Managing the Cyber Resource Gap in Operational Technology
(Room Nile 4)
19 Sep 17
4:00 PM
-
5:30 PM
Tracks:
Track B - Digitalization / Finance & Investment
For years security incidents have been identified as an additional challenge that can jeopardize power-plant availability and efficiency. With that in mind, the era of digitalization might seem hard to handle but to the contrary: technological progress tightly linked to the phenomenon of digitalization has given us the means to prevent, address and counter cyber security issues much more efficiently. Digital systems within power plants have been around for decades. As the power plant business is data-dependent and important for infrastructure by nature, it has been in focus for the development of cyber security products and services for years. So far, most of these measures have been based on classical, manually-triggered approaches. Meanwhile cloud-based services, leveraging the potential of digitalization, are ready-to-use. Digital and cloud-based approaches help tremendously to reduce time and effort to obtain indications and recommendations on security issues any time. Nevertheless, classical approaches are still essential to improve and maintain plant security. The right mixture of both is key for meeting security requirements such as: • Power-plant-specific security policy • Security assessment and re-assessment considering, e.g., NERC CIP, VGB Security, IEC62445 and System component security set-up and check e.g. firewall rules, component hardening, component communication ports and services • Installation of security-specific hardware or software components • Periodic security software maintenance, e.g., malware protection, whitelisting mechanism, penetration check, security patch management • Security response handling to assist evaluation of cyber-intrusion issues This paper provides insights on how to create the right mix of classical and digital security measures for the power generation business to ensure that both approaches complement each other and make sure cyber security is always maintained.