Power generation sector vulnerable to attack?

Mar 27, 2006 3:02 PM

While most U.S. refineries are well prepared to identify, repel or neutralize man-made attempts to disrupt operations, it does not mean that refineries are operating at a "best practice" level with respect to physical and cyber security, a critical infrastructure security expert tells the Denver Business Journal.
The U.S. power generation sector -- based on observations at numerous plants and transmission facilities -- is woefully behind in deploying both hard and soft methods to keep hackers and terrorists from disrupting operations, according to Ken Miller, CEO of Denver-based Ensuren Corp., a provider of security solutions for critical infrastructure.
He clarifies that the huge conglomerates that own most of America's refining capacity have put together more comprehensive security programs that establish standards for information technology and security in critical control environments. In mid-tier and smaller refineries, however, this effort has not happened yet.
But the refineries are more sophisticated than power generators in terms of security, Miller says. He goes on to say that it would require a comparatively small investment of time, manpower and money for the power generation sector's security initiatives to reach the sophisticated level of the refineries.
While the process control technology in refining is almost identical to that in power generation, Miller points out several differences, the most important being that power plants are more likely to have process control systems in unsecured areas, easily available to anyone who has access to the plant. Generally, more technicians work on process control systems in power generation, while more engineers work on process control systems in refining.
He says the power generation sector needs to focus more attention on securing all layers of the process control environment -- facilities, personnel, networks and systems. "At some locations, as soon as you enter the property, you realize that the physical security is so weak that cyber security almost becomes moot," Miller says.
In terms of computer-based attacks, both the power generation and refining sectors must be ever-vigilant against a malware intrusion, he adds. There is a very high propensity for the propagation of malware through process control networks, either intentionally or accidentally, that can bring down view and control of critical processes.
"While the refining industry is voluntarily moving into what we call cyber security, we are finding fewer power generation groups doing the same," Miller says. "The power generation sector, however, is being pressured by the North American Electric Reliability Council (NERC) to focus more on defense against cyber attacks."
Please visit The Denver Business Journal to read the full article.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue