La electric power industry provides the production and distribution of electrical energy, often referred to as electrical power, in quantities sufficient for areas that need electricity through a network. Many homes and businesses need access to electricity, especially in developed countries. The demand for electricity is derived from the need for this for the operation of household appliances, equipment.
Link of interest: Power outages in the United States of America (in real time) Here
The electrical power industry is usually divided into four processes. It involves the generation of electricity, such as a power station, electric power transmission, electric power distribution and the retail sale of electricity. In many countries, their own electric power companies own the entire infrastructure, from generating stations to transport and distribution infrastructure.
Each of these processes has its function in the supply chain with its particularities, priorities, regulations and needs.
Electric power is considered a natural monopoly. The industry is generally highly regulated, often with price controls and is frequently owned and operated by the government.
Typically, many of the facilities involved in each of the electric industry processes can be considered critical infrastructure and therefore of national interest. This classification must be determined as a consequence of the criticality evaluation using appropriate evaluation methods, techniques and models.
Suppliers of industrial automation systems, SCADA systems, and services in conjunction with operators in the electric power sector must ensure compliance with security and cybersecurity standards, such as ISA / IEC-62443, NIST 800-53 / 82, NERC CIP, FIPS 140-2 and others. Keeping up with the rules and regulations is challenging. New regulations like the GDPR in Europe raise the stakes for non-compliance to more than € 20 million per incident.
SECURITY AND COMPLIANCE
Strategies and solutions based on perimeter and information security technologies are not enough to protect against all modern threats to electrical infrastructures. Industrial cyber security requires the protection of physical assets, that is, the domain of physical security.
Many programmable logic controllers (PLCs) and controllers for feedwater pumps, feedwater, valves, furnaces, boilers, turbines, generators, and condensers are vulnerable due to the lack of built-in cryptographic controls, including: multi-factor authentication, secure startup, secure update and secure encrypted communications.
In operational technology (OT) environments, risk is measured in terms of industrial security and system availability. While data privacy is important, human physical security, industrial process security, environmental stewardship, and uptime often drive the security needs of plants and large SCADA systems.
In the Electric Industry sector: Generation, Transmission and DistributionIndustrial Cybersecurity for Critical Infrastructures
ZCM is a specially designed system for industrial cyber risk management that allows organizations in the electric power sector to assess cyber risk in their industrial infrastructures and make the best mitigation decisions that really work.
Once the industrial cyber risk has been realized, the ZCM system provides the necessary tools to create resilient and robust industrial infrastructures to all types of threats, and at the same time comply with international standards (ISA / IEC-62443) and other popular regulations such as those defined by organizations like NERC, NIST, and C2M2.
Assess cyber risk consistently and make the best mitigation decisions with the ZCM.
Design and implement the proper countermeasures that will actually mitigate the intolerable risk.
Operate and maintain industrial infrastructures resilient to all types of threats.