Electrical Power Plants and Cyber Security

by | Aug 7, 2009 | Cybersecurity, Industry, Power Generation | 0 comments

A recent Automation World article, Cyber Security–A Must For the Grid, describes how cyber security has become a big issue for electric plants. This is because of the requirements to be in:

…compliance with standards developed by the North American Electric Reliability Corp. (NERC), of Princeton, N.J. The NERC Critical Infrastructure Protection (CIP) standards will soon become required for electric grids.

The article quotes Emerson’s Eric Casteel, manager of security, SCADA and renewable energy development in the Power & Water Solutions business. Concerning the development of smart grids and the connections of new plants to it, Eric offered:

Renewable power needs to be monitored more frequently than traditional power… You have wind that’s variable, solar that’s variable, and those variables need to be managed frequently. Oversight is deeper and it’s shared with executives, so it’s exposed to the outside world.

As we’ve highlighted in many cyber security-related posts, the article notes the need treat cyber-security as a program, not a collection of cyber defense technologies. It should be treated like the plant safety program where everyone has a role, looks out for one another, and has a feeling of ownership.

Eric points out the conflicting objectives IT and the control teams have. IT has deep experience with security and the procedures to keep everything patched and up to date. For the process control team, availability is paramount. It echoes a conflicting-objective thought with respect to screensaver passwords that I expressed in an earlier post:

For example, if an operator gets locked out and can’t immediately address a plant alarm condition, the results can be very different than if an accounts payable professional gets locked out from their workstation.

Eric highlights how some electric plants address these conflicts:

Some plants are bringing in a consultant to work with control, and bridge the gap with IT… Where it’s been most successful is where control still has the responsibility for security, but they work closely with IT.

The article highlights the dilemma of the Smart Grid requirement to share information outside a plant with that communication path being an entry point for cyber security threats. It concludes:

NERC programs and audits are compelling electric plants to demonstrate their ability to withstand cyber attacks. To cope with all of this, plants are bringing together the expertise of consultants, vendors and their IT departments to ensure that they’re well protected.

Popular Posts

Comments

Author

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.

PHP Code Snippets Powered By : XYZScripts.com