We look forward to presenting Transform 2022 in person again on July 19th and virtually from July 20th to 28th. Join us for insightful conversations and exciting networking opportunities. Register today!
Complex market forces and various challenges have converged over the past decade, leading to the rapid adoption of new digital solutions in power plants. The increasing use of renewable energy and the digitization of the grid have increased the competitive pressure on traditional gas-fired power plants to become more competitive.
Key challenges driving this change include:
- multi-generational workforce – The shortage of experienced plant operators and managers is growing, increasing the need for more flexible remote work options and training
- Global shift to remote work – Uncertainty and social distancing protocols created by the COVID-19 epidemic accelerated the urgency of a new remote operating model.
This second trend is arguably the most important.
Power producers are beginning to adopt technologies that enable remote or mobile control methods to ensure business continuity and optimal staff flexibility and efficiency. Due to increasing uncertainties in plant operations, industrial companies must build their security stack with the aim of controlling their critical infrastructure from a remote location. Operations managers and technicians must be able to communicate with the plant’s operating resources at any time and from anywhere.
Traditionally, plant operators and technicians could only work in a control room or other nearby environment to access the plant’s human-machine interfaces (HMIs). Although there was a desire for more flexible remote operations solutions or a need for remote access to technical support systems, operators were physically confined to the control room. Power plant operators have long been under tremendous pressure from operations and maintenance (O&M) to meet key performance indicators (KPIs), and the pandemic has added an urgent need for remote flexibility. Developing and implementing contingency plans and changing strategies to minimize the presence of non-essential personnel on site has become a critical priority.
There are several reasons why such restrictions were put in place, such as: B. International cyber requirements that prevented mobile or offsite use of these controls. Additionally, when such conditions exist, there is often a high level of manual process and procedural constraints. For this reason, when remote access is required intermittently, it is typically accomplished via transient approaches that can compromise critical infrastructure.
Combination of physical security and cybersecurity measures
Looking at the division of plant locations and responsibilities today, the industry has a good idea of what solutions are required based on personal roles and responsibilities. However, these needs are not always coherently linked to a particular strategy.
The strategies required to address the business challenges of today and tomorrow range from occasional remote technical support to emergency response to a more complex plan for centralized (remote) operations of many assets from a command center.
A combination of on-site and remote power plant operators will be able to respond much more effectively, increasing operational efficiency and public safety. Additionally, remote workers can monitor and control on-site HMI systems while on-site control room personnel continue to have ultimate access control. Depending on the system characteristics, complete remote operations may also be possible. Mobile users in the factory or elsewhere benefit from a specially designed interface with security features.
An example that illustrates the cost and need for more adaptable remote operations is the middle of the night call for the local engineer, who may be several hours away, to respond to an issue during launch preparation. Timing is critical, and the speed of response can mean the difference between a failed launch, a delayed launch, or a missed loading dock or toll booth — resulting in a potential loss of tens of thousands of dollars on a single incident. The physical response required to call the technician to the site also impacts the team’s overall productivity as that person inevitably misses the next workday. If the technician could provide remote support instead, many of these issues would be eliminated.
Remote Access: Realigning Cybersecurity Strategy
Industrial companies and companies need to rethink their security stack. Instead of building safeguards around the office, organizations need to enable:
- Collaborate with remote collaborators and experts
- Increase the effectiveness and flexibility of mobile personnel on site
- Improve the health and safety of your employees
- Work reliably with reduced staff
- Monitor system operation centrally.
- Diagnose and fix alarms and problems
- Instruct, instruct and dispatch personnel on site
- Remotely operate, start and/or shut down control system assets
Most power plants today are equipped with firewall products, which have become standard devices when it comes to securing a network. Today’s next-generation firewalls (NGFW) are more powerful and offer multiple features such as sandboxing, application-level inspection, and intrusion prevention. While NGFWs do an excellent job at these functions, they are not designed for remote device access and there are inherent risks for those who have used them for remote access.
Firewalls can encrypt data streams over a virtual private network (VPN) and tunnel critical information through an untrusted network like the Internet. However, with today’s technology and the large number of tools and information available to threat actors, it is possible to hack the data communication protocols at the endpoint device, where these encrypted data streams are terminated, and potentially perform malicious activities to access critical power plant assets.
Other areas companies should consider for their remote security include:
- Organizations need to identify all of their critical infrastructure. While this may sound intuitive, it is crucial to consider system dependencies. For example, an IT billing system is essential when it depends on operational engineering.
- Encrypted browser-based display (VDI) for remote or mobile operator HMI display on desktops, laptops and tablets.
- Multi-factor authentication (MFA) is a given. There are many types of MFA, but industrial companies should implement hardware-based closed-loop token access without cloud access to meet both on-premises and remote access needs of mobile operators.
- Moderated secure file transfer provides either bidirectional or unidirectional file transfer capabilities for any system connection.
- application and system segmentation ensures systems and applications are logically segmented to limit the blast radius of cyberattacks.
- Time-based access controls Limit the time vendors, contractors, and plant engineers interact with critical systems.
- Operator and remote user HMI access sessions must be recorded for forensic and training purposes.
As the energy industry adapts to the changes brought about by a changing workforce and the convergence of IT and OT, remote user access becomes even more important.
Bill Moore is the CEO of Xona Systems.
data decision maker
Welcome to the VentureBeat community!
DataDecisionMakers is the place where experts, including technical staff, working with data can share data-related insights and innovations.
If you want to read about innovative ideas and up-to-date information, best practices and the future of data and data technology, visit us at DataDecisionMakers.
You might even consider contributing an article of your own!
Read more from DataDecisionMakers