Issue: 70  /  July 2020

Foreword

Welcome to the July 2020 issue of PSC News.

In this issue, we’re pleased to feature our IT and power system specialists who have contributed articles related to cybersecurity in the electricity industry. One such topical piece is a white paper by Mark Prentice about Intrusion Detection Systems in an OT environment.

You can also read part two of John Camilleri’s series of articles exploring some of the real-world applications of a distributed system approach. And the final installment of Peter Brown’s two-part series of Australia’s energy regulatory is also included.

These articles and more are featured in this issue which we hope you find relevant and useful.

I hope you enjoy the update, and as always, we welcome your comments and suggestions.

Tim Ritchie Chief Revenue Officer

White Paper: IDS Considerations for OT

Author: Mark Prentice

 

Rapid technical evolution within the utility data center, including smart metering, IoT, and cloud-based solutions, are all giving rise to more focus on and investment in the cybersecurity of OT networks.

The Intrusion Detection System (IDS), already a staple in IT security, is gaining increased relevance to the utility industry as IDS vendors have enhanced their products with features specifically for Industrial Control Systems (ICS). The IDS can now serve as a critical tool in the monitoring of SCADA/EMS/DMS networks.

This white paper explores the recent advancements in IDS technology as they relate to Industrial Control Systems, the benefits of leveraging IDS in the utility OT domain, and presents some key considerations for those interested in adopting IDS in the OT environment.

IIoT and the keys to actualizing the decentralized energy revolution – Part 2 of 3

Author: John Camilleri

Innovations in power generation, storage and transmission technologies are forcing a shift away from centralized power generation towards a distributed, decentralized model. Utility operations are presented with new challenges related to security and controls; how they respond will shape the future of the decentralized energy landscape. This 3-part series investigates the potential applications of distributed systems, as well as the role of interoperability in actualizing the decentralized energy revolution.

In the first installment of this series, the concept of the grid edge was introduced and the advantages and challenges presented by distributed systems was covered. In this, the second of three articles, some of the real-world applications of a distributed system approach are explored.

National-State Cyber Warfare: Energy Industry in the Crosshairs

Author: Robert Anderson
 

It used to be that to keep your network safe, you only needed to be more secure than other networks. Attackers would go after easy targets and avoid the more secure ones. You might remember the adage, “You don’t have to swim faster than the shark to get away. You just have to swim faster than the guy next to you.” But what if the shark decides you’re worth the extra effort?

This is what an advanced persistent threat does. It goes after specific targets based on what it wants to exploit from those targets.

Advanced Persistent Threat

An advanced persistent threat (APT) refers to a group of cyber-attackers who work together, are highly motivated, skilled and patient. They have advanced knowledge and a wide variety of skills to detect and exploit vulnerabilities in systems. They are persistent and focus on exploiting one or more specific targets rather than just any target of opportunity.

Prioritizing cybersecurity governance

Author: Robert Anderson

The people who manage our increasingly complex and interconnected electricity systems never stop thinking about their customers. Their mission of delivering reliable, safe and affordable power is uncompromised because their customers demand it. Electricity is ubiquitous and expected to always be available in quantities bound only by what a consumer can afford and the capacity of the wires.

Securing critical infrastructure

The power system is often deemed ‘critical infrastructure’ or ‘critical national infrastructure’ by governments to underscore its essential nature for the functioning of societies and economies. The mission-critical nature of electricity as the foundation for all other infrastructure is precisely why the role of cybersecurity is gaining ground within the electric utility industry.

 

Players change but the game remains the same

Author: Gary Landels

The pace and timing of electric utility workforce change varies between organizations, geography and regulatory environments. Meanwhile, the mission remains the same; reliable, affordable, safe electricity. As the energy industry evolves, it’s clear that electrical engineers will continue to play a significant role in the grid of the future.

Aging Workforce

We’ve all heard about the aging electric utility workforce. It was just a few years ago that the U.S. Department of Energy reported 25 percent of the electric utility workforce – those born in the mid-1900s, also known as “Baby Boomers” – would be eligible to retire within five years. This issue is not limited to the U.S. In the UK, National Grid warns that a fifth of employees in the energy sector are due to retire by 2030.

Transferring knowledge and maintaining core engineering competencies – as well as keeping up with emerging trends and the skills they require – remains a challenge for many utilities. The key point is that the electric utility industry is an experienced, niche workforce that can be challenging to backfill and keep skilled-up to move into the future.

PSC’s operations in Australia and New Zealand earn ISO 9001:2015 re-certification

Author: Glenn Pallesen

PSC is pleased to announce that our operations in Australia and New Zealand have been re-certified to the international Quality Management System Standard ISO9001:2015 for another three years to July 25, 2023. PSC in the Asia Pacific region was first certified in July 2003 and we are proud to continue that certification 20 years later.

By auditing our processes, we assure our clients are receiving the highest level of service. Formal certification of PSC’s quality management system demonstrates our commitment to quality, productivity and client satisfaction.

​Australia’s unique energy regulatory context – Part 2

Author: Peter Brown

This is the second of two posts related to Australia’s generator regulatory framework. These posts are intended to raise awareness and inform recent entrants into Australia’s generation market.

In a previous post on this topic, I gave an overview of compliance obligations for new generators connecting to Australia’s National Electricity Market (NEM). In this follow up I go into further detail on Compliance Monitoring Programs. To view a diagram of the various entities involved, please refer to Part 1 of this blog.

Compliance Monitoring Programs
Compliance Monitoring Programs are comprehensive sets of procedures, processes and systems that ensure generators connected to the NEM do not have an adverse impact on system security or stability. They set out the methods by which generation assets and associated systems are routinely monitored to ensure that plant performance does not change over time, affecting compliance with the registered Generator Performance Standards (GPS).

Protecting wind farms

Author: Robert Anderson and Carlos Galvan

Globally, renewables make up the majority of new generating resources. This is partly driven by city, state, country and utility commitments to decrease carbon emissions. The increasing penetration – especially of Distributed Energy Resources (DERs) like solar and wind means the attack surface of our energy infrastructure is growing, and greater utility management is required to maintain grid reliability.

Wind farm vulnerabilities

Wind farms are cyber-physical systems consisting of overlapping networks of power distribution controls and data flows. Their design includes various potential access points, both physical and digital. More obviously, a wind farm includes multiple turbines, Remote Terminal Units (RTUs), collector feeders, switchgear, and substation equipment that we can see. Digital/cyber access points include the not so obvious technologies running in the background, like Supervisory Control & Data Acquisition (SCADA) for gathering real-time data and other embedded software and IIoT technologies.

Wind farms are also remotely connected to various entities that have communications access. The wind farm owner’s control center, OEMs, O&M providers, and the local utility, to name a few. These entities may utilize different levels of security mechanisms making for a more complex cyber-physical security landscape.

PSC Welcomes New Staff

Tao Ma

PSC welcomes Tao Ma to the role of Senior Accountant in the Kirkland office.  Tao has joined from CallisonRTKL Inc, a multinational architectural design consultancy firm, where she worked for 10 years in the Seattle office focusing on a variety of accounting and finance functions, including intercompany billing and foreign currency transactions.  Prior to this, she worked for a number of other multinational firms in Shanghai, China, in different accounting positions, bringing a wide range of experience to PSC.