IT Meets OT
By: Phil Carroll, VP Energy
In decades past, utilities could sit on the sidelines for a while as new technological advancements occurred, and then eventually decide if and when they wanted to enter, and to what degree.
Utilities don’t have that luxury today. These days, technologies and changes in the market are moving too rapidly, and are becoming too widespread and universal, for utilities to take a “sit and wait” approach. Doing so may lead them to situations in which they are eventually unable to “overcome the curve” and end up in the back of the pack – unable to compete anymore.
Today, embracing new technologies and marketing shifts must occur quickly. If utilities fail to meet demand quickly enough as a result of failing to embrace new technologies and understand the implications of market changes, they may lose out on new opportunities, and, worse, lose their client base. Examples of recent changes include third-party providers that are now being allowed into the utility space, customers generating and storing their own electricity, etc. In sum, these days, the only way for utilities to succeed is to become leaders, not followers.
So, what are the specific challenges that utilities face these days as relative to the growing intersection of information technology (IT) and operational technologies (OT)? There are
four primary challenges: Communications, Security, Privacy, and Interoperability.
1 – Communications
Here, the main challenge relates to the adequacy of data paths. The number of monitoring and control points is growing exponentially, greatly taxing the ability and means to properly communicate end-to-end.
More specifically, utilities face a challenge when they are trying to communicate with operations equipment. Often, they have switches and other infrastructure that are in remote locations, and
challenges exist in creating and maintaining solid connections with these.
Should this be accomplished through internal resources (communications owned by the utilities and other energy providers themselves)? Or does it make more sense to rely on secondary or third-party networks, whether they be phone companies, wireless carriers, or other providers? In making this decision, it is important to address security, privacy, and how robust the connections and connectivity are.
2 – Security
There are two types of security that are important to understand: cybersecurity standards and grid security. Related to the first, it is important for utilities to be familiar with, and understand the implications of, cybersecurity standards, such as the International Organization of Standards (ISO) and International Electrotechnical Commission (IEC) standards ISO/IEC 27001 (“Information Security Management”) and ISO/IEC 27002 (“Information Technology – Security Techniques”), which formally specify management systems and technologies that are intended to bring information security under explicit management control. As relates to grid security, utilities need to understand NERC-CIP (Critical Infrastructure Protection), as well as operating standards and protocols concentrated on high voltage, as well as issues related to distribution systems.
In terms of utilities relying on secondary service providers as relates to grid security, it is important to understand how secure these providers’ networks are. The utility is essentially saying: “I am a utility, and I am going to turn over the keys of a critical switch in the middle of nowhere to someone else, and communicate with them over a data network or communications network that I am not in direct control over. How do I guarantee these paths?”
3 – Privacy
Here, the issues relate to: Who can have access? What can they access? How will mobility issues be addressed? As more data becomes available, and as utilities amass more data about customers and other end users, protecting that data becomes even more important. A utility is potentially amassing data on people’s habits, so that it knows how to predict peaks and demand. This often raises a red fl ag from the end user related to privacy. In order to be able to control equipment on the customer side of the meter, there must be visibility into industrial, commercial and residential (personal) space.
4 – Interoperability
Interoperability challenges relate to the ability of many complex systems to monitor, control and communicate data seamlessly across multiple platforms and users. Examples include ISO/IEC,
NERC-CIP, NIST, RFC, ISA/IEC, and IASME. These are just a few of the organizations working on standardizations within the industry.
As we become more dependent and intertwined, the more critical it is that we communicate across multiple platforms and networks. Back in the day, a utility could purchase or develop a communications system to work within that utility. Now, a utility needs to communicate across multiple companies, and all of those protocols need to be “singing off of the same hymnal” so to speak.
Challenges don’t just exist in integrating protocols from numerous organizations, though, but in creating the individual protocols within each entity. Awhile back, IEEE was working on a standard
with 70 engineers on the panel. The moderator said, “I don’t know that I could get 70 engineers to agree on what time the sun will rise tomorrow.” In addition, it is an enormously large and complex system that utilities are trying to standardize. Furthermore, there a lot of “players” who are still guarded, and saying that they aren’t ready to hand over their trade secrets, because it provides others with “visibility behind their doors.”
So, what can utilities do to begin to address these four challenges? There are at least four solutions: Future-Proofing, Early Stakeholder Involvement, Departure from the Traditional Model, and Embracing New Technologies.
1 – Future-Proofing
As a utility begins to replace infrastructure or make other capital investments, it is important to do so with the idea of “futureproofing.” Traditionally, utilities have built something, gotten it up and running, and then upgraded it, improved it, and maintained it along the way. The problem is that this becomes a “temporary permanent” installation. Rather, utilities need to think big enough
and far enough into the future so that they don’t end up with a “patchwork” of upgrades and improvements.
Here is an example of the lack of future-proofing: In the late 1980s, before the Internet took off , I got my fi rst taste of fi ber. We installed an optical ground wire that had six fi bers in it, and we all thought we would never need more than six fi bers. These days, I probably have six fi bers just coming to my phone.
2 – Early Stakeholder Involvement
It is important for utilities to have the right stakeholders involved as they begin building processes, rather than relying on the traditional top-down approach. This isn’t always easy. For example, on one side, the operations group has multiple users – people in the field, people in the office,
and a broad network. On the other side is IT, which is very sensitive to security issues, and is therefore very controlled and protective in terms of what the operations group can have access to. Certainly,
IT is doing what it is doing for all of the right reasons. However, the result going forward is two entities that will need to work well together. Culturally, they are diametrically opposed in many ways. In sum, it is important to bring these groups together, and early stakeholder involvement is the best way to accomplish this. This should consist of a core team with members of equal status of power, including users, technical people, and logistical people. There should also be input from the least in rank to the highest in rank, so as not to negatively influence creative thought.
3 – Departure From the Traditional Model
It is important for utilities to understand that the way they have done business in the past is changing. Examples include distributed generation, community solar projects, energy storage,
how energy is distributed and paid for, and so on. Utilities can’t move into the next decade assuming “business as usual.” One recommendation would be to read “Team of Teams: New
Rules of Engagement for a Complex World,” by General Stanley McChrystal, U.S. Army Retired.
4 – Embrace New Technologies
This requires departure from traditional “utility conservatism.” For example, these days, topics at industry conferences are more and more about technologies, data, analytics, and real-time operations than ever before. Don’t fear that technology.
How Can Finley Help?
Finley Engineering brings a rich history of all of the necessary and relevant perspectives to the table: communications, IT, and energy delivery. Finley can bring a team of experienced professionals to address end-to-end solutions that involve all of these technologies and delivery systems. Finley’s competitors often don’t have this wide range of expertise on staff , such as communications people who can address energy delivery dilemmas.