A few thoughts on Power Plant Security

Tom Tuunainen

It seems like eons ago, when technicians and operators had to physically be on the power plant site in order to manage control systems and to implement adjustments. It is actually not so long ago, but thankfully, this is no longer the case.

The last decades have seen a huge growth in the field of remote access and communications in the energy sector, but with this newly won freedom comes also new vulnerabilities. Just like buildings are physically strengthened to keep out the individuals with malicious intent, we must now consider how to fortify our electrical grid that is relied upon to generate and deliver power to businesses and residences throughout the country.

Previously, when threats were only of a physical nature, power plant operators created and conducted drills to prepare for incidents. While a physical attack is still a concern, we must nowadays also consider digital protection, because villains are looking for methods to disrupt the power supply grid that is today an integral part of an ever-changing digital landscape.

Because of the rapid rate of development in this sector, it is imperative that power plant technicians understand both the physical and digital threats they may face. As we see technology changing, we must ask what the potential threats are at each step.

While remote access has certainly improved power plant operations, the increase in vulnerability cannot be ignored. Power plants are nowadays usually remotely monitored by both their transmission operators as well as their scheduling coordinators. Even though this has helped to create a more monitored and predictive power grid compared to a mere decade ago, it has also created a lot of potentially vulnerable access points that were of no concern in the previous years.

Modern locations that e.g. specialize in wind or solar power, use frequently remote operation solutions. This, however, also opens the door to hacking and information exploitation that must be confronted. Solutions that rely on remote technologies must be aggressively embedded with firewalls and monitoring, as well as identification solutions of unauthorized access attempts.

The best defense against security threats is to be proactive. One should e.g. educate employees and run drills that focus on what an unauthorized access attempt looks like. After this, one should provide the tools and training to counter or completely stop malicious attacks. Standard operating procedures must be examined thoroughly, and also questioned, in order to determine if they are doing enough to protect the facility. Acting too late with matters related to cyber security can be destructive not only to the facility, but also to the entire electric grid.

The electric grid is an obvious target for those wishing to cause large-scale disruption and harm. Power plant management need however not live in fear, nor feel vulnerable. Armed with knowledge, companies should seize every opportunity to prepare themselves, and also build an understanding of cybercrime prevention technologies. Highly motivated managers can optimize these advances in crime prevention for their own benefit, instead of passively hoping to avoid an attack by villains.

The future of power production is exciting and advocating for cybersecurity education and innovation will help us meet the future safely with enough power for us all.

Tom Tuunainen
R&D Developer
Centria University of Applied Sciences
Tel. +358 40 681 7207