Process Cybersecurity, Data Integrity and Impact of Measures (and sensors)
Agustín Valencia Gil-Ortega
Manager for OT/ICS/xIoT Cybersecurity Development. Senior Advisor for Regulation, Risks and Emerging Technologies Landscape
Can a single plant de-estabilise a complete electrical grid?
I decided to write this after reading the article by @Joe Weiss regarding the lessons learned published by NERC after experiencing frequency disturbances over the eastern grid.
Our energy is run under Alternating Current (AC) since Tesla model was definetely adopted and its frequency is 60Hz-50Hz (depending wether you are in America or Europe etc). It is important for all rotating machines, from washing machines to turbines generating power.
In a connected grid, frequencuy is the dynamic result of forces due to real time differences in generation versus consumption, all over such grid
If frequency varies much, rotating machines tend to trip to self protect, what can lead to cascading effects if variation grows. I usually use this video to explain the escalation from systems to ecosystems (as electric grids are indeed).
In this case, the origin of the variation was due to a combined cycle power plant in Florida. It was discovered that a power transformer had been misconnected, leading to a wrong output power measure.
Such measure is needed by the control module name PLI (Power Load Imbalance) that sends correcting signals to the power island (gas & steam turbines) to match the power reference.
If the reference is higher or lower than the power output, the controls will work over steam or gas valves to adjust both processes. These systems are adjusted to work really smooth on little variations but to react fast if variations are big. (Wind turbines have something similar working over the pitch controller, different reaction speed)
Bad readings caused big variations and fast reaction from systems that, not only needed to work on control valves but on interception valves (steam side). You can see better the steam flow in the following video.
The plant experienced oscillations for 18minutes and reaching 200MW peak to peak, what led operator to remove the unit from service. In this case we are speaking of a manned plant where noise and vibrations (and shocks as interception valve seemed to close several times) could be sensed from the main control room, in case of remote operations, only a number oscillating that could have led to higher consequences.
Normally, from an asset management perspective, a power plant has in their turbines their crown jewels, however, this example reminds that criticallity has to be analysed from a process perspective to put together controls and instrumentation involved.
Now more eyes put on controls, but mainly as for a IT perspective, this event has to make us highlight the processes involved in maintenance and engineering modifications, and their potential impact on the whole ecosystem.
And regarding the whole architecture, let's think deeper on sensors, traditionally connected to the controllers, so that no encryption or authentication was considered but now are deployed widely, connecting through TCP/IP, with similiar security levels (non existent) increasing surface of exposure.
And think of Aurora project, these instruments can be configured in a wrong way and it could compromise the process without meaning to be malware!
Telecommunication engineer. Cybersecurity. Industry 4.0
3 年Over time and with the development of ICS, as many more sensors will be integrated in the ICS and it becomes more necessary study the right frequency data acquisition to calculate (optimally close to real time) with them the errors that controlate the control routines with process feedback conexions. And in complex examples the control routines will be programed in different ICS devices with real time OS that works sending data between them and in a synchronized tasks execution way. For this, it will be increasingly difficult to implement the typical control routines (proportional, derivative, integrative ...) and in a mix cocktail with more data variables available to detect outstanding states and values of the normal operations. On the side of industrial monitoring and control protocols, in some sectors it′s still a fantasy to find ICS thats implement secure versions of protocols for the conexions with SCADA servers. At least to improve the data integrity. Expeciallly important in the enviroments with the operational intelligence and processes implemented and centralized in the SCADA servers.
Analytics manager la TRANSGAZ SA
3 年Great post! The concept could be extended to deep learning systems. The sensors are sources of information (cases in deep learning?) fed to the DL system. If the sources of information are biased, the learning process is corrupted so the decision based on the DL machine could be biased too. A suitable approach could include a formal evaluation of trust in information sources.
Industrial cybersecurity Consultant, Performed Cyber Risk Study of the ICS used in the NATO CEPS.
3 年A very good article. I like the discussion on sensors and wish there was more. For example what kinds of sensors are used in electric power and distribution. I am writing a report on the use of renewable energy sources in a smart grid and am interested in the role of sensors in keeping the system stable. Especially like the term used in the title, "Process Cybersecurity" , which implies something that is different from the Office-IT Cybersecurity. Understanding this distinction is an important first step toward coming up with appropriate measures to protect the technologies used in our critical infrastructure. I hope term "Process Cybersecurity" will catch on.
EMEA Senior Sales Engineer at Seagull
3 年Agustin, you are the top man ??.
Consultor Senior GRC y Desarrollo de Negocio en GOVERTIS Advisory Services (Telefónica Tech)
3 年Agustin Valencia Gil-Ortega , GREAT POST!!! Thanks a lot!!!