With potential vulnerabilities across the entire physical and digital estate, organisations now need a greater degree of system integration to ensure safe, secure and compliant operations.
The utilities sector is a core part of a country’s critical infrastructure, and one where even minor mistakes or issues can have major consequences. This scenario played out this summer when a series of lightning strikes disabled the national grid and created a domino effect where gas and wind power services were knocked out for several hours.
Even a simple false alarm can lead to unnecessary shutdown, with significant implications for the public and an organisation’s bottom line. And in industries like energy, a genuine breach can result in serious health and safety incidents, affecting roads and transport infrastructure as just one example.
Unfortunately, a lack of system integration is exposing organisations to significant risk. Not only does it make it difficult to identify false alarms, the gaps between systems can present new attack vectors open to exploitation. To militate against this risk, a holistic approach to the design and deployment of security measures is essential. And using technologies like cloud and analytics to drive connectivity of systems can help achieve this.
Securing the perimeter
The breadth of the security estate within utilities organisations is significant. Security cameras provide a good example of the benefits integration provides. A single plant will often feature a network of thousands of IP-based cameras. Used in isolation, the sheer volume of footage these generate makes it incredibly difficult for operators to monitor and react to events taking place on-site.
Smart integration with broader systems helps to overcome this problem by leveraging a range of inputs and functionality. Facial recognition paired with access control can identify unauthorised persons attempting to enter a site using stolen or counterfeit credentials.
Similarly, combining video surveillance, intrusion detection and analytics means systems can automatically differentiate between real-threats and innocuous events at the perimeter. Many sensors are unable to tell the difference between an intruder and a stray ball going over the fence, for example.
This kind of functionality, as well as cloud-enabled remote monitoring, is becoming increasingly important as the energy sector shifts from traditional power generation plants to renewables. A typical solar or wind farm occupies a significantly larger area so the use of integrated and automated systems is essential for meeting the growing challenge of securing perimeters.
Elevating access control
Access control and visitor management is another area where performance is improved by integration, increasing scrutiny at the front door and enabling location-tracking throughout a site.
Take the issue of ex-employees. A weak link in many organisations, ex-employees often retain access rights due to delays in updating security databases, potentially undermining security and data protection, and leaving employers open to theft and corporate espionage.
By integrating with broader business systems, like enterprise resource planning (ERP), organisations can avoid these kind of instances by automating revocation of access credentials as soon as an employee is removed from the payroll. This approach also helps to ensure people authorised for entry have the right credentials to perform their role while on-site.
In many instances, utilities professionals need to have completed specialised training, which often requires regular renewal. Allowing an individual without the proper qualifications into a restricted area can result in sanctions for the organisation.
By integrating certificate management with the access control function, businesses ensure not only that individuals have the security profile necessary to enter a building, but that they have the level of competency required to do their job.
Developing and enforcing standard operating procedures that align with regulatory obligations is at the heart of good compliance practice. Moreover, it goes a long way to ensuring consistent uptime across a plant.
Of course, the shift to a modernised, integrated security model is not without its challenges. Perhaps the most common obstacle facing organisations is the breaking down of long-standing internal team silos. Perhaps in the past, the IT department was unwilling or uninterested in working alongside the security department.
While this may have been a tenable position then, it’s not a viable approach to managing today’s threats. Collaboration across departments – including security and IT – is a must-have to mitigate security risks. In a period of unprecedented change for the industry, every business unit has a role to play in safeguarding access to vital data and resources.