An electric power substation with wires hanging in the sky on a sunny sky.

Hydropower and Power Distribution Facilities Security Risk Assessment


A utility client in Washington contracted with Gannett Fleming’s security and safety experts to provide a professional risk assessment of two hydropower dams and appurtenant features, 15 power switchyards and substations, six local offices, and 14 recreation facilities.

Waterpower is a clean energy source that produces electricity, contributing to the United States’ goal of using more renewables and less fossil fuels to reduce environmental impacts. A key part of the assessment was the completion of a detailed gap analysis and vulnerability assessment to analyze the overall effectiveness of the security measures at each site and the potential risks.

The team’s work resulted in recommendations to reduce the district’s risk of damage incurred by vandalism and theft, while serving as a deterrent to the activities of domestic and international terrorists.

Using the Risk Assessment and Management for Critical Asset Protection (RAMCAP PlusSM) as the guiding methodology, the team considered potential design-basis-threats (DBT) on a global, national, regional, and local level with potential to significantly impact critical assets.

The team completed a characterization of critical assets, consequence analysis, vulnerability analysis, and threat assessment to produce the security risk assessment. To complete its work, the team reviewed the client’s security department documentation, including Federal Energy Regulatory Commission (FERC) and National Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance. They also identified the basis of design to support site security risk assessments, looking for gaps based on industry best practices and making recommendations for improvement.

What We Did

The team’s work included performing on-site security assessments using regulatory requirements and a series of industry-recommended physical security best practices of all identified and directed critical facilities and recreational sites. The assessment and capture of a listing of all security-related technologies and equipment in use at the sites enabled the team to identify system gaps and vulnerabilities.

The team also reviewed and evaluated the client’s security team operations, response capabilities, and support activities to address various types of potential incidences. This included reviewing and assessing how the client’s security program meets relevant laws and federal requirements, policies, and guidelines to ensure compatibility and compliance with the security program.

Risk potential was based on identified threats at the local, state, national, and global levels that could affect the power generation of the hydropower facilities. The results of the assessment helped inform a security risk register for the organization to consider for inclusion in their Enterprise Risk Management Program.

Key Features

  • Detailed gap analysis and vulnerability assessment of DBTs enables the determination of security posture.
  • Industry-recommended physical security best practices guide facility and site assessments.
  • Recommendations for improvement offer guidance for security enhancements.


  • Client understanding of prioritized physical threat risks to critical assets.
  • Recommended improvements to security policy, operations, and incident response.
  • Mitigation strategies to protect against vandalism, theft, and terrorist attacks.
  • Security risk register for inclusion in Enterprise Risk Management Program.


Confidential Client




Risk Assessment Services

Related Projects

What are you looking for?
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Our website uses cookies, mainly from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.