Invensys: Security Plan in Action

Wednesday, August 15, 2012 @ 11:08 AM gHale


By Gregory Hale
Cultivating a solid, workable relationship with the IT department was just one of the tasks Salt River Project’s Mike Hull had to deal with when he implemented a security plan at his coal-fired plant.

“The relationship started off as an adversarial process,” Hull said, during a cyber security session at the 2012 North America Invensys Foxboro User Group meeting in Boston Wednesday. “They came in and wanted to take over. We knew it had to be a partnership. After a while they realized there were more things they did well and there were things we did well. The relationship evolved and it worked out real well.”

RELATED STORIES
Invensys: Technology Change
Invensys: One Step Ahead
Invensys: Cyber Key to Modernization

That was one of the issues that came to pass during the implementation of the security plan, but a chunk of other issues ended up averted because Hull sat down with his integrator and worked out a plan of attack for the implementation.

“We spent a lot of time working on the front end going over a long term plan,” the computer controls supervisor said.

All that work up front paid off in the end and now Hull’s plan is a template for the other Salt River Project plants looking to meet NERC-CIP compliance requirements.

Meeting compliance is one of the major reasons why manufacturers, mainly power companies, start up a security program, said Doug Clifton, director of Invensys Operations Management’s Critical Infrastructure Security Practice.
“We look at what is important for the community,” Clifton said. “I don’t sell FUD, fear uncertainty and doubt. You have to look at security from a network perspective. You can have a firewall and switch, but if you don’t look at it from a network perspective, you miss out on features.”
Clifton mentioned six benefits of a solid cyber security plan:
• Regulatory compliance
• Reducing environmental and financial risk
• Increase plant effectiveness
• Connect plant to enterprise
• Reduce downtime
• Increase network performance
In the end, a security solution is all about ensuring continued uptime and eliminating as much unplanned downtime as possible.

“Security should not be a point solution,” Clifton said. “You need a roadmap to keep your money machine up and running. You need to keep making your product.”



Leave a Reply

You must be logged in to post a comment.