Vulnerabilities in power plant security can lead to catastrophic consequences. Deploying the latest security solutions is one way power plants are securing their facilities.
There is a “disruptive digital revolution and digital transformation at hand,” resulting from the many software-centric solutions that improve processes, reduce risk, derive savings and enhance overall workflow.
Many power plants are now seriously considering the various threats to facilities and the available solutions to mitigate threats. Some of the solutions power plants are exploring and implementing include artificial intelligence (AI), advanced analytics, biometrics, data mining and identity access management. These solutions can decipher “real risks” and provide the opportunity for a much more proactive response.
In terms of more traditional security technologies like video surveillance and access control, there are many ways the latest technologies are assisting with plant security. Improvements in camera technology and deployment capabilities have made it easier to deploy cameras to important areas requiring increased security. Cameras that leverage advanced video analytics and AI are helping plant operators identify threats such as suspicious bags, placement of unusual objects, etc.
Power plants are also using video surveillance cameras in conjunction with radar. This is because some plants are located near water (as it is used as a coolant), fog and other weather can make surveillance challenging. Since radar senses motion from farther distances than traditional video surveillance cameras, it is useful in more challenging environments. These technologies are to be used in addition to existing video surveillance solutions, not a replacement for other security measures.
Access control technology is being used by power plants to protect against unwelcome and unauthorized visitors, as well as to monitor who is on the premises at all times. Critical areas of the plant, including the control room, safety systems and others, require card or biometric access, and are sometimes manned by guards.
Certain technologies installed at utility power plants are used daily to ensure that strict procedures are being followed and compliance is being met. An example might be the use of access control and identity management tools used to track employees, contractors and visitors that enter and exit power plants.
Access control databases and video files are frequently used to adhere to North American Electric Reliability Corporation (NERC) compliance. Those events and the reporting tools that are output from the respective databases are used for investigations, compliance reporting and for audit purposes.
In addition to secure access management systems some power plants are deploying extra measures like security entrance kiosks to check portable media drives for malware before they are brought inside the power block.
The kiosk can scan USB drives and other portable media using up-to-date antivirus systems. For instance, the kiosk can be placed at the entrance to a production floor, factory building, etc., to specifically ensure that the USB drives are ‘clean’ before crossing the plant threshold.
Apart from physical access, power plants must also closely monitor its network access. There is a large and heterogeneous population of users that have access to the network with credentials and elevated privileges, including employees, subcontractors, partners, suppliers, maintenance workers and perhaps even customers.
In fact, one of the biggest threats to the security of the network and SCADA operations are these insiders. As such, it is important to give authorized personnel proper training so they know how to minimize risk and appropriate access for their role; no more and no less.
Adapted from a&s Magazine
