Complex market forces and various sets of challenges have converged over the last decade, leading to the rapid adoption of new digital solutions in power plants. The growing use of renewables and the digitization of the grid have put competitive pressure on traditional gas-operated power plants to evolve to be more competitive.
The primary challenges driving this change include:
- Multigenerational workforce – the shortage of experienced plant operators and managers is growing, driving a need for more flexible remote work options and training
- Global shift to remote work – uncertainty and social-distancing protocols created by the COVID-19 epidemic hastened the urgency of a new remote operational model.
This second trend is, arguably, the most important.
Power generators are beginning to adopt technologies that enable remote or mobile control procedures to ensure business continuity and optimal staffing flexibility and efficiency. Due to growing uncertainties in plant operations, industrial organizations must build their security stack with the goal of controlling their critical infrastructure from a remote location. Plant managers and technicians need the ability to interface with the plant assets from anywhere, at any time.
Industrial businesses and enterprises must rethink their security stack. Rather than building defenses around the office, organizations must enable:
- Collaborate with remote staff and experts
- Increase on-site mobile staff effectiveness and flexibility
- Improve employee health and safety
- Operate reliably with reduced staffing
- Centrally monitor plant operations.
- Diagnose and troubleshoot alarms and issues
- Instruct, guide and dispatch on-site personnel
- Remotely operate, startup and/or shutdown control system assets
Today’s most power plants are equipped with firewall products, which have become standard-issue appliances when needing to secure a network. Today’s next-generation firewalls (NGFW) are more powerful and provide multiple functions such as sandboxing, application-level inspection and intrusion prevention. While NGFWs do a great job at these functions, they are not designed for accessing devices remotely, and there are inherent risks for those who have used them for remote access.
Firewalls can encrypt data streams over a virtual private network (VPN) and tunnel critical information through an untrusted network, such as the internet. However, with today’s technology and the high number of tools and information available to threat actors, it is possible to hack the data communication protocols at the endpoint device where these encrypted data streams are terminated and potentially conduct malicious activities to access critical power plant assets.
Additional areas businesses should consider for their remote security include:
- Organizations must identify all their critical infrastructure. While this may sound intuitive, it’s crucial to account for system interdependencies. For instance, an IT billing system is vital if it is interdependent on operational technology.
- Encrypted browser-based display (VDI) for remote or mobile operator HMI display to desktops, laptops and tablets.
- Multifactor authentication (MFA) is a given. There are many MFA types, but industrial organizations should implement closed-loop, hardware-based token access without cloud access to meet both onsite mobile operator and remote access requirements.
- Moderated secure file transfer provides either bidirectional or uni-directional file transfer capabilities for each system connection.
- Application and system segmentation ensures systems and applications are logically segmented to limit cyberattacks’ blast radius.
- Time-Based access controls limit the time vendors, contractors and plant technicians interact with critical systems.
- HMI access sessions by mobile operators and remote users need to be recorded for forensics and training purposes.
As the power industry adapts to the changes presented by a changing workforce and the convergence of IT and OT, remote user access will become even more essential.