager reached out to me, interested in increasing my involvement with their projects. Jokingly, I suggested they just hire me. They made that happen, and I transitioned to PGE where I helped build their in-house security engineering team. I worked as a security liaison for the generation department, then their substation group, learning a great deal about investor-owned utilities and the industry as a whole.

Around the end of 2019 and into 2020, POWER Engineers reached out to PGE about a pilot project involving a new innovation. That began my interactions with POWER, and when they wanted to build an in-house security team to handle their utility space projects, it was an opportunity I couldn’t pass up. That’s how I became their Senior Security Engineer.

MC: Can you share some of the highlight projects you’re involved with these days and how you think they’re advancing security on the grid?

CO: In addition to working as an owner’s engineer on some projects and providing support for our utility clients, I helped develop and build a ballistic line-of-sight team. This is particularly important because attacks on utilities and substations has, unfortunately, become more prevalent. Solving this challenge is critical for protecting infrastructure.

Drawing on my Marine Corps experience, we’ve developed an in-house process that uses specialized software to remove guesswork as we address ballistic threats to transformers and other critical assets.

Recently, I conducted an explosives study for a client who has plans to build a transmission substation that feeds a distribution substation near a chemical manufacturing plant. The utility was concerned about the potential impact of an explosion at the plant and its impact on their substation and the grid. It was a fascinating study and satisfying to develop a solution for them. These are just a couple of the interesting projects I get to work on in my role.

MC: Given your area of expertise, please share your thoughts on what are the key components of a robust physical security plan for power delivery facilities?

CO: A robust physical security plan for power delivery facilities should include several key components. First, it’s essential to conduct a thorough risk assessment to identify and prioritize the most critical assets. This includes understanding potential threats such as vandalism, theft, and terrorism.

Next, physical barriers are crucial. These can range from fences and walls to more advanced solutions like ballistic-resistant barriers or introducing specialized technology in situations where barriers aren’t sufficient. Given the increasing prevalence of gunfire toward utilities and substations, creating a ballistic line-of-sight team can be effective. This team uses specialized software to address ballistic threats against transformers and other critical assets.

Another critical component is surveillance. Installing cameras and other monitoring devices helps with early detection and deterring potential threats. Access control systems also ensure that only authorized personnel can enter sensitive areas and recorded footage can assist with evidence gathering for audits.

Lastly, don’t underestimate the benefit of preparation. Regular personnel training and drills are important to ensure everyone knows how to respond during an incident. This includes coordination with local law enforcement and emergency services. By combining these elements, power delivery facilities can significantly enhance their physical security and protect against a wide range of threats.

MC: What are some common security threats that utilities face, and how do you help them address these challenges effectively?

CO: The most common security threats utilities face include theft (especially copper theft) and break-ins, which have been persistent issues for over 40 years. An emerging challenge, however, is cyber-attacks. While I am not a cyber expert, I get to work closely with cybersecurity professionals to address these threats at a high level. Energy theft is another concern, and more recently, ballistic attacks have increased. So we’re seeing both physical and cyber threats increase.

To address these challenges, it’s important to closely coordinate between physical and cyber teams for a cohesive, measured response. It’s important to identify the most vulnerable and critical substations by considering the various factors that might make them targets. For physical threats like theft and break-ins, we implement robust physical security measures, including barriers, surveillance, and access control. For cyber threats, we collaborate with cybersecurity teams to integrate physical and digital security strategies. By combining these efforts, we can effectively protect utilities from a wide range of security challenges.

MC: How do you foresee the role of physical security evolving in the next five to ten years, particularly in relation to emerging threats and technological advancements?

CO: Great question. We’ll look at technology from two perspectives: beneficial technology that aids us in our job and harmful technology that poses a threat. On the positive side, technology can help us be more efficient and informed. This means that security personnel become more skilled and adaptable. While technology can reduce the number of staff needed to monitor and respond to incidents, the remaining personnel must be efficient, knowledgeable and flexible, capable of distinguishing between legitimate activities and potential threats.

On the flip side, emerging threats like drone warfare are becoming a significant concern. The low cost and accessibility of drones make them potential tools for bad actors. We’ve already seen incidents—such as the July 2020 case in Pennsylvania—where a drone attempted to attack a substation. Although that attack was unsuccessful, it highlights the growing threat.

As we move forward, the role of physical security must evolve to better detect and respond to threats by incorporating advanced technologies like AI and machine learning. However, human involvement will remain crucial. The integration of advanced technology will require security personnel to continuously develop their skills and adapt to new challenges. By doing so, we can stay ahead of emerging threats and ensure the continued protection of critical infrastructure.

MC: Executives at the C-Suite as well as shareholders and rate payers are all invested in understanding the return on investment of funds utilities are spending, especially when they’re as large as these security investments. How do you quantify and justify the costs coming from this sector to those stakeholders?

CO: Sure, we are a revenue-based industry, focused on creating, transmitting, and delivering electricity. When it comes to security investments, viewing them strictly through the lens of return on investment (ROI) is somewhat misleading. It’s more appropriate to consider them as part of a risk mitigation strategy, somewhat like insurance. Just as you pay insurance premiums for protection, security investments are made to safeguard against potential threats.

In many cases, security measures are mandated by standards and compliance regulations, making them essential—regardless of ROI considerations. These investments require ongoing maintenance, upgrades, and sometimes replacements, which impacts the operating and maintenance (O&M) budget.

To justify these costs to stakeholders, it’s crucial to plan for worst-case scenarios and evaluate the likelihood of their occurrence. Consider the potential impact on revenue and public relations from a security breach. By categorizing assets into tiers based on criticality, we can prioritize security measures accordingly. This approach helps in understanding the necessity for these investments and the protection they offer against the risks to power production and delivery.

MC: What do you see as the key value in your time with Energy Central—what do you hope to learn from your peers and what values do you have to share with the community in these conversations?

CO: I’ve been fortunate to have enjoyed a diverse 20-year career in the security industry. During college, I worked part-time as a Brinks armored transport officer, which gave me valuable insights into working with security officers. My time in the Marines provided me with a unique ability to think like a bad actor, which has been invaluable for studying terrorism and anti-terrorism.

Many senior security professionals come from a law enforcement background, which is crucial for gathering actionable evidence and intelligence post-incident. This enables successful arrests and prosecutions. However, there’s a distinct difference between the mindset required for responding to incidents and those required for preventing them. My experience allows me to focus more on prevention, which is a crucial aspect of security.

On Energy Central, I’m looking forward to learning from my peers about what security strategies are working, what isn’t working, and the lessons they’ve learned. I hope to share my perspectives, contribute to these important conversations and support the development of industry best practices. These conversations are vital for advancing our collective knowledge and improving security measures for everyone.

_______________________________________

Thanks to Chris for joining me for this interview and for providing a wealth of insights and expertise to the Energy Central Community. You can trust that Chris will be available for you to reach out and connect, ask questions, and more as an Energy Central member, so be sure to make him feel welcome when you see her across the platform.

The other expert interviews that we’ve completed in this series can be read here, and if you are interested in becoming an expert, you can reach out to me or you can apply here.