It would be very hard to imagine our modern society without a secure supply of electricity generated by the nation’s energy and power plants. Power plants are one of the most critical components of national infrastructure, and disruption in energy production would impact everything from healthcare to national security. In order to ensure that this does not happen, energy and power plant security must be addressed proactively by plant operators. With that being said, the need for critical infrastructure surveillance continues to grow.
Types Of Threats Facing Energy/Power Plants
Energy infrastructure is highly complex, and the sector faces threats from a variety of sources. Security risks facing energy and power plants today include:
- Natural threats – threats resulting from acts of nature (severe weather, floods, earthquakes, hurricanes, and solar flares), as well as wildlife interactions with the power system (squirrels, snakes, or birds causing short circuits on distribution lines).
- Technological threats – threats that result from failures of systems and/or structures.
- Human-caused threats – threats resulting from accidents (for example, a maintenance crew cutting an underground line) or from the intentional actions of a person or group of people (cyberattacks or threats of terrorism).
The recent difficulties with infrastructure during the Covid-19 pandemic have reminded us of the critical importance of electricity in all aspects of our lives. Keeping medical equipment working in hospitals and IT systems available to do teleworking and video conferencing has only reinforced how critical energy and power plants are to us all. The impact of an extended disruption has the potential to impact national security as well as the safety of families and communities at a more localized level.
Are Energy and Power Plants Under Cyberattack?
At one time in the not-so-distant past, power plant security simply involved physically protecting the facilities and equipment used to generate power. The computerization of the industry has made it more challenging to maintain power plant security. Additionally, the use of devices that communicate through IoT (Internet of Things) has made it more complicated to secure the technology that is being used to run the nation’s power plants. It is still possible to physically attack a power plant, but the top security risks facing energy/power plants today come from cyberattacks.
Why are cyberattacks such a threat to the energy industry? The technology that makes remote access and remote monitoring possible is also a security risk if not implemented correctly.
- Lack of dedicated IT staff – many power plants lack the staff to effectively identify and stop a cyberattack. Without the proper personnel in place, hackers can gain control of the facility.
- Merged systems – information technology (IT) and operational technology (OT) systems are now directly linked, and advances in automation present a danger to these merged systems. Hackers who gain access to a power plant’s IT infrastructure are able to disrupt the OT systems required to generate power through this integrated network system.
- Inferior network security – securing a power plant’s networked systems requires complex passwords, two-factor authentication, firewalls, intrusion prevention systems (IPS), and user awareness. Many plant operators resist strong passwords (complaining that they are too complicated to remember). But with the rise of VPN connections for remote operations, security updates and strong passwords are critical to mitigate risk.
These protective measures are important to deter hackers from gaining access to the computer systems that run one of our nation’s most critical assets.
Other Ways to Improve Power Plant Security
There are three additional tools that can be used to secure power plants and ensure our nation’s energy infrastructure is safe from attack. They include:
Tool #1 – Physical security
Physical access to a computing environment cannot be controlled by firewalls or other automated processes. Instead, plants should require badge access to sensitive areas within the facility, and install video surveillance systems to monitor unfamiliar contractors or technicians – as well as the employees who work on-site. There are many many ways to improve your power plant security with video cameras and advanced surveillance systems.
Tool #2 – User education
All employees, contractors, and technicians who are on-site or working remotely should be educated concerning the risks associated with phishing emails or other campaigns that are designed to trick people into giving up login credentials or inadvertently spreading malware on a networked computer.
Tool #3 – Increased security testing
Routinely monitoring the security systems that are in place, or testing physical security measures that have been installed, is necessary to identify shortcomings in the security system and identify the areas that need to be improved in order to improve power plant security.
Learn more about surveillance options for critical infrastructure in the energy sector here.