IT systems support both the generation and operational processes in all types of power generation plants, including wind turbines, CHP plants, CCGT, photovoltaic, and coal-fired power plants. In addition to systems for direct plant control (in particular SCADA systems and control technology), these also include IT systems for managing energy conversion, energy feed-in, resource planning, fault management, energy trading, supply and disposal, and, for wind farms, processes for controlling the plants.
The integration and use of IT systems are primarily determined by the level of automation within the systems. The plant technology generally consists of control systems, transmission technology, telecontrol systems, and support systems. These are briefly described as follows:
Control technology/control systems include central grid control and grid management systems, central measurement acquisition systems, central control systems for steam generation, turbine control technology, generator control, as well as central parameterization, configuration, and programming systems.
Transmission technology includes network routers, switches, firewalls, 40mA transmission technology, bus systems, communication terminals, and radio systems.
Secondary automation and telecontrol technology encompasses control and automation components such as PLCs, control and field devices, controllers, protection devices, telecontrol units, as well as measuring and metering devices.
Support systems, such as emission computers, support operational planning for optimal plant performance or indirectly influence plant operations, such as vibration monitoring systems.
Today, plant operations are driven solely by market demands, meaning that provision must occur within a very short time frame. The integration into trading, balancing, and billing systems presents additional challenges, particularly in terms of data decoupling, interface definitions, and interface security. Manufacturers of power plant components (such as Siemens, ABB, and GE) provide highly specialized systems that are often operated in isolation but still require ongoing support from the manufacturers. For example, remote access to systems for maintenance purposes or for controlling system components is both necessary and desired. This increases the complexity of the systems involved in the production process or those to be integrated.
In addition to the requirements for the secure operation of IT systems (in accordance with BSI basic protection), operators of critical infrastructures are subject to additional requirements arising from EU directives and the laws of the Federal Republic of Germany. The IT Security Act, the Energy Industry Act, the IT security catalogs (EnWG §11 para. 1a/b), and the Critical Infrastructure Ordinance (KritisVO) impose further obligations on operators of energy generation plants to ensure information security. A recognized measure to demonstrate compliance with these legal obligations is the establishment of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001 or ISO/IEC 27019.
The ISO/IEC 27001 standard "Information technology - Security techniques - Information security management systems - Requirements" requires a comprehensive view of the IT systems in use. The ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27019 standards apply to energy producers, energy suppliers, grid operators, and municipal utilities.
An ISMS defines the guidelines, procedures, instructions, and processes required for handling information and IT systems and provides the necessary resources (including personnel). It encompasses the operation, monitoring, review, maintenance, and improvement of information security and is based on the management of business risks.
ISO/IEC 27001 follows the principles of the continuous improvement process (CIP):
Plan > Context of the organization, leadership, planning, support
Do > Operation
Check > Evaluate performance
Act > Improvement
Knowledge of all information assets to be protected (primary assets) and the supporting systems/applications (secondary assets) and their relationships (interfaces) is a prerequisite for setting up an ISMS in order to derive suitable measures. Possible types of assets include primary assets, such as information, as well as secondary (supporting) assets like software, physical assets (e.g., computers), and IT services. The challenge lies in identifying all primary and secondary assets involved in critical processes.
In power plants, secondary assets include the SCADA system (main control system), control systems for turbines, steam generation, combustion chamber monitoring, transformer monitoring, unit protection, FGD, material flow management, and others. Support process systems, such as emission evaluation, steam leakage monitoring, lifetime maintenance, and analysis systems, must also be included in the assessment.
To assess their criticality to the business processes, these assets undergo a risk analysis and are evaluated based on availability, integrity, confidentiality, authenticity, binding nature, reliability, and accountability. Suitable measures for risk minimization or risk acceptance must then be derived and implemented. The selection of a methodology for risk assessment and the establishment of risk management are fundamental components of an ISMS. Risk management in the context of information security is described in the ISO/IEC 27005 standard and independently in the ISO/IEC 31000 standard.
Protective measures (controls in the annex to ISO/IEC 27001 or the implementation proposals in ISO/IEC 27002) outline specific actions that must be implemented to protect both primary and secondary assets in energy generation plants.
These protective measures (controls) focus on:
Some of the measures mentioned are supported by solutions provided by IT architecture (planning and standards), IT infrastructure, and IT security.
IT infrastructure systems and services ensure, among other things:
IT architecture provides, among other things:
IT security provides solutions for, among other things:
In addition to classification (based on risk minimization measures), various technical options are available to enhance the security of IT systems. One such option is network segmentation, which involves creating security zones with defined rules for communication within these zones and at their transitions. The security model classifies IT systems into six different zones and defines the guidelines for each zone, the transitions between zones, and the responsibilities associated with each. The purpose of the zone model is to protect critical processes and functions (based on business requirements) within the respective zones. Regulations are established regarding how IT systems should be set up and operated within each zone.
One approach is to establish security zones vertically and define them according to the following structure:
Zone 6 – Extranet: This zone describes the transition to the internet and specifies systems and services for securing the internal network.
Zone 5 – General IT Services: This zone covers IT services such as the intranet.
Zone 4 – Administration: This zone includes all systems required for administrative tasks.
Zone 3 – Operational Support: This zone contains systems necessary to support system operation.
Zone 2 – SCADA Systems: This zone is dedicated to SCADA systems.
Zone 1 – Direct Control/Automation: This zone includes systems for direct control and automation in power plants.
An essential aspect is the establishment of a comprehensive catalog of criteria to determine which IT systems belong to which security zone, how these systems should be configured and operated, and how data communication should occur both within and between the security zones. The model described above is just one example. A tailored model should be developed for each specific use case after a thorough analysis.
We have extensive expertise in the implementation of ISMS in accordance with ISO/IEC 27001, up to certification. Our experts can assist you with matters related to information security, IT security, IT architecture, and IT infrastructure.