Ziad Al-Sati, head of Controls & Digitalisation for MENA, Power Generation Services at Siemens speaks to Pipeline Magazine’s Nadia Saleem about what the company is doing to advance plant security
What is your assessment of risk in regional energy plants?
While not all power plants in the region embrace connectivity, I think operators are understanding that digitalisation is already changing this and connectivity is becoming less optional as well as a key opportunity for energy transformation to take place.
Of course, connectivity brings risks but it’s not the right strategy anymore to say ‘I’m not going to be connected’. We need to think about solutions that can allow connectivity but in a secure way.
For example, in remote places where there could be safety or environmental hazards and it’s difficult to send experts, connectivity plays a key role. We need to perform outages otherwise plants won’t run. Instead of putting people at risk or stress we can use connectivity, such as remote outage support in the form of augmented reality to connect experts on the ground in a remote area with key technical experts in Berlin or Orlando. This allows them to see or find details in the plant the same way they would’ve done if they were there. It’s being in the plant through the virtual world.
Another topic is that power utilities aim to have sustainable energy production at an affordable level to the population. The energy mix is introducing newer technologies beyond fossil power generation, including renewables. This is shifting the way fossil plants have been operated in the past and brings a bigger focus on optimisation of these plants and allowing more flexibility to cope with renewables.
Digitalisation can help optimise capacity and reduce fuel consumption, as well as NOx gases and CO2 emissions. Coupled with optimising outage scenarios, it can even allow for lower OPEX and less spending on maintenance.
How are suppliers responding to the cyber security requirements set by Siemens?
We have announced the new requirements for cyber security among suppliers mid-February. These measures are being introduced step-by-step and are anchored in a separate, binding clause in all new contracts. It’s important to note that these requirements will be mainly applicable to suppliers of security-critical components such as software, processors and electronic components for certain types of control units. Existing suppliers who do not yet comply with the requirements are to implement them gradually. The goal is to better protect the digital supply chain against hacker attacks.
What new technology is Siemens deploying to boost plant security?
Siemens is providing one platform that brings three key solutions together. First is monitoring of a complete network with an intrusion detection system. Then, going into the asset, monitoring it and evaluating whether there is a threat or not. Lastly, making sure the latest updates are available and installed for the entire automation system.
We are continuously innovating and looking for new solutions to address our customers’ challenges. It’s worth mentioning that Siemens was No. 1 in patent applications in Europe in fiscal 2018, overtaking Huawei, with 33 inventions per day. More than 25 per cent of the patents are in the areas of Industry 4.0 and digitalisation, featuring a substantial increase in the areas of AI and cyber security.
What is Siemens doing to push the digitalisation and cyber security agenda to enhance plant security?
Not many know that Siemens is one of the top 10 software companies globally. We have been investing heavily in our digital portfolio over the past years. This portfolio includes cyber security, as well as artificial intelligence, simulation tools, cloud and platforms and secure networking. To develop in these areas, we have invested EUR5.6 billion in Research and Development in financial year 2018 alone.
When it comes to cyber security, we focus on the Operational Technology (OT) rather than the Information Technology (IT) environment. As an OEM of rotating equipment and automation solutions we have a responsibility to ensure a secure environment for the power plants we work on. After all, they are critical infrastructure for any country and we need to apply the highest standards of cyber security on customers’ equipment. This starts with having updated versions of the anti-virus software, performing OT site assessments, and training the staff who are using the Operational Technology or the automation systems.
Then we monitor the complete network of interference between systems to identify any possible threats and implement appropriate systems – in some cases one-way communications – to mitigate these risks. Basically, to ensure no one can compromise the plant with an outside threat. This is what we call secure communication, where we minimise the amount of risk points on such an automation system.
In addition, we use our advanced portfolio that enables system monitoring real-time. We have an intrusion detection solution where customers can monitor the entire communications on their automation systems, identify a threat and send a warning if needed. To do this, we use AI capabilities that continue to learn how a system operates and what could be a threat to it.
With this solution, we leverage artificial intelligence to passively monitor the entire network and determine anomalies, without configuration, or pre-set conditions. The system utilises unsupervised machine learning to realise the normal behaviour for the communication. This allows the system to detect and flag any internal or external threat in real-time.
The next step is incident response to help the plant connect back to the grid as soon as possible. Here in the Middle East, we have worked with multiple customers to identify hypothetical emergency and recovery scenarios. We look at things such as how long it take to bring the plant back from a shut down to the grid. There are multiple scenarios depending what kind of configuration they have. We can help them with a solution that’s right for them and we have a 24/7 hotline to provide customers with support.
All in all, we work on defining human interaction within a plant, create awareness, provide software updates and our advanced portfolio that uses AI and innovative solutions to deal with incidents before, during and after they occur. It’s also important to understand that threats mostly come from the inside, either through a device such as a USB or through connectivity so awareness is very important.
You also cannot protect your assets unless you know them well. This is why asset management for cyber security is critical.