Site loading image


9 Actions You Can Start Now to Protect Critical Infrastructure

Larry Fitzgerald & Sarah P. Fuller | December 13, 2022

Steps to improve physical security at substations, chemical plants, pipelines, data centers, hospitals and other critical infrastructure

With the recent attack on multiple electrical substations, you may be thinking, “Are our facilities at risk too? Are we doing all we can to protect our people, operations, and community?”

The proper application of the security concepts of deter, detect, delay, respond and recover from incidents, and utilizing a these concepts as a series of layers – with physical factors, policies and procedures, technology and people all playing key roles will significantly lessen risk.

As you think of your facilities (whether a substation or other vital asset), understand that those seeking to disrupt your operations and do harm follow a typical attack planning cycle which means disruptions can be detected in advance.

Here are 9 things you can do to protect your critical infrastructure in the short, middle and long-term.

Start today:
  1. Increase patrols and surveillance of your facility. Have your security staff, and contracted staff patrol the site regularly at varying times. Ask local law enforcement to add your site to their regular patrols in the area. Make sure local law enforcement understands the significance of the facility.
  2. Maintain your facility. Make sure that gates, fences, locks and similar perimeter and building security assets are in good working condition. Maintain the grounds and vegetation so it appears (and is!) a well-maintained location that shows there is regular care and visitation to the site. Make sure any signage with prohibitions for trespassing, weapons, or that announces surveillance are current and posted at regular intervals around the perimeter.
  3. Be on the lookout for signs of illicit surveillance. Walk the grounds and look for signs someone is targeting your site. Cigarette butts, litter, disturbed ground or other signs of unusual human activity could indicate someone is actively watching the site for opportunities.
In the next few months:
  1. Conduct a Threat and Vulnerability Assessment (TVA). Use your security team or hire experts in physical security to evaluate the strengths and gaps in your existing security program. This should include a review of the physical and technological aspects of the facility as well as how people interact with the site and what policies and procedures are in place to prevent and respond to threats and emergency incidents.
  2. Update your Standard Operating Procedures. Based on the current threat landscape and your TVA, update policies and procedures to reflect the current state and potential for incidents.
  3. Train your team. Conduct regular security awareness training for your staff and any recurring contractors you work with to recognize threats and how to report and respond safely to them.
In the next 12-24 months:
  1. Improve the perimeter. Install anti-climb fencing and access control systems around the facility. Make sure that critical equipment inside the facility is obscured from view or protected from outside the perimeter so that it is not an easy target from a distance.
  2. Install intrusion detection systems. Use technology to best effect with systems that will alert you to breeches of the perimeter or building, detect gunshots and/or drones and ensure someone is monitoring, able to evaluate and deploy a response to these incidents.
  3. Harden critical equipment against ballistic and blast threats. Install security films on glazing and windows, shelter critical equipment and buildings by crafting shields from ballistic, blast and fire-resistant materials (e.g., concrete) to help prevent damage and destruction in the event of an attack.

Moving Forward:

As you work towards these security goals for your facilities, keep in mind that as critical locations become hardened and therefore are less-appealing as potential targets, those sites with fewer protections may become more attractive as targets and/or serve as testing grounds for larger attacks. Be proactive in implementing robust security measures across your assets.

Contact Us:

For more information on how TRC’s Security and Emergency Management team can help improve security at your critical facility, please contact us today.
Larry Fitzgerald

Larry Fitzgerald, CPTED, PSP, CPP leads TRC’s national Security and Emergency Management Practice, where he has supported security many different types of Critical Infrastructure, including dozens of utilities. He has assessed security, developed security master plans, security designs, developed policies, provided training, and overall security consulting/strategy for clients nationwide. Contact Larry at

Sarah P. Fuller

Sarah P. Fuller, M.A., CPTED, BPATS, is an Emergency and Security Planner with TRC’s Security and Emergency Management Services team. She specializes in threat and vulnerability assessments for utilities, state and local governments, and educational facilities, as well as emergency management (plans, exercises, etc.) and crisis communications across multiple sectors. She has managed and supported security and emergency management projects for utility clients across the country. Contact Sarah at

Looking for effective solutions to your problems?

Turn to the experts at TRC.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Read our Privacy Policy.