By David Wagman, Managing Editor

Same power plant, different point of view. Where some might see hard physical assets that include a boiler, generator, turbine and emission control equipment, others—in particular those who work with the plant’s data and security—might see a network of data points, routers, servers and display panels.

If you are not fully comfortable looking at your plant in more than one way, prepare yourself. The coming months will be busy ones at virtually every power plant with a grid connection. Homeland security—in the guise of what’s known as “critical infrastructure protection”—is coming to the power generation industry.

According to a report by the National Institute of Standards and Technology entitled “Guide to Industrial Control Systems (ICS) Security”, threats to control systems can come from numerous sources, including “adversarial sources” such as hostile governments, terrorist groups, industrial spies, disgruntled employees, malicious intruders and natural sources such as system complexities, human errors and accidents, equipment failures and natural disasters. To protect against adversarial threats (as well as known natural threats), a defense strategy for power plant control systems needs to be created.

Not all threats are external, however. Consider these examples: In August 2006 new software added to the control network at the Browns Ferry nuclear power plant overloaded the network and caused both redundant cooling drives to fail simultaneously, shutting the plant for two days.

And at the Hatch nuclear station this past March, a software update installed on the plant’s business network caused the computer network to reboot, inadvertently clearing the plant’s safety systems and leading to a shutdown.

According to Eric Byers, a network security consultant who spoke at a recent Honeywell Process Control event and discussed these examples, the common threads connecting these two incidents included poor network design (including a lack of separation between data network sub-systems) and a less-than-complete understanding of potential threats and risks. In particular, he said that Browns Ferry mixed different types of data and information across its computer network and spent perhaps too much time worrying about outside threats.

Such mistakes and preoccupations may be common. After all, most of us think of cyber threats as coming from outside the plant rather than inside. At one extreme, we can imagine bored teenagers who consider hacking into a computer network a challenge. At the other extreme are malicious people whose intent is to harm equipment and operations. Such outside threats represent just the “tip of the iceberg,” said Byers. Focusing on them too much misses the risks posed by lax security policies inside a facility.

According to analysts, as supervisory control and data acquisition (SCADA) networks become increasingly interconnected both with each other and with enterprise information technology infrastructures, the risks of unauthorized access to and manipulation of these systems become unacceptably high. Because these networks frequently are central to critical infrastructure systems, federal regulators have begun mandating cyber security requirements. In particular, the Federal Energy Regulatory Commission has mandated eight critical infrastructure protection (CIP) standards for electricity generators and distributors.

Deadlines for complying with these standards are approaching even as the regulations themselves are being revised and in some cases clarified.

To date “most large power generators have put in security perimeters,” James White, vice president of Irvine, Calif.-based Uniloc told me recently. He said around 70 percent of the larger generators have completed the task of meeting the “ loose” CIP compliance standards.

“The big guys have done a pretty good job complying with a very loose standard,” he said. It seems, however, that the NERC rules still leave vulnerabilities that might need to be addressed through federal legislation.

Less far along are many industrial and municipal power generators. Many of these initially thought they would be exempt from the rules. Now it’s clear they must comply. Many appear to be waiting for final rules before making changes, White said.

The cyber security rules demand that power plant operators view their assets, network and procedures in a way that may seem foreign at first. Also challenging will be the need to resolve major issues that are basic to cyber security, such as how to isolate and protect control systems within a network that must meet the needs of multiple users. Another issue is what one data expert at ConocoPhillips called “graceful degradation,” namely the ability to continue at least partial operations when something goes wrong. Doing so, he told the Honeywell forum, involves building control systems as zones or “communities” that can be isolated should an attack or some other security breach occur.

No less critical is the task of forging cooperative links between IT pros and plant controllers and operators. Another speaker at the Honeywell meeting said that IT professionals typically speak an “entirely different language” from others in the power plant. To comply with the soon-to-be-enforced NERC standards, as well as cope with a myriad other software and controls-based plant improvements, having an IT/Control Room phrase book handy may not be a bad idea.