This is the third of a four part series on the convergence of IT and OT (Operational Technologies) by Rick Geiger
Physical Security is one example of Operational Technology that has evolved from serial communication to modern systems that are largely, if not completely, IP networked systems. The unique requirements of Operational Technology systems have often lead to shadow IT departments within the OT department with networks and servers procured and operated by the OT department with little or no involvement from IT.
Welcome to part three of this blog series looking at the convergence of IT and OT (Operational Technologies). In part two of this series, I discussed the need and opportunity for Cyber and Physical security convergence and the primary activities of Physical Security on a day to day basis. Today, I’ll dive a little deeper into how utilities can prepare for and combat cyber-attacks.
For decades, utilities have brought rigor and discipline to storm response. For example, the minute meteorologists predict a hurricane, utilities begin executing their crisis response activities. Customer care increases staff to handle an onslaught of calls. IT then suspends impacting work and ensures all systems are operational. Procurement contacts suppliers, knowing the utility will likely need additional transformers and poles to replace damaged ones.
In contrast, utilities have limited experience responding to a coordinated cyber-attack. They tend to view cybersecurity incidents as a technical problem and often relegate them to IT. Today’s cybersecurity events are becoming more and more like natural disasters, so much so that the Department of Homeland Security is staging its fourth cybersecurity event: Cyber Storm IV. This event allows utilities to test their cybersecurity programs and provides the framework for the most extensive government-sponsored cybersecurity exercise of its kind.
The grid is modernized by incorporating two-way communications. Utilities can gain additional operational efficiency through IT/OT convergence. While these improvements lead to great benefits, the increased interconnectivity has made the grid more vulnerable to remote cyber-attacks. The federal government recognizes these new risks. On February 12, 2013, President Obama signed an executive order creating a cybersecurity framework and information sharing between government and private sector. There is also plenty of legislation brewing to legally mandate utilities to take security precautions.
Smart grid technologies provide utilities visibility into the grid to know which houses/businesses do not have power. Utilities need that same level of visibility within their infrastructure to know where cyber damage has occurred. Customers do not fault their utility when a storm knocks out the power, but do fault them if their response is poor. While we cannot stop the storms or cyber-attacks, we can have a fully thought out cyber-attack response plan so utilities can avoid the front page of the newspaper or the lead story on the national news.
What’s in it for Cisco?
Cisco’s portfolio of cyber and physical security technology, solutions and services support NERC-CIP compliance and a sound, risk assessment approach to security architecture and implementation. Cisco has ongoing business processes and services that represent best practices and experience to address both security and compliance. NERC-CIP is just the start of the journey for utilities. The NIST Framework resulting from President Obama’s Executive Order provides a way for companies to share threat and event data. Cisco already operates a similar service for Cisco Customers and Cisco products in PSIRT.
Cisco has a portfolio of leading edge Cyber and Physical Security solutions. Cisco’s Advanced Services offerings help our customers develop and deploy a collaborative, unified approach to Physical and Cyber security. Stay tuned for my next series where I will dive deeper into organizational and cultural changes that must take place for successful IT and OT convergence.
Serhii Konovalov, Global lead for O&G Industry, and Jason Celaya, Energy Industry IoE PSS, have been working closely with Oil & Gas and Petrochemical customers and the Yokogawa team over the three days of the event.
Greg Carter, Director/GM, Internet of Everything (IoE) Services Group at Cisco hosted the breakout session: “Internet of Everything (IoE) Enabling IA Solutions and Innovation”. In that session he comprehensively explained, “What is Internet of Everything (IoE)” and presented how IoE enables value-added IA solutions and provides innovations for life cycle management with focus on IA customers.
I had the opportunity to talk with Serhii and here are his comments to some aspects of the event:
What is the biggest topic among customers during the event? “Two major topics were clearly in the lead: Industrial Control Systems Cyber Security and accelerated growth of Industrial Wireless in O&G”
What kind of solutions is Cisco and Yokogawa working together? “ Cisco and Yokogawa are working on the number of initiatives to address emerging trends and joint customer requirements. One major initiative that we launched and showcased at the event is Secure Ops, that directly targets Cyber Security challenges with innovative and systematic approach”
What is your general opinion of Cisco participation? “The participation at the event demonstrated growing strength of partnership between Cisco and Yokogawa. It was great to hear feedback and strong support from the customers at the event about Cisco’s continued focus on O&G industry and Internet of Things, as well as great time to discuss current projects and priorities”
Watch out for other events that Cisco will be making a big impact at in the future!
Cisco and Akili feature their joint Oil & Gas Technology Solutions with SAP HANA running on Cisco’s Unified Computing System (UCS) at the Best Practices for Oil and Gas conference Sept. 16-19 in Houston, TX.
The Best Practices for Oil & Gas Conference is North America’s leading forum for upstream, midstream, downstream and oil field services professionals to collaborate across the value chain. You know Cisco’s top aim these days is Business Outcomes for our customers. The fourth annual event has a significant shift to a business focus and features first-hand knowledge on how business solutions that have been successfully implemented at oil and gas organizations across all industry segments.
The event will feature special guest speaker T. Boone Pickens, an oil and gas and American business legend, sharing his views on enhancing U.S. energy policies. It will also feature Cisco as one of the exhibitors and, working with Gold Sponsor and Cisco partner Akili, we’ll be talking about business solutions and how customers can gain competitive advantage while improving bottom line profitability and reducing costs.
Akili and Cisco’s exhibit will highlight their shared offerings of industry Best in Class Solutions for Upstream Oil and Gas including:
SAP ERP Solution for Upstream Oil and Gas
SAP BPC Solution for Integrated Financial and Operational Planning
Real-time business intelligence and predictive analysis across finance and operations
HANA Solutions built on flexible, converged infrastructure for rapid deployment, scalability and cost containment
Cisco UCS - the high performance, scalable, cost-effective, SAP certified platform for exceptional in-memory compute
You may not have heard about BKK AS. They are actually the second largest power grid owner in Norway with over 180,000 customers. Like many power and energy companies, some of their equipment has been around a long time. It works, but it’s getting old and it’s time to move on to something more cost effective. That’s where Cisco comes in.
I remember starting out my career in IT years ago, when IBM was selling the ‘System370 range’ as it was called. You’ll remember that in those days “nobody ever got fired for buying IBM”. As a young sales person, I found the whole IT thing fascinating. I remember that in those days the customer communications were more measured. We had typing pools, we had face-to-face meetings, and the whole selling process took time. The business customers were upgrading their systems, and the newer kit had a great business case. Maintenance on the old installation was more, over several years, than the cost of new equipment. If you were to do nothing, your competitors would steal a march on you and you’d lose customers as your costs would begin to erode your business.
Well the same is true these days. In the Utility business there is a lot of older (though still reliable, in some cases) equipment. However, some of the older time-division multiplexing (TDM) networks are reaching the end of their useful lives. So it was with BKK AS. Maintenance was becoming onerous. But it’s not just about IT costs anymore. It’s about the missed opportunity of not doing anything. New grid applications are requiring any-to-any communications flows and also pushing for IT and operations technology (OT) convergence.
The new network needed to support a variety of grid applications, including very critical protection systems for the high-voltage grid. In addition, BKK is using teleprotection systems (both distance protection as well as current differential protection), which require the communications network to support extremely low latency (< 10 ms), deterministic behavior as well as very high availability. So the network needed to be deterministic -- a common need for process control networks.
“Cisco offered the hardware and software features, as well as the reliability, that we needed to put our packet-based utility network into production,” says Svein Kåre Grønås, managing director/CEO, BKK Fiber AS. “It’s also reassuring that Cisco understands where the utility industry is heading, and is committed to connected grid services.”
So what are the results? Well here’s something taken straight out of the newly published case study:
Moving to a next-generation, packet-based utility network will save BKK significant operational costs for the utility network due to the ability to use cost-effective, standardized IP networking gear and avoid maintaining two separate networks at substations.
“Building and operating a high–bandwidth, packet-based network has given us a lot more flexibility. In addition, we can leverage the same processes and skill sets that we use to operate our Cisco commercial broadband network,” says Grønås.
With the new IP-based utility network, BKK no longer needs to reserve bandwidth for TDM communications, and now has more bandwidth available because it can be dynamically allocated. As a result, BKK can now offer the same network resources at substations that are available at corporate office locations. Workers can securely access needed documentation and other network resources at substations and power plants, instead of printing documents beforehand or calling colleagues at the office to gather information as they did in the past.
“This represents a major improvement in workforce enablement, productivity, and maintenance efficiency,” says Grønås.
In addition, this sets up BKK for success for the future. The new IP backbone will alllow BKK to provide new IP-based services and new capabilities in managing the power grid, such as advanced metering infrastructure (AMI) and distribution automation. In the future, BKK can assign IP addresses to sensors and relays to develop smart grid technologies and provide greater visibility into its electrical
“The utility industry is changing fast as smart grids become reality and more devices become part of the Internet of Things,” says Grønås. “With our Cisco-based IP utility network, we’re ready to reap the benefits of this new paradigm.”
Whilst I’m now proud to work at Cisco, some things never change -- the emphasis on solving business issues of enabling business opportunities are key -- it’s not just about cost savings. With Cisco heading towards being the leading IT company in the world, I’m sure we’ll see even more of this kind of customer success in the future.
I’ve been to the UK twice this year. The traffic is terrible! Worse than I ever remember! Commentators that’s a good sign -- a sign of economic prosperity. That certainly seems to be the case in the UK. My last European-related blog -- Ferguson Group Ltd keeps an Eye on Operations with Cisco Physical Security -- talked about the Oil industry and how the UK’s fortunes were turned around by the North Sea Oil discovery at about the same time the US astronauts were landing on the moon.
This time it’s the Utility Industry -- electric power to be exact -- that’s causing a stir.
Creating the Telecommunication Blueprint for Grid Modernization, Weston Power Distribution had already chosen Cisco for a Low Carbon Study, building a pilot communications infrastructure to support 11kV grid reinforcement monitoring. The Flexible Approaches to Low Carbon Networks (FALCON) initiative, a government funded study project in the UK has the goal of improving the industry’s understanding of infrastructure needs in a low carbon future.
U.K. utility regulator Ofgem has estimated that £32 billion of new grid investment will be required within the next 10 years, twice the rate of investment over the previous two decades. Western Power Distribution (WPD) undertook a study to see how the cost of reinforcing its 11kV grid can be reduced based on smarter investment that draws on innovative intervention techniques that can replace or supplement conventional methods.
The UK wants to reduce carbon emissions by 80%, while still handling the peaks and troughs of increasing demand. “Reliable and secure near real-time communications is a key element to the FALCON initiative”, as Andrew Longyear, a Cisco thought leader on the subject commented. “The telecommunications and data management within our project such as FALCON is the SMART in Smart-grid, added Roger Hey, Future Networks Manager, Western Power Distribution.
The key objectives of the Cisco communications network solution for WPD included:
Designing and deploying an IP-based communications infra structure using IEEE 802.16e WiGRID access and backhaul technologies
Helping ensure adherence to WPD’s security policy for design and implementation
Learning and disseminating all information and findings related to the technologies deployed so far.
Creating a blueprint for WPD and for other utilities in the United Kingdom as they test the same intervention techniques
And the intended benefits? Here’s what Sanna Atherton, Innovation and Low-Carbon Networks Engineer, Western Power, said in the video: “The benefits of Project FALCON are to increase the capacity of the network within the Milton Keynes area, and to enable customers to connect to low-carbon technologies”
Watch the video above to see how the initiative is progressing and to hear about the business outcomes achieved and expected. Read the write-up (Western Power Distribution Chooses Cisco for Low Carbon Study) that gives some more background to the project and some technical insight as to how you might benefit from this approach. As always, I’m indebted to the folks in Cisco and the customer for the source material. A big ‘Thank you’!