Global energy solutions provider KEMA Inc. announced a suite of consulting services to help utilities, energy companies and other companies with process control systems assess the susceptibility of these systems to potential security breaches and then develop and implement cyber security strategies appropriate for each system.
Secure and uninterrupted operation of the critical infrastructure used to control power plant and substation equipment is essential to the continuity and reliability of the world’s utility services. KEMA’s new Cyber Security Practice was launched to help utilities and energy companies ensure the security of the electronic control and protection systems (ECPS) that operate the core functions of not only electric and gas utilities, but also water/wastewater systems, according to the company. The emphasis is on electronic security of those systems used to regulate physical processes, such as electronic protective relays, substation automation and control systems, power plant distributed control systems (DCS), energy management systems (EMS), supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLC).
KEMA is working with the National Institute of Standards and Technology (NIST) and the Department of Energy’s Idaho National Engineering and Environmental Laboratory (INEEL) to help identify and develop technology to secure these critical control systems.
“The vulnerability of our control systems to cyber attacks has never been more critical than it is today,” said Joseph Weiss, KEMA Cyber Security Practice leader and a well-known industry expert on control systems and electronic security of control systems. “Control system and electronic protective relays are essential to the functioning of the infrastructure and key economic sectors,” he explained. “While these systems have been designed for performance, minimal consideration has been given for their electronic security. In fact, there have already been more than 30 cases of intentional or unintentional cyber impacts on control systems. Such cyber security breaches can result in damaging and costly safety, regulatory and business operation consequences.” Weiss has more than 30 years of experience in the energy industry and spent more than 14 years at the Electric Power Research Institute (EPRI), where he led a variety of programs, the last of which was cyber security for digital control systems.
Some of the consulting services provided by KEMA’s Cyber Security group include:
“- SCADA/EMS and power plant control system cyber security assessments and policy/procedure development;
“- Cyber security support for factory acceptance testing of SCADA or DCS/PLC implementations;
“- Security guidelines for Internet access to control system displays;
“- Control system architecture reviews, including security vs. performance trade-offs;
“- Risk assessment methodology, including cyber-specific issues;
“- Fossil and/or nuclear plant instrumentation and controls for security or performance enhancements;
“- Security test bed support and vendor coordination;
“- Cyber security support with industry protocols such as ICCP, UCA and DNP;
“- FERC notice of public rulemaking (NOPR) compliance support;
“- Control system cyber security workshops and seminars.