Remote work requires industrial work and critical infrastructure security

Remote work requires industrial work and critical infrastructure security

We’re excited to bring Transform 2022 back in person on July 19 and around July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!

Complex market forces and different sets of challenges have combined over the past decade, resulting in the rapid adoption of new digital solutions in power plants. The increasing use of renewable energy sources and digitization of the grid have put competitive pressure on traditional gas-fired power plants to develop into more competitive ones.

Key challenges driving this change include:

  • Multigenerational workforce The shortage of experienced plant operators and managers is growing, leading to a need for more flexible teleworking and training options
  • Global shift to remote work The uncertainty and social distancing protocols created by the COVID-19 pandemic have accelerated the urgent need for a new remote operating model.

This second trend is arguably the most important.

Power generators are beginning to adopt technologies that enable remote or mobile control procedures to ensure business continuity and optimum employee flexibility and efficiency. Due to the increasing uncertainty in plant operations, industrial organizations must build their own security stack with the aim of controlling their critical infrastructure from a remote location. Plant managers and technicians need the ability to interact with plant assets from anywhere, at any time.

Traditionally, power plant operators and technicians were only able to work in a control room or other close environment to access plant human-machine interfaces (HMIs). Even if more flexible solutions for remote operations were desired or there was a need to access remote systems for technical support, operators were virtually restricted to the control room. Power plant operators have long been under tremendous pressure from operations and maintenance (O&M) to meet key performance indicators (KPIs), and the pandemic has added an urgent need for remote resilience. Developing and implementing contingency plans and changing strategies to reduce the on-site presence of non-essential staff has become a critical priority.

There are many reasons why such restrictions have been put in place, such as international electronic requirements that have prevented the use of these controls by mobile or off-site devices. In addition, there is often a high degree of manual processes and procedural limitations when such conditions are present. For this reason, when remote access sometimes becomes necessary, it is usually done through temporary approaches that can jeopardize critical infrastructure.

The combination of physical security and cyber security

Given today’s division of factory locations and responsibilities, people in the industry have a good idea of ​​what solutions are needed based on personal roles and responsibilities. However, these needs are not always linked to a coherently defined strategy.

Strategies to meet today’s and tomorrow’s business challenges range from occasional remote tech support to emergency operations to a more complex plan for centralized (remote) operation of multiple assets from a command center.

The combination of on-site and remote power plant operators will be able to respond more effectively, increasing operational efficiency and public safety. Additionally, remote employees can monitor and control on-site HMI systems while still allowing site control room personnel to have ultimate control of access. Depending on the characteristics of the plant, entire remote operations may be possible. Mobile users in the factory or elsewhere benefit from a purpose-built interface that includes security features.

One example that illustrates the cost and need for more adaptable remote operations is a midnight call to a local technician, who may be several hours away, to respond to an issue while preparing to start. Timing is critical, and response speed can make the difference between a failed start, a late start, a loading ramp, or a lost toll gate—resulting in a potential loss of tens of thousands of dollars in one case. The physical response required to call the technician to the site also affects the team’s overall productivity, as this person is almost always absent for the next working day. If instead a technician can provide remote support, it will eliminate many of these issues.

Remote access: reorienting a cybersecurity strategy

Businesses and industrial organizations should rethink their security package. Rather than building defenses around the office, organizations must enable:

  • Collaborate with employees and experts remotely
  • Increase the effectiveness and flexibility of the mobile team on site
  • Improving employee health and safety
  • Work reliably with reduced staff
  • Centrally monitor plant operations.
  • Diagnose and troubleshoot alarms problems and issues
  • Guiding, directing and dispatching staff on site
  • Operation of remote control system assets and/or startup and/or shutdown

Most power plants today are equipped with firewall products, which have become standard problematic devices when securing a network is required. Today’s Next Generation Firewalls (NGFWs) are more powerful and provide multiple functions such as sandboxing, application level inspection, and intrusion prevention. While NGFWs do a great job at these functions, they are not designed to access devices remotely, and there are inherent risks for those who have used them for remote access.

A firewall can encrypt data flows over a virtual private network (VPN) and transmit critical information over an untrusted network, such as the Internet. However, with current technology and the large number of tools and information available to threat actors, it is possible to compromise data communication protocols in an endpoint device as these encrypted data streams are terminated and potentially malicious activities to gain access to critical power plant assets.

Additional areas that companies should consider for their remote security include:

  • Organizations must identify all of their critical infrastructure. Although this may seem counterintuitive, it is very important to consider the interconnectedness of the system. For example, an IT billing system is vital if it is based on operational technology.
  • Browser Encrypted Display (VDI) To display the HMI of a remote phone operator or on desktop computers, laptops, and tablets.
  • Multi-Factor Authentication (MFA) is given. There are many types of MFA, but industry organizations must implement hardware-based, closed-loop code access without access to the cloud to meet the requirements of the mobile operator on-site and remote access.
  • Safe Moderated File Transfer Provides bi-directional or unidirectional file transfer capabilities for each system connection.
  • Application and order fragmentation Ensures that systems and applications are logically segmented to reduce blast radius for cyberattacks.
  • Time-Based Access Controls Reducing the time that vendors, contractors, and plant technicians interact with critical systems.
  • HMI access sessions must be logged by mobile operators and remote users for forensic and training purposes.

As the energy industry adapts to the changes presented by a changing workforce and the convergence of information technology and operational technology, remote user access will become even more important.

Bill Moore is the CEO of Xona Systems.


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including technical people who do data work, can share ideas and innovations related to data.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You could even consider contributing an article of your own!

Read more from DataDecisionMakers

Leave a Comment

Your email address will not be published.