Integrating Cyber Security Requirements into a Power Management System

Abstract

Based on the evolving cyber security threat landscape in critical infrastructure sectors, companies are setting up cyber security programs to manage this critical infrastructure risk. The Power Management System (PMS) has come to depend upon Information Technology (IT) such as Internet Protocol-based networks and open system-based human machine interfaces (HMIs) which then need to comply with the company cyber security program requirements. One of the primary security controls is the physical separation of Industrial Automation & Control Systems (IACS) from IT enterprise systems. The drawback with this arrangement is the company cannot as effectively leverage the knowledge from the IT group to manage these technologies in the IACS. Additionally, IACS maintenance personnel (including electrical) need training in network and computer competencies to effectively manage these systems as well as the cyber security controls. Integrating the PMS network and systems with the overall IACS Operational Technology (OT) architecture enables effective application and maintenance of cyber security controls for the PMS infrastructure. For example, the PMS can use centrally managed user access credentials to manage access to the PMS. Additionally, the OT management procedures will ensure adds, moves, and changes to user credentials are properly managed.This paper will elaborate on the benefits of IT/OT integration and overcoming the challenges of integrating the company’s cyber security requirements into the power management system.