I’ve been to the UK twice this year. The traffic is terrible! Worse than I ever remember! Commentators that’s a good sign -- a sign of economic prosperity. That certainly seems to be the case in the UK. My last European-related blog -- Ferguson Group Ltd keeps an Eye on Operations with Cisco Physical Security -- talked about the Oil industry and how the UK’s fortunes were turned around by the North Sea Oil discovery at about the same time the US astronauts were landing on the moon.
This time it’s the Utility Industry -- electric power to be exact -- that’s causing a stir.
Creating the Telecommunication Blueprint for Grid Modernization, Weston Power Distribution had already chosen Cisco for a Low Carbon Study, building a pilot communications infrastructure to support 11kV grid reinforcement monitoring. The Flexible Approaches to Low Carbon Networks (FALCON) initiative, a government funded study project in the UK has the goal of improving the industry’s understanding of infrastructure needs in a low carbon future.
U.K. utility regulator Ofgem has estimated that £32 billion of new grid investment will be required within the next 10 years, twice the rate of investment over the previous two decades. Western Power Distribution (WPD) undertook a study to see how the cost of reinforcing its 11kV grid can be reduced based on smarter investment that draws on innovative intervention techniques that can replace or supplement conventional methods.
The UK wants to reduce carbon emissions by 80%, while still handling the peaks and troughs of increasing demand. “Reliable and secure near real-time communications is a key element to the FALCON initiative”, as Andrew Longyear, a Cisco thought leader on the subject commented. “The telecommunications and data management within our project such as FALCON is the SMART in Smart-grid, added Roger Hey, Future Networks Manager, Western Power Distribution.
The key objectives of the Cisco communications network solution for WPD included:
Designing and deploying an IP-based communications infra structure using IEEE 802.16e WiGRID access and backhaul technologies
Helping ensure adherence to WPD’s security policy for design and implementation
Learning and disseminating all information and findings related to the technologies deployed so far.
Creating a blueprint for WPD and for other utilities in the United Kingdom as they test the same intervention techniques
And the intended benefits? Here’s what Sanna Atherton, Innovation and Low-Carbon Networks Engineer, Western Power, said in the video: “The benefits of Project FALCON are to increase the capacity of the network within the Milton Keynes area, and to enable customers to connect to low-carbon technologies”
Watch the video above to see how the initiative is progressing and to hear about the business outcomes achieved and expected. Read the write-up (Western Power Distribution Chooses Cisco for Low Carbon Study) that gives some more background to the project and some technical insight as to how you might benefit from this approach. As always, I’m indebted to the folks in Cisco and the customer for the source material. A big ‘Thank you’!
Cyber security risk management and compliance for industrial control environments -- especially in the Oil and Gas Industry, and the ability to connect experts for mission critical communications and collaboration are key areas that Cisco is addressing with two new services-lead solutions.
We’re living in changing times. Cyber attacks are on the increase and critical infrastructures are under threat. Just finding oil and extracting it economically is becoming increasingly difficult. These two factors are top-of-mind for the oil and gas executives I talk to. Whether it’s an Integrated Oil Company (IOC) like Royal Dutch Shell, or an Oil Services company like Halliburton, many companies are under pressure to secure their infrastructure to protect against cyber, geo-political or operational threats and reduce risks associated operational challenges.
You’ll remember from my recent post: High Energy at Cisco Live in San Francisco, where Alan Matula, EVP and CIO of Shell talked to John Chambers at Cisco Live about how Shell and Cisco were partnering to secure critical infrastructure. Alan talked about how the changes in the oil and Gas industry -- in particular the new non-traditional methods (hydraulic fracturing, or “fracking” and horizontal drilling) mean that hundreds, even thousands, of drill sites may be needed, rather than the more modest half dozen or so that were required in the past.
As the processes required become more complex, and the Internet of Everything enables improves workflows that were not possible in the past, organizations need more visibility into their business and need to have tools that will positively impact the bottom line by protecting against risks, improving efficiency and lowering site downtime.
That’s were the Cisco Secure Ops and Cisco Collaborative Operations solutions come in.
It actually provides “Critical infrastructure security as-a-service” and uses a convenient service wrapper and attaches a set of service level agreements. What it does is support cyber security risk management and compliance for industrial control environments. It addresses risks using a combination of people, process and technology before, during and after a risk or security event takes place. It’s made up of tightly integrated Cisco and third party products and services.
It is designed to be “dropped in” to brownfield or greenfield environments and delivers unparalleled capabilities and security control mechanisms.
The integration extends into commercial arrangements with automation suppliers for services like qualified patch lists and anti-virus updates.
The business benefits are:
Business leaders gainsituational awareness for security maturity and compliance within various parts of the business.
Site leadership and management benefit from reduced management complexity and increased consistency across individual sites, leading to optimized operational costs.
Site technical leaders are provided with a technical solution to help manage security and compliance on a per-site basis as well as valuable tools to increase it through standardized interfaces and capabilities
Corporate risk and compliance leaders receive near real time information on operational risks associated with cyber-security threats and adherence to compliance policies.
It’s actually a collaborative portal that combines voice, video and data collaboration in a single, secure view. It’s an ‘always-on’ style of collaboration that can bring in multiple technologies like Cisco Video Surveillance Manager; Cisco IPICS; landline; mobile; two-way radios and remote speaker integration; chat functionality; WebEx and multiple application sharing. All on a single pane of glass (well, in an ops room that could be a huge wall screen!).
What it’s designed for is operations personnel working in distributed networks and lets remote experts help guide operations in real-time, afford greater reach per expert resource and minimize miscommunication driving faster, better decision making. It can combine multiple feeds, and individuals and feeds can ‘come and go’ as required during a collaboration period. In the case of an Oil Services Company, that could be weeks or months!
The business benefits for this solution are:
Platform enables communication between stakeholders at all times.
Remote Experts can be instantly connected with on-site personnel using voice, video or data.
Solution creates opportunities for workforce development and training, safety improvements, and risk mitigation
Whilst related solutions, many customers may start implementing one before the other depending on their particular circumstances. Remember this is largely a services offering, so customers have the comfort of knowing that Cisco, along with our partners, are ‘bringing this together’ for them to address key business issues.
During the past ENTELEC event held in Houston, I had the opportunity to chat with Shawn Birch – Partner Development Consultant At Tait Communications to ask him about his impressions of the shows and what would be the key care-abouts of IT people during this Oil and Gas event.
Shawn Birch in the Cisco ENTELEC booth
Tait Communications is a multinational global radio communications company with headquarters based in Christchurch, New Zealand. The company has offices in 20 countries and employs approximately 1000 staff. Tait develops voice and data radio technologies, exporting about 95% of products from its Christchurch manufacturing base.
Tait specializes in designing, deploying, supporting, and servicing complete mission-critical unified communication solutions in industries such as Oil and Gas and it is a Global Advance technology partner of Cisco around collaboration solutions and #IoT.
Here it is a short transcript of the things I found very relevant from our conversation:
Cisco booth during ENTELEC
From your experience and point of view what were the key concerns and topics of interest of the customers during ENTELEC? “Convergence of voice, video and data and secure networks for digital oilfield.”
What did we showcase together in the show floor and the key benefits for the customers? “Tait showcased Unified Critical Communication two- way radio solutions integrated together as one through the power of Cisco IPICS (Interoperability and Collaboration System). This is a robust solution that enables and allows improvements in operational efficiency without compromising security. The approach of this solution is to protect the investment in legacy systems and migrate to the next generation of critical communications”
What was the overall reaction of the customers to our demo/presentation? “Excited about the opportunity to blend state of the art Tait two-way radio solutions into the secure umbrella of the Cisco network in support of Unified Critical Communications with multi-modal integration of PTT, (Push to Talk) technology from anywhere, anytime and with any device.”
What will be a key takeaway/final thought you would like to share with our blog-readers? “Be prepared for the future, the IoT solutions will transform the way the people do business in digital oilfields as we continue to merge technologies trough unified critical communications.”
With just under two million customers, BC Hydro is deploying the first standards based multi-services in production FAN network with IPv6 802.15.4/RPL mesh to manage the Automated Metering Infrastructure(AMI), Distribution Automation(DA) and other advanced gird applications.
BC Hydro is fast moving to build an IPv6 network able of supporting 2 Million routable IPV6 addresses in a secure, resilient, and manageable way.
BC Hydro has 41 Dam sites, 30 Hydro facilities and 9 Thermal units and, from a transmission perspective, has 18,000 km of Transmission lines 260 substations, and 22,000 steel towers!
On top of that, BC Hydro has 56,000 km of Distribution lines Approx. 900K poles, over 300K of transformers that serve 17 Non-integrated areas.
The area covered by BC Hydro is equal to the area of California, Oregon and Washington state combined. Impressed/? You will be…
OK, enough of the numbers. So what about the business? Well, the idea is to do three things, according to Fiona Taylor, director of BC Hydro’s smart metering program, said in prepared remarks to a reporter at Smart Grid Today:
“Benefits of the IPv6 network include streamlined operations, improved system visibility and revenue recovery,”
By way of history, under a mandate from the British Columbia government to implement AMI, BC Hydro awarded Itron and Cisco a $270 million contract for smart meters and networking, Gary Murphy, chief project officer for smart metering at BC Hydro, told Smart Grid Today in 2011 (SGT, 2011-Aug-10).
That brings us to a key part of the customer solution. Itron. Itron is a partner of Cisco, and together we have developed some of the most innovative metering solutions for energy customers.
Also, Itron and Cisco are helping to break down silos in the Energy industry infrastructure. There is real added-value in adopting a standards-based approach to smart metering and smart grid. You can read about it in the white paper here.
A couple of the objectives of the partnership deliver direct value to our customers:
Deliver true multi-service, multi-application (applications from metering to grid to workforce) capabilities over a common network infrastructure with standardized and robust security that any utility can implement.
Optimize the total cost of ownership of these networks by spreading the cost over a greater number of grid applications and devices.
The way forward is clear. And foggy. That’s because Cisco is delivering its vision of Fog Computing to accelerate value from billions of connected devices -- meters included! More about that next time when I talk about how Cisco IOx enables applications to run directly at the network edge to overcome rising operational costs and spark new innovations in the Internet of Things.
This is the second of a four part series on the convergence of IT and OT (Operational Technologies) by Rick Geiger
Physical Security has evolved from serial communication to modern systems that are largely, if not completely, IP networked systems. The unique requirements of physical security have often lead to shadow IT departments within the physical security department with networks and servers procured and operated by the physical security department with little or no involvement from IT.
Intersections with IT and the corporate network began with the interconnection of physical security systems and the placement of physical security appliances on the corporate network to avoid the cost of wiring that would duplicate existing networks. At one time IT may have been persuaded that these “physical security appliances” didn’t need to be managed by IT. But that persuasion was shattered by malware infections that revealed far too many “physical security appliances” to be repackaged PCs with specialized interface cards.
IT departments scrambled to locate and remove these vulnerable devices and either outright banned them from the corporate network or insisted that they be managed by IT. A hard lesson was learned that just as the organization, including IT, required physical security, video surveillance and badge access control, the physical security department needed the cyber security expertise of IT to protect the communication and information integrity of networked physical security systems.
Convergence is sometimes regarded as the use of physical location as a criteria for network access. Restricting certain network access to a particular location and/or noting any discrepancies between the location source of a login attempt and the physical location reported by the badge access system. For example, the network won’t accept a login from Asia when that user badged into a building in Philadelphia.
The need and opportunity for Cyber and Physical security convergence is much broader than network access. Physical Security systems need Cyber Security protection just as Cyber Systems need Physical Security protection.
What are, at a very high level, the primary activities of Physical Security on a day to day basis?
Protect the perimeter
Standard operating procedures define for anticipated events
Forensic to gather, preserve and analyze evidence & information
Physical security personnel often have a law enforcement or military background, and approach these activities from that point of view.
Over time, the technology of physical security has evolved from walls, guns and guards to sophisticated microprocessor based sensors, IP video cameras with analytics, and network storage of video & audio. Although there are many examples of close collaboration between IT and Physical Security, there may also be tension. Physical Security departments defend their turf from what they perceive as the encroachment of IT by claiming that they are fundamentally different.
A quick look at the Physical Security systems quickly reveals something that looks very familiar to IT. Networked devices, servers, identity management systems, etc. are all familiar to IT.
At a very high level, the primary activities of Cyber Security can be grouped into a set of activities that are very similar to Physical Security. The common process that both need to follow is a regular review of Risk Assessment:
What are the possible threats
What is the probability of occurrence of each threat
What are the consequences of such occurrence
What are cost effective mitigations — as well as mitigations required by compliance
The Risk Assessment process is an integral part of NERC-CIP V5, which requires a review at least every 15 months of “…cyber security policies that collectively address…” CIP-004 through CIP -011. Implementation is required to be done “..in a manner that identifies, assesses, and corrects deficiencies…”
Many of the activities Cyber and Physical Security overlap and need to align:
The use of IT Technology in Physical Security systems
Overlapping Identity Management
Device Identity management
Requirement for IT process maturity
IT security required for Physical Security systems
Physical Security required for IT Systems
Consistent future strategy & direction
The bottom line is that the activities of Physical and Cyber security have many parallels with opportunities to learn from each other and collaborate in threat assessment and risk assessment strategies and coordinated implementation and operation. NERC-CIP V5 has mandatory requirements for both Physical and Cyber security. Modern security, both Physical and Cyber, need to move beyond reacting to events that have already occurred, to agility and anticipation.
What does this mean for Cisco?
Cisco has a portfolio of leading edge Cyber and Physical Security solutions. Cisco’s Advanced Services offerings help our customers develop and deploy a collaborative, unified approach to Physical and Cyber security. NERC-CIP V5 is a compelling event for the electric utility industry. The transition period is underway with completion required by April 2016. Are you up to date on Cisco’s solutions and capabilities? We are here to help!