Securing power plant facilities requires a comprehensive security solution, including video surveillance, access control and cybersecurity.
Vulnerabilities in power plant security can lead to catastrophic consequences. Deploying the latest security solutions is one way power plants are securing their facilities.
Matthew LaRue, Senior Account Executive at Convergint Technologies
noted that there is a “disruptive digital revolution and digital transformation at hand,” resulting from the many software-centric solutions that improve processes, reduce risk, derive savings and enhance overall workflow.
“Many power plants are now seriously considering the various threats to facilities and the available solutions to mitigate threats,” LaRue said. Some of the solutions power plants are exploring and implementing include artificial intelligence (AI), advanced analytics, biometrics, data mining and identity access management. These solutions can decipher “real risks” and provide the opportunity for a much more proactive response, he added.
In terms of more traditional security technologies like video surveillance and access control, there are many ways the latest technologies are assisting with plant security. Ernie Hayden, Founder and Principal of 443 Consulting
noted that improvements in camera technology and deployment capabilities have made it easier to deploy cameras to important areas
requiring increased security. Cameras that leverage advanced video analytics and AI are helping plant operators identify threats such as suspicious bags, placement of unusual objects, etc.
Luke Bencie, Director, and Paige Morrison, Junior Associate, at Security Management International (SMI)
explained that power plants are also using video surveillance cameras in conjunction with radar
. This is because some plants are located near water (as it is used as a coolant), fog and other weather can make surveillance challenging. Since radar senses motion from farther distances than traditional video surveillance cameras, it is useful in more challenging environments. SMI emphasized that these technologies are to be used in addition to existing video surveillance solutions, not a replacement for other security measures.
Access control technology
is being used by power plants to protect against unwelcome and unauthorized visitors, as well as to monitor who is on the premises at all times. Critical areas of the plant, including the control room, safety systems and others, require card or biometric access, and are sometimes manned by guards.
Darin Dillon, Energy Principal at Convergint Technologies pointed out that certain technologies installed at utility power plants are used daily to ensure that strict procedures are being followed and compliance is being met. An example might be the use of access control and identity management tools
used to track employees, contractors and visitors that enter and exit power plants.
“Access control databases and video files are frequently used to adhere to North American Electric Reliability Corporation (NERC) compliance
. Those events and the reporting tools that are output from the respective databases are used for investigations, compliance reporting and for audit purposes,” Dillon said.
In addition to secure access management systems some power plants are deploying extra measures like security entrance kiosks to check portable media drives for malware before they are brought inside the power block, Hayden said.
Olea, a manufacturer of security kiosks, offers a portable media cybersecurity kiosk to aid in safeguarding a power plant’s networks and incident command systems (ICS) from malware threats due to removable media (e.g., USB drives) brought in by contractors, vendors, employees, etc. The kiosk can scan USB drives and other portable media using up-to-date antivirus systems. “For instance, the kiosk can be placed at the entrance to a production floor, factory building, etc., to specifically ensure that the USB drives are ‘clean’ before crossing the plant threshold,” Hayden explained.
Apart from physical access, power plants must also closely monitor its network access. Michael Rothschild, Senior Director of Product Marketing at Indegy
pointed out that there is a large and heterogeneous population of users that have access to the network with credentials and elevated privileges, including employees, subcontractors, partners, suppliers, maintenance workers and perhaps even customers.
“In fact, one of the biggest threats to the security of the network and SCADA operations are these insiders,” Rothschild warned. “As such, it is important to give authorized personnel proper training so they know how to minimize risk and appropriate access for their role; no more and no less.”