Cyber Resilience And The Hydropower Industry

Hydropower now accounts for 37 percent of all of the utility-scale renewable electricity that powers our nation. However, the industry is being challenged by diverse and aging infrastructure that predates modern cybersecurity practices. New technologies offer solutions to security challenges, but they cannot simply be added to existing infrastructure; instead, water sites need to be assessed for risks so that the proper security enhancements can be made. Building hydropower cyber resilience is an important piece of our national security puzzle, as a service interruption could cause financial loss to operators and disruption to the everyday lives of American consumers. With that being said, the need for critical infrastructure surveillance continues to grow.

Using Technology To Improve Hydropower Cyber Resilience

In the hydropower energy sector, enhanced digitization is part of a growing trend toward improving the performance of turbines and other equipment, while at the same time reducing costs and optimizing asset management. By connecting operational technology (OT) systems via network to industrial control systems (ICS), facility operators gain the ability to remotely monitor water sites for performance as well as security breaches. However, this new reliance on technology and remote operations has made hydropower facilities more vulnerable to attack from bad actors. In many cases, aging infrastructure has made dams and other water sites more vulnerable to attack. While it may be possible to prevent all cyberattacks, hydropower cyber resilience can be improved considerably and sites can be fortified to withstand, adapt, and bounce back from attacks to continue critical operations.

To build true cyber resilience, basic cyber security best practices should be enforced, including:

• All operators should regularly test and patch any systems connected to the internet.
• The segmentation of networks should be supplemented by proactive measures that detect threats early on and allow operators to respond to them immediately. This limits any damage that can occur during a cyberattack.
• Security professionals should do regular assessments to test the strength and resilience of networked systems.
• When deploying new technologies, such as the Internet of Things (IoT) or any cloud-based technologies, make sure employees are fully trained in all security protocols and procedures that exist to safeguard the security of these technologies.
• Invest in focused security measures that are specific to your facility, rather than a broad-based approach that may not adequately cover your vulnerable points of entry.

Hydropower cyber resilience can only be reached when facility operators enact a strong set of risk-management procedures and have a proactive response to any incidents that do occur on-site. Staying one step ahead of potential cyber threats and ensuring that all risks are dealt with efficiently will protect a water site from cyberattack and allow it to bounce back quickly if bad actors are able to breach the site’s security measures.

Video Surveillance At Hydropower Sites

Effective video surveillance and remote monitoring system can help minimize risk to overall hydropower operations and improve response times if an incident does occur. Advanced security systems offer remote monitoring and data analytics, allowing operators to monitor facilities 24/7 from virtually anywhere. This innovative surveillance technology has been a boon to building hydropower cyber resilience while allowing operators unprecedented control of their sites even if they are not physically present. Web-based technologies allow facility managers to view on-site operations from any mobile device or computer, and advanced data allows security teams to make real-time assessments and decisions surrounding security breaches, safety procedures, and maintenance needs.

Other benefits of hydropower video surveillance and remote monitoring technologies include:

• Deter crime – just the mere presence of visibly placed surveillance cameras is often enough to keep criminals at bay. And if they do choose to breach the perimeter, surveillance cameras will record their movements and assist in law enforcement investigations.
• Prevent unauthorized access –when combined with alarm systems, video surveillance technology can be a powerful deterrent to most criminals. If a bad actor knows he is being recorded, they will think twice about their actions.
• Remote viewing – keeping an eye on your site during off hours or when a minimum number of employees are on-site allows you to reduce false alarms and focus on real threats. In the case of water sites, it also allows operators to monitor operations and keep an eye on any maintenance issues that need to be addressed before they present a problem to the integrity of the site’s infrastructure.
• Reduce liability – a cyberattack can affect employees, the power grid, or the people and structures downstream from your water site. By using technology to regulate access and monitor the area, operators can reduce their liability in the event of such a scenario.

Evaluating The Risk Of Cyberattacks On Hydropower Facilities

Although the hydropower sector has made great improvements in securing water sites within the United States, operators are realizing how important it is to routinely review their procedures in order to build better hydropower cyber resilience. While attacks will continue to plague the sector, proper detection, response, and remediation will continue to ensure that water sites continue to deliver hydroelectricity to the grid. In order to help facilities improve their cyber posture, the National Renewable Energy Laboratory (NREL) has devised the Cybersecurity Value-at-Risk Framework to provide hydropower operators with complete and customized assessments of their cybersecurity risks and to demonstrate how different investments will help improve overall hydropower cyber resilience.

The CVF was developed with support from the U.S. Department of Energy Water Power Technologies Office. This online tool guides users through a detailed analysis of their plant’s operations and compares them to existing criteria to gauge risk probabilities and suggest cybersecurity improvements to withstand future threats. This powerful tool can help operators ensure the safety of their workers, the nation’s grid, and all citizens who live downstream from water sites. Such advanced tools, when combined with advanced technologies, help mitigate risk and ensure the hydropower cyber resilience of the nation’s water sites for generations to come.

 

 

Learn more about surveillance options for critical infrastructure in the hydropower sector here.