Turbo Speak: CROSSING THE CYBER-TRUST CHASM

Published on: 

A recent visit to the Combustion Turbine Operations Technical Forum (CTOTF) show in Orlando highlighted a major roadblock in the way of turbomachinery and plant digitization — trust. An informative session on the various digital initiatives of GE, Emerson and Siemens (p.24) was followed by a Q & A session. For the next 20 minutes, the speakers faced a barrage of questions about cybersecurity, who bore responsibility for data breaches and who owned the information.

This all boils down to a matter of trust. Are plant owners and turbine operators really going to pass on partial or full control of their equipment to an OEM or external service provider? And will they ever have enough confidence in software to allow OEMs to introduce the automated applications and analytical capabilities they are lining up?

This issue lies right at the heart of the digital debate. It’s all very well to say that plants have allowed providers to monitor their assets for years. This is passive monitoring. External diagnostic teams send alerts to operators about possible situations or detected anomalies. But it is up to the operator to go take a look and determine if action is called for.

These services certainly have value. In many instances, they have correctly spotted issues that if left untended, may have led to catastrophic failure. And they allow plants to gauge their performance metrics against those of an entire fleet. But for digitization and analytics to realize their potential, plants will have to be willing to take a step backwards and allow external entities and software algorithms to carry more of the load. That’s going to be a tough sell.

The IT industry went down this path many years ago. The power sector and oil & gas view with disdain an unending stream of cybersecurity horror stories reported in the press. If the likes of Yahoo, Verizon and LinkedIn can let the bad guys steal millions of identities — companies that live and breathe technology — what hope have they of holding the fort against savvy hackers?

Criminals gain entry to systems with surprising ease. They send fake emails (known as phishing) which tempt users to either click on links to malicious websites, or hand over their security credentials. You’ve seen these messages. They pose as the FBI, IRS, the IT department, accounting, HR, your bank or internet service provider. More than a few of you have fallen prey to their scams. Their success rate is shockingly high.

But the story has taken an eerie turn. No longer satisfied with pilfering from personal bank accounts, they are targeting bigger fish. Known as CEO fraud, cybercriminals gain entry to corporate systems, lie in wait for months and watch traffic. When they see that major financial deals are planned, they strike. The FBI reports that they have tricked many organizations into believing the CEO or CFO had authorized a large transaction. Vast sums end up transferred to accounts in far away places, never to be seen again.

Advertisement

Another ploy is ransomware. Once inside, they block access to databases, customer files and enterprise systems. You have to pay a ransom to get back in. Alternatively, there are those who seek to bring chaos to forward political or terrorist aims. If allowed in, they can erase data and disrupt operations.

Just imagine major plants locked out of their systems, or unable to generate power as their plant systems have a virus? This fear creates a lack of trust. It is the chasm that digitization has to cross. The more things are automated, the more digital plants become, the less the local operator will be in control.

Anyone who has been to an airline counter has seen how a software glitch or sluggish network can delay operations. “Sorry, sir. The system is down,” is an admission that the person at the desk is utterly at the mercy of the computing environment. That should never happen at a plant level.

The solution probably lies in a middle ground. There should be enough automation to realize the many benefits of digitization and analytics. But sufficient control and override capabilities should reside within the plant. The OEMs at CTOTF went to great pains to emphasize that their systems could not bypass the plant operator. But if one entity is ultimately overseeing hundreds of facilities, all it takes is one breach there to provide entry to everywhere else.

This is the challenge the computer industry and the cloud is wrestling with currently. And it is one that digitization vendors will have to address adequately if their products are to gain real traction in the marketplace.