- Do serious risk analysis.
Determine what your exposure is to identified threats, their consequences, cost of mitigation and risk tolerance. Create a risk profile of critical assets - Implement policies and procedures.
Before implementing any technical solution, create a comprehensive set of policies and procedures that serve as guidance to operators, security personnel, and vendors. - Ignore training at your peril.
Often overlooked, staff training is one of the most important components of a good security plan. Having the right technical policies, procedures and infrastructure is useless without people knowing how to properly use them. - Make security policies as important as safety policies.
You should have zero tolerance within the organization for security breaches across any aspect of your SCADA environment. Such breaches can lead to loss of life, bodily injury or other consequences. - Integrate physical and cyber security.
Physical access controls and surveillance technologies need to be integrated into an overall cyber security infrastructure. Just as SCADA has migrated to the use of IP protocols and COTs technologies, access and surveillance functions have moved in parallel. - Create a “trust” zone.
Isolate cyber assets from all personnel except those specifically authorized. Focus on methodologies and technologies that authenticate and authorize only those who are trusted. - Establish authentication for users and devices/systems.
Device/system “fingerprinting” provides the first layer in creating a “cyber fortress” architecture. Such architecture creates a trust perimeter for both SCADA systems and access clients. - Strictly enforce privileges.
Ensure that only authenticated systems and clients are allowed to communicate across an encrypted communications channel. All applications should use Role Based Access Control (RBAC). - Use dynamic password methodologies.
Periodically changing passwords is a best-practice policy worth following. Using a dynamic challenge and response mechanism between hardware devices creates a hardware password that is enforced dynamically and only known between trusted devices. - Adopt physical device recognition.
Many companies seek to mitigate the risk of problems caused by humans by using multi-factor authentication, notably human biometrics. While all of these serve to identify an authorized user, most are not practical in an industrial environment. The best solution is to include a user’s computer as part of an identity and access control solution, validating identity through multi-factor identification.
 Click here to enlarge image
|
Uniloc USA is a leader in electronic physical device recognition (PDR) for critical infrastructure security. The core technology platform driving Uniloc innovation is physical device fingerprinting, the company’s patented method of uniquely identifying a user device.
A Look at Demand Response Programs and Offerings around the U.S
Energy Curtailment Specialists Inc. (ECS), a privately held demand response provider in the United States, announced plans to aggressively launch their demand response program, coined the “PowerPay! New England” Program, throughout the New England territory. ECS currently has several thousand customer facilities participating in their demand response programs across the country, from a wide variety of industries, including manufacturers like General Motors, hotels under the Marriott International brand, hospitals, commercial high rises, large retail chains, educational institutions like Columbia University, among other industry types.
In summer 2007 ECS’ customers across all markets combined to reduce more than 850 MW of power from the grid, an amount equivalent to that which is necessary to power 850,000 New England homes. Tens of millions of dollars were paid to these customers for participating.
 Click here to enlarge image
|
Energate Inc. and Trilliant Inc., an industry-leading provider of advanced metering infrastructure (AMI) based on open standards, have been working together on a number of demand response (DR) pilots. In particular, Energate and Trilliant, in cooperation with other DR partners, have launched a 2008 pilot with E.ON US to measure how consumer-centric DR solutions can have a positive effect on energy usage. This represents a pioneering use of two-way RF (radio frequency) mesh network communications combined with next generation in-home energy management technology, supporting both metering and DR on the same platform.
EYE ON EUROPE:
Siemens Cuts Jobs: Plans call for Siemens to eliminate approximately 12,600 jobs worldwide. An additional 4,150 jobs will be affected by restructuring projects. Overall, 16,750 jobs will be affected by the planned cutbacks.
 Click here to enlarge image
|
“Against the backdrop of a slowing economy, we have to become more efficient,” said Siemens President and CEO Peter Làƒ¶scher. In Germany, about 5,250 jobs will be affected by the planned personnel reductions. The locations making the biggest contributions will be those with the most employees: Erlangen, Munich, Nuremberg and Berlin.
ENTSO-E Launched. The CEOs of 36 European transmission system operator (TSO) companies from 31 countries signed a declaration of intent, as a proactive step ahead of the draft Third Legislative Package to create a new association, the European Network of Transmission System Operators for Electricity (ENTSO-E), before the end of 2008. The new TSO body will be established for the need of the TSO community and in accordance with the principles set out by the draft Third Legislative Package of the Internal Electricity Market.
ERCOT Switching Customers
Electric Reliability Council of Texas Inc. (ERCOT), grid operator for most of the state, announced in July that customers of Blu Power of Texas are being switched to providers-of-last-resort (POLRs) at the request of Blu Power.
The number of customers being switched is 2,092, including 2,087 residential and five small non-residential customers. The size of the associated load is approximately 59 megawatt-hours per day.
Residential customers by transmission provider are:
 Click here to enlarge image
|
ERCOT will work with transmission providers and affected retail electric providers to begin the switching process today. Most switching was completed by Thursday, July 3.
Customers who are transitioned from Blu Power to a designated POLR were notified in accordance with Public Utility Commission (PUC) rules which require both the defaulting retail electric provider and the new provider to notify the customer.
The POLR service is designed as a temporary safety net assuring continuous electric service if a retail electric provider leaves the market, and customer accounts are not sold or transferred to a competitor. POLR rates may be high due to planning costs, so Blu Power customers who receive notice that they are on a POLR rate should immediately review the notice and contact the provider or a different provider to enroll in another plan.
TIDBIT:
Utah-based Heber Light and Power Company has selected the Sensus Metering Systems’ FlexNet advanced metering infrastructure (AMI) solution. Heber’s plans call for deployment of the system to more than 9,000 residential and commercial electric customers.
KUA Energizes New Substation
Kissimmee Utility Authority energized a new electrical substation that will increase power reliability for parts of Kissimmee.
Named the Pleasant Hill Substation, the $18 million project was developed in an area of Kissimmee that has seen explosive growth in recent years, including a 28 percent increase in load growth in 2004 alone.
 Click here to enlarge image
|
The substation project consisted of a 69/13.2-kV substation and two 69-kV overhead power line circuits, totaling 6.24 miles in length. The substation is located near the intersection of Pleasant Hill Road and Pleasant Hill Ranch Road.
KUA owns and maintains 11 substations in Kissimmee.
Department of Homeland Security Sponsored Cybersecurity Workshop
Top cybersecurity researchers and infrastructure protection specialists from five countries were in Idaho Falls earlier this year participating in an annual international cybersecurity training workshop. The four-day event was sponsored by the U.S. Department of Homeland Security’s National Cyber Security Division and the U.S. Department of Energy’s Idaho National Laboratory.
 Click here to enlarge image
|
Approximately 40 researchers from Australia, New Zealand, the United Kingdom, Canada and the United States learned about new technologies and methods for enhancing the security of infrastructure network and process control systems.
 Click here to enlarge image
|
This was the second year for the workshop which featured several interactive cybersecurity training courses, technology discussions, and a simulated cyberexercise that tested participants’ knowledge and abilities to detect, deter and prevent an intrusion on a utility network.
PG&E Selects Aclara to Provide Smart Meter Data Access
Pacific Gas & Electric (PG&E) has chosen Aclara to provide its customers with access to data being generated by smart meters. The Aclara Software application will launch this year and will enable customers to access daily and, in the case of electric customers, hourly, views of their energy data over the Internet. In addition, customers will be provided with a range of tools to help leverage the information. For example, they will be able to view an estimate of their energy bill every day on a month-to-date basis. Furthermore, they will be able to compare rate plans to determine whether they might be better off on a time-based rate based on their usage patterns.
“We are very excited about working with PG&E on this critically important initiative,” said Martin Flusberg, president of Aclara Software Inc. “More and more people are recognizing that the key to delivering value from a significant investment in advanced metering, particularly as it relates to reducing peak load, is to provide customers with the appropriate applications that really enable them to utilize the information to better manage their energy use.
 Click here to enlarge image
|
“This can be as simple as overlaying weather data on usage so that customers better understand the impact of weather on their energy use, or proactively using alerts to notify customers when they have passed pre-defined thresholds, allowing them to adjust behavior to get bills in line.”
PG&E customers already can use Aclara Software solutions to access billing histories, analyze bills, and create personalized energy-efficiency strategies. Tens of thousands of PG&E customers currently make use of these applications on a monthly basis.
R.W. Beck Tells All: Reduce Voltage
Reducing the voltage on power distribution can continue meeting consumer expectations while saving energy for both the customer and the utility, according to a recent study performed by R. W. Beck.
“Delivering reduced voltage to individual consumers–while remaining within utility bandwidth standards–results in significant cost savings for the customer and utility due to reduced meter demand for energy,” said K.C. Fagen, project manager for the Distribution Efficiency Initiative (DEI). “Our research highlights correctable inefficiencies in the distribution systems based on the 10 substations and 31 distribution feeders included.”
R. W. Beck collaborated with the Northwest Energy Efficiency Alliance, RLW Analytics, Auriga, Inc., Hunt Power and 13 Pacific Northwest utilities on DEI, a two-part study that investigated the effects of power consumption in relation to the applied voltage. Utilizing advanced software to collect and analyze individual meter data, the DEI team applied the results by performing system improvements on feeders and was able to reduce the overall voltage 3 percent and energy consumption by 2 percent.
