Cybercrime surge: how controls vendors are responding

Turbomachinery Magazine, July/August 2021,

Controls vendors are coming to market with advanced features anchored by enhanced cybersecurity.

First there was the Colonial Pipeline hack. The gasoline supply to the U.S. Eastern Seaboard shut down until a near $5 million ransom was paid to Eastern European criminals. Then came an alert that Siemens programmable logic controllers (PLCs) had a security hole that was being exploited by attackers.

Siemens AG released firmware updates to address this vulnerability in Simatic S7-1200 and S7-1500 PLCs. If exploited, malicious actors could remotely access protected areas of memory and achieve unrestricted and undetected code execution. This vulnerability means an unauthorized person could access the network and write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

The ability to execute code on PLCs that might be running plant systems, power stations, or various items of turbomachinery is bad news. It represents another level of hacking sophistication beyond that seen in the Stuxnet exploits that caused trouble to Iranian nuclear facilities a few years ago. To make matters worse, such attacks can evade detection by security tools. All the attacker needs is a way to get onto the network, which entails little more than tricking a gullible employee to click on a malicious email link or attachment. This kind of incursion is very much on the rise in turbomachinery (See our lead news story: Report Reveals the Rise of Ransomware and the Importance of the Human Element).

Despite the presence of the Siemens update, there is no guarantee that all users of the PLC will deploy it across their systems. Too often in cybersecurity, the bad guys use known vulnerabilities to access systems. The moral of the story is to keep systems current with the latest updates and patches.

With cybercriminals actively seeking potentially lucrative targets related to infrastructure, what are control systems OEMs and suppliers doing about such threats? What changes are they making to their offerings? And what else is new on the turbomachinery controls and software front? Let’s hear from the vendors.

SIEMENS ENERGY

Siemens Energy, as distinct from Siemens AG that provided the PLCs noted above, has placed plenty of emphasis on cybersecurity of late. Its Eos.ii software helps energy companies use cyber threat intelligence targeting operational technology (OT) and information technology (IT) networks connected to physical energy assets. Siemens Energy has partnered with IT software firm ServiceNow as part of this offering. Those impacted can use it to deploy appropriate, targeted and proportionate measures to correct and recover from cyber incidents.

Additionally, Siemens Energy’s MDR system provides a unified picture of anomalous behavior for defenders with insights to stop attacks. The service goes beyond conventional monitoring by achieving understanding of how digital systems relate to the real world. With its unified OT and IT data stream, the platform uses artificial intelligence (AI) and digital twin technology to compare billions of real-time data points against a correctly functioning asset. This provides context for analysts to determine not only which events are abnormal, but which are consequential.

Dieter Fluck, Vice President of Controls Systems & Innovation for Siemens Energy, noted that security has become more important of late as companies gain familiarity with remote monitoring. His company has been remotely monitoring its fleet for more than 10 years to provide faster support and to enact quality improvements.

“Questions around compliance with cyber security norms and regulations have been a constant feature of conversations about remote monitoring with customers,” said Fluck. “This hinges on finding a good balance between the benefits of cost and efficiency while ensuring long-term safety and security of critical customer assets.”

All Siemens Energy controls solutions offer remote connectivity. This ranges from basic connectivity to complete digital twin-based support through company Remote Expert Centers (RECs). RECs lets users tap into a network of in-house experts that address issues ranging from process know-how to software/hardware issues. Turbine experts can evaluate performance, analyze and diagnose changes in operational behavior and provide recommendations.

The SPPA-T3000 for turbine control of gas and steam turbines in power generation encompasses governor, protection, and auxiliary controls combined in one control cabinet. All devices are integrated into this control system. Independent SIL3 protection systems can be added, if desired.

Specific to oil and gas, the controls interface at the individual asset level as well as the plant (or enterprise) level. At the asset level, controls are available for turbine and electric motor-driven compressors and pumps. All Siemens Energy compressors are offered with process controls including modules for anti-surge and load sharing.

Fluck said the growing demand for data coupled with ease of communication and data transmission has driven several trends. Cloudbased controls, for example, are being used more to foster data consistency and availability for asset optimization. Companies are also seeking greater interoperability of assets across platforms. There is growing demand, too, for systems that support autonomous plant operation without the need for manpower onsite.

“In the power generation market, there are increasingly complex requirements targeted towards grid stability and security,” said Fluck. “In the industrial and oil & gas markets, customers have been looking for greater asset reliability and availability which often translates into demands to push the operational profile of our machines beyond established precedence while ensuring all applicable safety standards are still met.”

WOODWARD

Woodward Turbomachinery Systems also offers remote monitoring systems to enable its technicians to gain remote access to address service issues.

“A key aspect of any remote monitoring or access system is cybersecurity,” said Greg Marino, Product Line Manager, Woodward. “In today’s world, no one is going to allow you to connect remotely without a thorough security review.”

He added that each new hardware upgrade carries with it a greater degree of cybersecurity to ensure Woodward products meet or exceed security standards. The company also offers system level security for Human Machine Interfaces (HMI), workstations, and networks in addition to controls to help users meet NERC/CIP, ISA 62443 and regional standards.

Woodward offers a line of turbomachinery controls that range from small hydro and mechanical- drive steam turbines through nuclear steam, gas turbines, combined cycle, and integrated gasification combined cycle. It also has SIL2/3 safety controls and matching electro-hydraulic and electric valve actuation products.

Marino said the 505 product line is the most popular turbine control platform with approximately 28,000 installed worldwide. It’s preprogrammed and configurable via an onboard multi-language HMI or remotely from a workstation. It includes self-optimizing control loops and is available in single valve, extraction, and dual-redundant versions, and has multiple international and regional hazardous location certifications.

“In larger controls, we see interest in cybersecurity, reliability, and integrated functional safety,” said Marino. “The use of functional safety controls or integrated functional safety is expanding in the oil & gas market. Buyers of smaller controls are more focused on ease of use, reliability. and cost efficiency.”

The newest Woodward platforms and updates are being enhanced to support analytics and secure Industrial Internet of Things (IIoT) functions.

ETHOSENERGY

EthosEnergy’s approach as an integrator is to evolve its cybersecurity to match the needs of users. Its scope had increased to include balance of plant controls, and helping bridge IT and OT security. Basic historical methods of network segregation, firewalls, and hardening workstations are standard for the core control system.

Jeff Schleis, Product Manager, EthosEnergy, has observed greater built-in security in controls. While plant-wide issues remain, features like keyed software/firmware, encrypted communication methods, and networking hardware/software that is co-developed with the control system manufacturer are all methods that increasingly harden the equipment we integrate.

Schleis emphasized the benefits the entire industry has experienced due to the dramatic rise in the amount of processing power available to control systems.

“Whereas in the past, we required multiple processors to handle demanding sub-10ms systems or large balance of plant systems, we can now perform well in one CPU with room to spare,” he said. “However, connectivity remains a challenge because of the large number of legacy systems in the plant.”

EthosEnergy has a fleet of units that it operates for owners. Predictive data analysis is used to optimize maintenance efforts via the company’s PHD Advance solution. It leverages cloud computing to process large volumes of data received from a plant. It identifies issues and negative trends that are further investigated by EthosEnergy engineers to find root causes and target maintenance activities to reduce maintenance spend, maintain plant performance, and increase availability.

Additionally, the company provides Icon control system upgrades and retrofits on gas and steam turbines. With over 1,000 systems supplied, these encompass nearly every OEM and industry.

Take the case of an LM6000 gas turbine. The base icon system upgrade for this turbine includes the necessary sequencing, fuel control, and protections. Optional solutions are available to solve problems surrounding the package and plant. One of those includes the ability to improve on-vent fan diagnostics. Rather than utilize the original flow switches, technology has been added to the motor control center (MCC) to diagnose when a fan is running, or if an abnormal situation is present. This reduces the possibility of a failed start and improves availability. Other enhancements improve diagnostics, increase performance, and reduce downtime.

It has been a common theme for EthosEnergy to expand this same hardware into the balance of plant systems and reduce the number of platforms that the site supports. This has been primarily for independent power producers or small petrochemical plants where a Distributed Control System (DCS) may not be present or has similar obsolescence issues as the turbine control system.

“Customers have issued specifications that include both the turbine control and the balance of plant controls where we can modernize those systems for the HRSG, water treatment, inlet chilling, and other systems,” said Schleis.

He noted other trends such as: adjusting controls to deal with cyclic operating profiles; increasing turndown and attempting to minimize stress on the unit; finding ways to peak fire and increase the plant’s usefulness to the power market; finding ways to improve availability and prevent downtime; redundancy requirements have increased as industrial customers have the budget to increase controller complexity, as well as instrumentation in the field to improve availability; and allocating funds for upgrades on older units that previously were not being considered.

“Larger projects to modify the unit to meet emissions and increase generating output are getting approved,” said Schleis. “Having the ability to mechanically modify the unit and provide the necessary control system upgrades are key to being competitive.”

YOKOGOWA

Yokogawa has teamed up with Shell to develop the Plat form for Advanced Control and Estimation R5.03 as part of the OpreX Asset Operations and Optimization family. This software suite brings together Shell’s plant process control technology and Yokogawa’s real-time controls to improve productivity by increasing product yield and reducing energy consumption.

It incorporates a new communication standard that enhances security: The Open Platform Communications Unified Architecture (OPC UA), which improves plant systems interoperability and security. OPC is an interoperability standard for the secure and reliable exchange of data in industrial automation.

The new Yokogawa platform is suited to facilities such as oil refineries, petrochemical plants, chemical plants, and LNG trains. It incorporates the control of multiple variables based on predictions made using models of the dynamic characteristics of plant responses, as well as sensing to estimate quality in real-time based on temperature, flow rate, pressure, and other process values.

TRI-SEN

Tri-Sen reports a rise in discussions relating to the IIoT and big data. The issue there is the vulnerabilities inherent with a higher level of connectivity.

“We’ve been investigating methodologies for identifying and reducing connectivity risk in the solutions we provide, and are excited about the possibilities related to the top-down systems approach posited in the ‘System Theoretic Process Analysis’ for security (STPA-Sec),” said Thomas Bailey, Director of Marketing, Tri-Sen.

The company has begun using the STPA-Sec methodology to identify, frame, model, and evaluate security vulnerabilities associated with system connectivity for a given integrated turbomachinery control application/solution. Tri-Sen uses this approach to assess system expo- sure, then makes specific recommendations for reducing and controlling the cybersecurity risk associated with the respective turbomachinery controls solution.

Tri-Sen provides configurable, stand-alone turbomachinery controls, custom PLC-based turbomachinery controls, turbine-safety products, as well as turbomachinery controls-related engineering services. Its standard configurable products include digital turbine governors, digital positioners, and ancillaries. Custom solutions are delivered on the PLC platforms such as Triconex, Allen Bradley, and Siemens, as well as on major DCS platforms. Turbine-safety products include a TUV SIL 3 certified hydraulic trip interface, and a couple of electronic overspeed detection system offerings. It also offers dynamic model-based studies for compression applications that include compressor startup and shutdown evaluation (associated with surge control), piping arrangement, valve sizing, and control system optimization.

Currently, the Elliott-Tri-Sen alliance team is developing a solution to provide Elliott’s users with an advanced compressor monitoring, diagnostics, and controls capability. The Alliance Compressor Performance Monitoring System (ACPMS) is a modularized software/hardware solution that provides a monitoring took-kit with fleet monitoring functionality. Features include remote monitoring, fleet monitoring, analytics, surge control, vibration analysis, along with a digital twin (compressor model) that supports “what-if?” analyses.

As for the retrofit market, Bailey said such projects are getting easier because first and second-generation digital control platforms are being replaced due to hardware obsolescence issues and not so much because of performance issues.

“Challenges associated with retrofitting mechanical governors like speed measurement and the valve actuation interface are usually already resolved when replacing digital control system with another,” he said.

GE GAS POWER

GE Gas Power Executive Product Manager for Controls & Digital, Chris Long has noticed major trends such as the increasing use of artificial intelligence (AI) in modeling and analytics to keep models current with evolving plant asset capability and degradation. To complement OT cyber solutions, the company is leveraging its OEM physics- based models augmented with AI to develop means for detecting, localizing, and neutralizing threats as part of a defense-in-depth strategy.

Supporting the changing needs of a grid with increasing renewables penetration is another area of focus. GE has controls for turbine combustion and electrical systems to support high rate of change of frequency (RoCoF) scenarios. Furthermore, generator controls leverage analytics in early event detection schemes to respond to frequency swings and voltage dips.

“There is greater interest in remote connectivity and control across all aspects of plant (remote operations, grid testing, monitoring, tuning) including centralized remote command centers,” said Long. The company recently introduced a Non-Optical Flame Detector (NOFD) leveraging digital twins of sensors to improve reliability and reduce maintenance costs.

MITSUBISHI POWER

Mitsubishi Power has also been active in cybersecurity. “There is a great need for control systems to strike a balance between openness and security in order to work with higher level systems and achieve optimum operation,” said Marco Sanchez, the company’s Vice President of Intelligent Solutions.

In response, Mitsubishi Power has developed cybersecurity solutions to meet the compliance requirements of the latest North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standard. It consists of two components within the DIASYS Netmation 4S control system that enable flexible operations and meets functional safety standards as defined by IEC 61808:2010.

The first component is Virtualized Netmation that virtualizes HMI workstations on redundant servers. Virtualization creates a more secure environment by reducing exposure to outside threats and providing a framework to monitor continuously for malware and intrusion detection.

The second component is Netmation Protect Pack (NPP) that provides a framework for integrated threat management, risk management, application control and system health monitoring. NPP provides mechanisms to ensure that all software has up-to-date patches and a centralized portal to report, audit, and protect against intruders, malware, and ransomware.

Sanchez said Mitsubishi Power’s Tomoni can help facilities become digital power plants by adding automation and embedded intelligence. “Tomoni uses analytics, adaptive control, and AI to increase plant flexibility and provide profitable, clean power,” said Sanchez. “Plants utilizing it for remote monitoring and diagnostics operate with 1-2% higher reliability.

INGERSOLL RAND

Ingersoll Rand (IR)has been building centrifugal compressors since the early 1960’s. This includes legacy Centac and Turbo-Air frames and the latest generation of Turbo-Air NX compressors ranging from 500 cfm to over 30,000 cfm with discharge pressures from 25 to 610 psig.

IR provides controls and automation equipment for its equipment to more easily manage compressor systems, enhance system reliability and improve efficiency. This includes flow and pressure controls, centrifugal compressor control systems, rotary compressor controllers, and compressor system automation products.

Its Xe-145F Series controllers (standard on MSG Centac) have a high-resolution color display. When it detects a problem, it can post information on the web or send email notifications. Maestro Universal is an equivalent air control system for managing centrifugal compressor performance, and is the standard controls for IR MSG Turbo-Air and MSG centrifugal compressors. The company can design a customized Maestro Universal controller upgrade for existing compressed air systems. Instrumentation packages and monitoring functions are configured to optimize compressor performance. In many cases, equipment can be repurposed. With the newest generation of controllers, IR enables expanded connectivity and communication capability, as well as increased memory and processor speed.

Maestro Universal controls are used on the Turbo-Air NX, which is built to operate in industrial applications, including the process air and air separation markets at often unmanned sites without backup for extended periods, years in some cases. It is rated for flows from 3000-7500 cfm and pressures from 35-210 psig discharge. An inlet guide vane and increased throttle range bring operating flexibility. Further models in this line include the NX 12000 and NX 8000.

“The Turbo-Air NX 5000 is applicable across markets demanding a consistent supply of oil-free compressed air or nitrogen,” said Sam Gooldy, Senior Global Product Manager, Ingersoll Rand.

The company also makes reciprocating compressors. Gooldy says they are typically applied below 500 cfm or over 600 psig discharge pressure. “For flows over 500 cfm or under 600 psig centrifugal compressors tend to be a clear winner due to reliability and the higher maintenance associated with a reciprocating compressor.”

NEXUS CONTROLS, BAKER HUGHES

Nexus Controls, a Baker Hughes business, has provided unit control, DCS, excitation, mechanical, cybersecurity, services, and software in more than 11,000 projects globally. These included gas/ steam turbine, hydroelectric, and compressors. “Cybersecurity is a fundamental part of managing the operating risks of pipelines and critical equipment,” said Terry Knight, Vice President, Nexus Controls, a Baker Hughes business.

The company’s offerings cover unit controls, generator excitation and protection, static starting systems, mechanical and instrumentation solutions along with BOP controls. Its turbine-driven compressor controls address operating efficiencies and surge. The Nexus OnCore Control System enables digitization through collecting, integrating, and analyzing data. The company is adding further analytic capabilities and remote monitoring offerings.

“We have seen increased interest for remote monitoring and operation, primarily from those seeking to optimize maintenance and operations expenses,” said Knight. “Capabilities include site installation, and integration of site audible and visual annunciation for occupational safety and health global standards compliance.”

SCHNEIDER ELECTRIC

Schneider Electric provides control systems for steam/gas turbines, compressors, automatic voltage regulation, generator automatic synchronization, generator power management, turbine auxiliaries, mechanical retrofit, data analysis, and HMI interfaces. It offers site surveys, machine assessments, dynamic simulation, consultation, performance optimization, controls troubleshooting, mechanical retrofits, predictive analytics, and performance monitoring. Controllers range from simplex Modicon to TMR Triconex PLCs.

“Customers desire increased time between turnarounds and decreased turnaround times,” said Hector Buchelly, Global Senior Director of Turbomachinery and Advanced Services, Industrial Automation Business, Schneider Electric. “The road to digitalization, which requires the ready availability of data, requires machinery to be upgraded and retrofitted so the digital solutions can have the value they represent.”