2. Trends for Equipment Monitoring
For over a decade a wide range of equipment in
power plants have been connected to specialist
maintenance engineers at equipment suppliers by
the Internet and other communication networks.
Monitoring equipment located throughout the plant
is linked to the power plant’s operating systems -
continually monitoring the performance and status
of the equipment.
3. Extract from GE Brochure of
Power Plant Monitoring
When equipment starts to deviate from normal
and efficient operating parameters a warning will
be displayed in the power plant’s control room –
and in many cases an email or other alert
containing data is dispatched to the appropriate
maintenance staff [who may be working with the
equipment suppliers].
The maintenance engineers and equipment
suppliers could be based in different countries or
other global regions.
4. These alerts could prompt immediate action and
maintenance – which could avoid an unplanned
outage of the equipment [and possibly the while
plant].
These new systems have led to
improvements in plant operational efficiency
and performance – and should be considered
as an essential component of a clean coal
technology strategy.
5. Monitoring and IT Systems evolve
New and evolving networks and software can
allow far greater degrees of integration of:
• Plant databases,
• Real-time equipment operating performance
data,
• Enterprise social networks (including online
chats and/or voice mail on desktop and mobile
systems],
• As well as many other bespoke features (such
as specialist Apps).
6. An example of these new evolving systems is
Chatter – developed by the IT company
Salesforce.com
These interactive systems can allow significant
improvements in plant efficiency and operating
performance.
Chatter and other similar systems are being
rapidly adopted by many thousands of companies
each year.
But linking all these features via the Internet also
creates a new potential threat for power plant and
grid system operators – Cyber Security.
8. Hackers at work?
Hackers can be based in
any country. They can
have several goals –
such as causing
malicious damage to
computer systems or they
attempt to steal valuable
intellectual property [IP].
Are your plant and
networks vulnerable to
a cyber attack?
9. A computer virus attacked a turbine control
system at a US power company when a
technician unknowingly inserted an infected USB
computer drive into the network, keeping a plant
off-line for three weeks, according to a report
posted on a US government website.
The [US] Department of Homeland Security
[DHS] report did not identify the plant but said
criminal software, which is used to conduct
financial crimes such as identity theft, was behind
the incident.
It was introduced by an employee of a third-
party contractor that does business with the
utility, according to the agency.
October 2012 US Power
Plant Incident
10. The DHS reported the incident on its
website, which occurred in October 2012 - along
with a second incident which involved a more
sophisticated virus.
This report was released to coincide with a high-
profile cyber crime conference held in Miami [S4]
to review emerging threats against power
plants, water utilities and critical infrastructure.
In addition to not identifying the plants, the DHS
declined to say where they are located.
The report did not say who the DHS believed
was behind the sophisticated virus or if it was
capable of sabotage.
The DHS uses the term "sophisticated" to
describe a wide variety of malicious software
that is designed to do things besides commit
routine cyber-crimes. They include viruses
capable of espionage and sabotage.
11. It is worth noting that the infamous Stuxnet virus
was delivered to its target in Iran via a USB drive.
Attackers use that technique to place malicious
software on computer systems that are "air
gapped" or cut off from the public Internet.
12. Antiquated Software
and Aging Systems
Recent surveys have also highlighted the fact
that many critical infrastructure control systems
run on Windows XP and Windows 2000 -
operating systems that were designed more than
a decade ago.
Some Internet-linked equipment still has no
cyber protection at all.
Many systems still have "auto run" features –
which are enabled by default. This makes them
an easy target for infection - because malicious
software loads as soon as a USB is plugged into
the system unless operators have changed that
setting.
13. Shodan
The search engine Shodan [Sentient Hyper-
Optimized Data Access Network] has been
developed to identify a huge range of devises
linked to the web and their vulnerability
See: http://www.shodanhq.com/
14. US To Take More Action
Press Release from:
[US] Federal Energy Regulatory Commission
https://www.ferc.gov/
FERC Proposes to Adopt New Cyber Security
Standards
18th April 2013
The Federal Energy Regulatory Commission
(FERC) moved to strengthen the cyber
security of the bulk electric system today with
a proposed rule that would extend the scope
of the systems that are protected by cyber
security standards.
The proposal, submitted in January 2013 by the
North American Electric Reliability Corporation
(NERC), constitutes version 5 of the Critical
Infrastructure Protection Reliability Standards, or
CIP standards. The proposal is intended to
improve the security posture of responsible
entities and represents an improvement in the
CIP standards.
15. The proposal includes 12 requirements with
new cyber security controls that address
Electronic Security Perimeters, Systems Security
Management, Incident Reporting and Response
Planning, Recovery Plans for BES Cyber
Systems, and Configuration Change
Management and Vulnerability Assessments.
It also would use a new, tiered approach to
identifying and classifying bulk electric system
cyber assets that is a step toward applying CIP
protections more comprehensively to better
assure protection of the bulk electric system.
The Commission is seeking comment on certain
language in the proposed CIP version 5
Standards to alleviate concerns regarding the
potential ambiguity and, ultimately, enforceability
of the proposed Standards.
NERC is the FERC-certified Electric Reliability
Organization for the bulk electric system.
Comments on the proposed rule are due 60 days
after publication in the Federal Register.
