POWER December 2020 - 27

CYBERSECURITY
said Otto. " In the worst case, a network
operator-and therefore all of us
as well-would be left in the dark after
a blackout. That's why the resilience of
our power transmission systems is of
such prime importance. "
Not only are the digital attacks against
power plants more and more frequent,
they're also becoming increasingly sophisticated.
Their focus has also shifted
from information technology (IT) to operation
technologies (OT), penetrating
as far as the functioning of machines.
Instead of spying on data, attackers attempt
to interrupt a service or damage
critical infrastructures.
The consequences range from the
loss of intellectual property and interrupted
operations to a complete plant
shutdown, with the associated severe
economic losses and reputation damage.
Perpetrators of attacks aren't just individuals;
now they include organized crime
groups, terrorists, and industrial spies, or
they're supported by governments. The
one thing that they all have in common is
that they seek out and exploit vulnerabilities
in the system. So, how can systems
be made more resilient?
" Cybersecurity, IT, and OT experts
have to work together before and during
a crisis, quickly recognize attacks, and
respond, " said Otto. " What's clear is that
regardless of the motive, origin, or type of
cyberattack, our job is to prepare our customers
and ourselves for every scenario. "
Many Layers of Protection
To maintain a high level of security from
the very start of every project and beyond,
fundamental measures have to
be taken (see sidebar). Otto compared
these security layers to the layers of an
onion, where the innermost core-the
plants, networks, and systems-is protected
by many outer layers (Figure 2).
Secure Power Transmission for DolWin6.
What exactly does this mean for a
power transmission project like DolWin6?
" Our work on a cybersecurity project
starts as early as the bid phase, " explained
Matthias Claus, technical project manager
for DolWin6 at Siemens Energy.
It might work something like this: First
of all, the riskDNA software that Siemens
developed specifically for this purpose automatically
searches the customer bid. Bid
processors evaluate the results and inform
the responsible IT security manager of the
customer's specific requirements.
" Cybersecurity is already part of the
bid, " said Claus. " Once the contract is
signed, a thorough consultation is held
December 2020 | POWER
Comprehensive Test of Original
Equipment. Are standards being complied
with? According to Otto and Claus,
this is ensured by comprehensive procedural
measures, and internal and external
tests, like the pen test described
above. To perform these tests, Siemens
Energy assembles all the control technology
equipment before delivering it to
the company's own premises.
The external testers employed for Dol2.
Cybersecurity must be guaranteed on all
levels-physical plant, network, and system
or operations-all the way to the core. This approach
is called " Defense in Depth. " Based on
the onion principle, the concept entails multiple
complementary security layers. Courtesy:
Siemens Energy
with the customer, an analysis of threats
and risks is performed, and a specification
is prepared that state how we envision the
cybersecurity concept and how we'll coordinate
this strategy with the customer. "
46 Pages of IT Security. The core
feature of the cybersecurity concept
for DolWin6, as for every project, is the
Defense-in-Depth approach. This approach
defines various hierarchical levels
of devices and procedures, and establishes
multiple barriers. Critical data and
systems are protected independently
by means of physical (access restrictions),
technical (security services), and
administrative (account/role definitions)
controls. This creates multilevel protection
comprised of different layers. If an
attacker penetrates one level, the attack
should be blocked by the next level.
For DolWin6 alone, Siemens Energy's
IT security specification is 46 pages long.
It also defines, for example, the physical
protection of plants: " All rooms containing
critical assets (like the platform
control room) are equipped with a door
security system that prevents unauthorized
persons from entering. "
This is followed by the secure system
architecture that includes, for example,
the " minimal need to know " principle,
meaning that users and system components
have only the minimum authorizations
and access rights that they need
to perform a specific function. This is
the company's way of implementing
complementary security technologies
on multiple system levels in order to
minimize security threats throughout the
entire network. The results of the specification
are later incorporated into the final
documentation for IT security, which
comprises several hundred pages.
www.powermag.com
Win6 were from the independent Berlinbased
audit specialists GAI NetConsult.
The company conducted the pen test for
DolWin6 in Erlangen in May 2020. The
professional hackers determined that the
C&P system for the wind farm link was
ready to begin operation. " For a complex
energy project like DolWin6, a successful
pen test is an extremely important cybersecurity
milestone, " Claus said.
The project is currently ready to complete
the FPT. " When the FPT is performed
at the end of 2020, the focus will
once again be on cybersecurity, " explained
Otto. " We perform these tests in-house.
At the beginning of 2021, following a successful
test, we'll transport the entire control
plant comprising two sections to the
two locations in Emden, Germany, and
Cadiz, Spain, and will reassemble them
there. " The land-based station with the
HVDC link will be built in Emden, and the
offshore platform that will hold the second
converter will be produced by the Spanish
shipyard in Andalusian Cadiz. Then there
will be nothing left to prevent the secure
connection of the new wind farm.
Where Is This Digital Journey Headed?
As the World Energy Council states in one
of its recent publications, " The digitalization
of the energy industry will continue. "
The industry is relying more and more on
interconnectivity, which is why cybersecurity
needs to remain a central concern.
The same is true of dynamic resilience,
which is the capacity to continuously
adapt-sort of like a muscle that needs
constant exercise. " In the past, digital
connectivity via a cloud or the Internet of
Things in the energy sector was still the
exception, " said Otto, " but now we're
seeing a trend toward more comprehensive
data analysis, in order to enable predictive
maintenance, for example. But the
way things are headed, all stakeholders
will have to be prepared for any scenario.
Cyber threats are lurking everywhere.
Hackers never sleep. They're becoming
more agile, faster, and more ingenious. " ■
-Nina Terp is a technical journalist
based in Germany.
27

http://www.powermag.com

POWER December 2020

Table of Contents for the Digital Edition of POWER December 2020

Contents
POWER December 2020 - Intro
POWER December 2020 - Cover1
POWER December 2020 - Cover2
POWER December 2020 - Contents
POWER December 2020 - 2
POWER December 2020 - 3
POWER December 2020 - 4
POWER December 2020 - 5
POWER December 2020 - 6
POWER December 2020 - 7
POWER December 2020 - 8
POWER December 2020 - 9
POWER December 2020 - 10
POWER December 2020 - 11
POWER December 2020 - 12
POWER December 2020 - 13
POWER December 2020 - 14
POWER December 2020 - 15
POWER December 2020 - 16
POWER December 2020 - 17
POWER December 2020 - 18
POWER December 2020 - 19
POWER December 2020 - 20
POWER December 2020 - 21
POWER December 2020 - 22
POWER December 2020 - 23
POWER December 2020 - 24
POWER December 2020 - 25
POWER December 2020 - 26
POWER December 2020 - 27
POWER December 2020 - 28
POWER December 2020 - 29
POWER December 2020 - 30
POWER December 2020 - 31
POWER December 2020 - 32
POWER December 2020 - 33
POWER December 2020 - 34
POWER December 2020 - 35
POWER December 2020 - 36
POWER December 2020 - 37
POWER December 2020 - 38
POWER December 2020 - 39
POWER December 2020 - 40
POWER December 2020 - Cover3
POWER December 2020 - Cover4
https://www.nxtbook.com/accessintelligence/POWER/pwr_may-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_april-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_march-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_february-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_january-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_december-2023
https://www.nxtbook.com/accessintelligence/POWER/pwr_november-2023
https://www.nxtbook.com/accessintelligence/POWER/power-october-2023
https://www.nxtbook.com/accessintelligence/POWER/re-tech-supp-to-power-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-and-re-tech-supp-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-august-2023
https://www.nxtbook.com/accessintelligence/POWER/power-july-2023
https://www.nxtbook.com/accessintelligence/POWER/power-june-2023
https://www.nxtbook.com/accessintelligence/POWER/power-may-2023
https://www.nxtbook.com/accessintelligence/POWER/power-april-2023
https://www.nxtbook.com/accessintelligence/POWER/power-march-2023
https://www.nxtbook.com/accessintelligence/POWER/power-february-2023
https://www.nxtbook.com/accessintelligence/POWER/power-january-2023
https://www.nxtbook.com/accessintelligence/POWER/power-december-2022
https://www.nxtbook.com/accessintelligence/POWER/power-november-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-October-2022-140th-Anniversary-Supp
https://www.nxtbook.com/accessintelligence/POWER/Power-October-2022-and-Anniversary-Supp
https://www.nxtbook.com/accessintelligence/POWER/power-and-re-tech-supp-september-2022
https://www.nxtbook.com/accessintelligence/POWER/power-september-2022
https://www.nxtbook.com/accessintelligence/POWER/power-august-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-July-2022-Intl
https://www.nxtbook.com/accessintelligence/POWER/power-july-2022
https://www.nxtbook.com/accessintelligence/POWER/power-june-2022-intl
https://www.nxtbook.com/accessintelligence/POWER/power-june-2022
https://www.nxtbook.com/accessintelligence/POWER/power-may-2022
https://www.nxtbook.com/accessintelligence/POWER/power-may-2022-intl
https://www.nxtbook.com/accessintelligence/POWER/power-april-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-April-2022-Intl
https://www.nxtbook.com/accessintelligence/POWER/power-march-2022
https://www.nxtbook.com/accessintelligence/POWER/power-february-2022
https://www.nxtbook.com/accessintelligence/POWER/power-january-2022
https://www.nxtbook.com/accessintelligence/POWER/power-december-2021
https://www.nxtbook.com/accessintelligence/POWER/power-top-plants-supp-december-2021
https://www.nxtbook.com/accessintelligence/POWER/power-november-2021
https://www.nxtbook.com/accessintelligence/POWER/power-october-2021
https://www.nxtbook.com/accessintelligence/POWER/power-september-2021
https://www.nxtbook.com/accessintelligence/POWER/power-august-2021
https://www.nxtbook.com/accessintelligence/POWER/power-july-2021
https://www.nxtbook.com/accessintelligence/POWER/power-june-2021
https://www.nxtbook.com/accessintelligence/POWER/power-may-2021
https://www.nxtbook.com/accessintelligence/POWER/power-april-2021
https://www.nxtbook.com/accessintelligence/POWER/power-march-2021
https://www.nxtbook.com/accessintelligence/POWER/power-february-2021
https://www.nxtbook.com/accessintelligence/POWER/power-january-2021
https://www.nxtbook.com/accessintelligence/POWER/power-december-2020
https://www.nxtbook.com/accessintelligence/POWER/power-november-2020
https://www.nxtbook.com/accessintelligence/POWER/power-october-2020
https://www.nxtbook.com/accessintelligence/POWER/power-september-2020
https://www.nxtbook.com/accessintelligence/POWER/power-august-2020
https://www.nxtbook.com/accessintelligence/POWER/power-july-2020
https://www.nxtbook.com/accessintelligence/POWER/power-june-2020
https://www.nxtbook.com/accessintelligence/POWER/power-may-2020
https://www.nxtbook.com/accessintelligence/POWER/power-april-2020
https://www.nxtbook.com/accessintelligence/POWER/power-march-2020
https://www.nxtbook.com/accessintelligence/POWER/power-february-2020
https://www.nxtbook.com/accessintelligence/POWER/power-january-2020
https://www.nxtbook.com/accessintelligence/POWER/power-december-2019
https://www.nxtbook.com/accessintelligence/POWER/power-november-2019
https://www.nxtbook.com/accessintelligence/POWER/power-october-2019
https://www.nxtbook.com/accessintelligence/POWER/power-september-2019
https://www.nxtbook.com/accessintelligence/POWER/power-august-2019
https://www.nxtbook.com/accessintelligence/POWER/power-july-2019
https://www.nxtbook.com/accessintelligence/POWER/power-june-2019
https://www.nxtbook.com/accessintelligence/POWER/power-may-2019
https://www.nxtbook.com/accessintelligence/POWER/power-april-2019
https://www.nxtbook.com/accessintelligence/POWER/power-march-2019
https://www.nxtbook.com/accessintelligence/POWER/power-february-2019
https://www.nxtbook.com/accessintelligence/POWER/power-january-2019
https://www.nxtbook.com/accessintelligence/POWER/power-december-2018
https://www.nxtbook.com/accessintelligence/POWER/power-november-2018
https://www.nxtbook.com/accessintelligence/POWER/power-october-2018
https://www.nxtbook.com/accessintelligence/POWER/power-september-2018
https://www.nxtbook.com/accessintelligence/POWER/power-august-2018
https://www.nxtbook.com/accessintelligence/POWER/power-july-2018
https://www.nxtbook.com/accessintelligence/POWER/power-june-2018
https://www.nxtbook.com/accessintelligence/POWER/power-may-2018
https://www.nxtbook.com/accessintelligence/POWER/power-april-2018
https://www.nxtbook.com/accessintelligence/POWER/power-march-2018
https://www.nxtbook.com/accessintelligence/POWER/power-february-2018
https://www.nxtbook.com/accessintelligence/POWER/power-january-2018
https://www.nxtbook.com/accessintelligence/POWER/power-december-2017
https://www.nxtbook.com/accessintelligence/POWER/power-november-2017
https://www.nxtbook.com/accessintelligence/POWER/power-october-2017
https://www.nxtbook.com/accessintelligence/POWER/power-september-2017
https://www.nxtbook.com/accessintelligence/POWER/power-august-2017
https://www.nxtbook.com/accessintelligence/POWER/power-july-2017
https://www.nxtbook.com/accessintelligence/POWER/power-june-2017
https://www.nxtbook.com/accessintelligence/POWER/power-may-2017
https://www.nxtbook.com/accessintelligence/POWER/power-april-2017
https://www.nxtbook.com/accessintelligence/POWER/power-march-2017
https://www.nxtbook.com/accessintelligence/POWER/power-february-2017
https://www.nxtbook.com/accessintelligence/POWER/power-january-2017
https://www.nxtbook.com/accessintelligence/POWER/power-december-2016
https://www.nxtbook.com/accessintelligence/POWER/power-november-2016
https://www.nxtbook.com/accessintelligence/POWER/power-october-2016
https://www.nxtbook.com/accessintelligence/POWER/power-september-2016
https://www.nxtbook.com/accessintelligence/POWER/power-august-2016
https://www.nxtbook.com/accessintelligence/POWER/power-july-2016
https://www.nxtbook.com/accessintelligence/POWER/power-june-2016
https://www.nxtbook.com/accessintelligence/POWER/power-may-2016
https://www.nxtbook.com/accessintelligence/POWER/power-april-2016
https://www.nxtbook.com/accessintelligence/POWER/power-march-2016
https://www.nxtbook.com/accessintelligence/POWER/power-february-2016
https://www.nxtbook.com/accessintelligence/POWER/power-january-2016
https://www.nxtbook.com/accessintelligence/POWER/power-december-2015
https://www.nxtbook.com/accessintelligence/POWER/power-november-2015
https://www.nxtbook.com/accessintelligence/POWER/power-october-2015
https://www.nxtbook.com/accessintelligence/POWER/power-september-2015
https://www.nxtbook.com/accessintelligence/POWER/power-august-2015
https://www.nxtbook.com/accessintelligence/POWER/power-july-2015
https://www.nxtbook.com/accessintelligence/POWER/power-june-2015
https://www.nxtbook.com/accessintelligence/POWER/power-may-2015
https://www.nxtbook.com/accessintelligence/POWER/power-april-2015
https://www.nxtbook.com/accessintelligence/POWER/power-march-2015
https://www.nxtbook.com/accessintelligence/POWER/power-february-2015
https://www.nxtbook.com/accessintelligence/POWER/power-january-2015
https://www.nxtbook.com/accessintelligence/POWER/power-december-2014
https://www.nxtbook.com/accessintelligence/POWER/power-november-2014
https://www.nxtbook.com/accessintelligence/POWER/power-october-2014
https://www.nxtbook.com/accessintelligence/POWER/power-september-2014
https://www.nxtbook.com/accessintelligence/POWER/power-august-2014
https://www.nxtbook.com/accessintelligence/POWER/power-july-2014
https://www.nxtbook.com/accessintelligence/POWER/power-june-2014
https://www.nxtbook.com/accessintelligence/POWER/power-may-2014
https://www.nxtbook.com/accessintelligence/POWER/power-april-2014
https://www.nxtbook.com/accessintelligence/POWER/power-march-2014
https://www.nxtbook.com/accessintelligence/POWER/power-february-2014
https://www.nxtbook.com/accessintelligence/POWER/power-january-2014
https://www.nxtbook.com/accessintelligence/POWER/power-december-2013
https://www.nxtbook.com/accessintelligence/POWER/power-november-2013
https://www.nxtbook.com/accessintelligence/POWER/power-october-2013
https://www.nxtbook.com/accessintelligence/POWER/power-september-2013
https://www.nxtbook.com/accessintelligence/POWER/power-august-2013
https://www.nxtbook.com/accessintelligence/POWER/power-july-2013
https://www.nxtbook.com/accessintelligence/POWER/power-june-2013
https://www.nxtbook.com/accessintelligence/POWER/power-may-2013
https://www.nxtbook.com/accessintelligence/POWER/power-april-2013
https://www.nxtbook.com/accessintelligence/POWER/power-march-2013
https://www.nxtbook.com/accessintelligence/POWER/power-february-2013
https://www.nxtbook.com/accessintelligence/POWER/power-january-2013
https://www.nxtbook.com/accessintelligence/POWER/power-december-2012
https://www.nxtbook.com/accessintelligence/POWER/power-november-2012
https://www.nxtbook.com/accessintelligence/POWER/power-october-2012
https://www.nxtbook.com/accessintelligence/POWER/power-september-2012
https://www.nxtbook.com/accessintelligence/POWER/power-august-2012
https://www.nxtbook.com/accessintelligence/POWER/power-july-2012
https://www.nxtbook.com/accessintelligence/POWER/power-june-2012
https://www.nxtbook.com/accessintelligence/POWER/power-may-2012
https://www.nxtbook.com/accessintelligence/POWER/power-april-2012
https://www.nxtbook.com/accessintelligence/POWER/power-march-2012
https://www.nxtbook.com/accessintelligence/POWER/power-february-2012
https://www.nxtbook.com/accessintelligence/POWER/power-january-2012
https://www.nxtbook.com/accessintelligence/POWER/power-november-2011
https://www.nxtbook.com/accessintelligence/POWER/power-october-2011
https://www.nxtbook.com/accessintelligence/POWER/power-september-2011
https://www.nxtbook.com/accessintelligence/POWER/power-august-2011
https://www.nxtbook.com/accessintelligence/POWER/power-july-2011
https://www.nxtbook.com/accessintelligence/POWER/power-june-2011
https://www.nxtbook.com/accessintelligence/POWER/power-may-2011
https://www.nxtbook.com/accessintelligence/POWER/power-april-2011
https://www.nxtbook.com/accessintelligence/POWER/power-march-2011
https://www.nxtbook.com/accessintelligence/POWER/power-february-2011
https://www.nxtbook.com/accessintelligence/POWER/power-january-2011
https://www.nxtbook.com/accessintelligence/POWER/power-december-2010
https://www.nxtbook.com/accessintelligence/POWER/power-november-2010
https://www.nxtbook.com/accessintelligence/POWER/power-october-2010
https://www.nxtbook.com/accessintelligence/POWER/power-september-2010
https://www.nxtbook.com/accessintelligence/POWER/power-august-2010
https://www.nxtbook.com/accessintelligence/POWER/power-july-2010
https://www.nxtbook.com/accessintelligence/POWER/power-june-2010
https://www.nxtbook.com/accessintelligence/POWER/power-may-2010
https://www.nxtbookmedia.com