Power Generation Roundtable Recap
Three members of ProArch’s Power Team came together to share their IT insight on technology’s role in improving reliability and profitability in the power generation industry. Get a glimpse of the advice shared in Power Generation Roundtable IT’s Role in Improving Reliability and Profitability below and watch the full discussion here.
What are the strategies and technology that can be utilized to improve resiliency?
“Act right now. There is no time like the present to work on improving cyber resiliency. First, you need to consider not just the physical aspects of the plant that need to be planned for but also the digital. Understand where your risks and gaps are in your critical infrastructure and act on them. Next, you need to ensure resiliency is operational. Systems acceptance testing, failover testing, backup testing, and disaster recovery should all be performed regularly. Those things need to be aligned so you’re ready in the event something happens,” Ben Wilcox CTO of Security and Cloud shared.
Mike Spoont, President and Power Team Lead took the business perspective of improving resiliency.
“Looking at cyber attacks that have happened over time, they have a significant impact. Power generators need to be aware of the negative publicity that a cyberattack can have for the owners of the plant. To avoid these consequences, plan for the worst but invest for the best outcomes. Whether it’s cyber insurance, infrastructure, or Cloud all those things are critical to developing that level of resiliency to maintain the integrity of the operation. In addition, I suggest going beyond NERC compliance. Think about resiliency as part of the business’s objective versus something you have to do.”
How can a plant utilize the Cloud and IT standardization to ensure streamlined IT transitions in the future?
Luke Bixby, Senior Technology Consultant, says the key to getting people productive faster in an acquisition is Cloud.
“Cloud computing is a benefit especially to a greenfield plant or acquisition. You have a plant that is being built or bringing on new employees. They want to start collaborating and sharing information but the data center is not built yet. We have set plants up in the Cloud which allowed those resources to get people connected from temporary trailers or remote locations while the acquisition or construction is still in progress. Once the physical data center is ready, that transfer is seamless and almost non-impactive to employees.”
Both Ben and Mike touched on the role Cloud plays in divestiture.
“Cloud makes divestiture infinitely easier," Ben said. "Especially in networks that are interconnected with other facilities and need to be separated. It’s also beneficial with the supply chain issues happening today with hardware. Generally, there are no constraints when provisioning cloud services. The lead time today for physical hardware is sometimes 15 months or larger. Also, repeatability. Cloud allows for standardization. Once you have a configuration that’s defined it can be templatized. Then, turned into a repeated configuration that’s rapidly deployed. We’re able to move faster by taking advantage of new services and re-using what already works.”
“When an investment firm acquires a plant there’s a legal entity that is created or transferred. The Cloud allows for a much cleaner divestiture. The legal separation is made much cleaner because there are no physical handicaps that come with assets on-premises,” Mike added.
What are the elements of a security program that are most essential for minimizing outages related to a cyberattack?
“Monitoring the entire environment is necessary to ensure you’re protecting all the data flows. There are many ways into the control side of the network. A holistic approach to monitoring and detection is really critical so you get the full picture,” Mike said.
“Security is about people, processes, and lastly technology," Wilcox said. "If we’re not educating our people, then we are not doing a good job in building the first layer of defense against an attack. Second, the process side. Hardening systems and put the right controls in place and measure them. For technology, you have to account for both IT and Operation Technology (OT). They’re different platforms that require different technology. And lastly a disaster recovery plan. Have a plan to recover is a key aspect to a security program.”
“All the edge devices and having insights into the connectivity between them, data flows, and unique communication protocols is really important," said Luke. "It takes a monitoring device to analyze that traffic and allow you to follow up. Recently we had a situation where a vendor opened up TeamViewer and the monitoring device in place gave the plant manager visibility into that. They were able to intervene and notify them that it is not an approved method. You need insight in order to react.”
A consistent message throughout the roundtable was clear: work with a partner who understands the power industry both from a technical and business perspective. A solid relationship can help you improve and sustain operational efficiency.
For the rest of the insights covered, including the panelists one piece of advice for power plants, watch the full discussion here.