The synergy between OT security and artificial intelligence
Andreas Jambor
In an increasingly digitalised world, where industrial and infrastructure systems are becoming more and more connected and automated, the security of operational technologies (OT) is becoming ever more important.
Critical infrastructures play a central role in today’s networked world, as disruptions or attacks on these systems can have serious consequences for society. A proven framework for ensuring information security is ISO 27001, an international standard for information security management.
ISO 27001 defines requirements for a comprehensive Information Security Management System (ISMS) that aims to ensure the confidentiality, integrity and availability of information. Organisations in critical infrastructure, such as energy suppliers, telecommunications companies and government institutions, can benefit from implementing ISO 27001 to identify, assess and manage risks.
The essence of Industry 4.X
Jan Jens Koltermann, Jörn Hussock, Sven Schneider and Sebastian Mieck
Digitisation means the widespread penetration, networking and transformation of almost all areas of life and the economy through information and communication technologies that are already available today. Digitisation stands for the expansion and use of the ability to gather and analyse information and derive targeted actions – in communication, transactions and interactions. Expanding and exploiting this ability is a particular challenge for organisations today, especially in an environment characterised by volatility, uncertainty, complexity and ambiguity (VUCA). Digitisation is creating new business models; new value and process chains are emerging in which data is an important resource, if not the most important resource. The analysis of previously unused data, the integrative networking of (IT) systems and the use of artificial intelligence are changing existing value chains and even having a disruptive effect. This trend can also increasingly evident in the energy industry.
Cybersecurity challenges along the OT/IT supply chain for energy facilities and critical infrastructure
Karl Waedt, Josef Schindler and Erkin Kirdan
Numerous OT and IT systems are integrated for new or modernized energy systems and critical infrastructures (KRITIS). In the run-up to a tender, the operator of an energy plant, or more generally, the critical infrastructure, must work out the specifications to be met by all suppliers and sub-contractors. This is often prepared with the support of a higher-level general planner and accompanied during project management. Based on several new projects, this article looks at some practical approaches regarding the specifications and handling of IT security requirements along the supply chains.
Information Security – The new ISO/ IEC 27001 and other requirements for the ISMS of utilities
Andreas W. Rex
The ISO/IEC 27001 standard defines the requirements for an information security management system (ISMS), including its structure, introduction, implementation, monitoring and documentation. It specifies risk assessment requirements in order to avoid data theft by hackers, data loss and business downtime due to attacks via the web or through data misuse. This is necessary to protect companies from cyber threats. I SO/IEC 27001 had to be updated after the guide to ISO/IEC 27001:2022 had already been adapted, so that companies could react in a timely manner to the increasing rate of cyber attacks. Other regulations at European and national level can provide legally binding requirements for the application of standards.
Status of development and outlook on carbon-neutral fuels for gas turbines
Erik Zindel
Hydrogen combustion in gas turbines and combined cycle power plants is emerging as the preferred technology to cover the residual load during longer periods of “dark doldrums” (unavailability of both wind and solar energy) in a fully decarbonized power system. The article shows the current development situation of hydrogen combustion in gas turbines at Siemens Energy as well as an overview of initial operating experiences from pilot plants. In addition, an outlook is given on other greenhouse gas-neutral fuels and, particularly in the case of ammonia, on the reasons why the use of cracked ammonia is preferred to direct combustion. Finally, the topic of “H2 readiness” (preparation for later conversion to hydrogen) will be showed again.
Challenges with metallic materials for the transport and storage of hydrogen
Tomás Freitas, André Abilio, Florian Konert, Jonathan Nietzke, Zephanja Krzysch, Thomas Böllinghaus and Oded Sobol
The hydrogen economy is among the main solutions to achieve climate neutrality in Europe. It involves the production, storage, transport, and use of large amounts of hydrogen in existing and new infrastructures. The rapid implementation of hydrogen therefore poses major challenges, in particular the need for extensive qualification of the components and materials to ensure the sustainable and safe use of hydrogen technologies. Both must be tested under service conditions, as the laboratory conditions under which materials are tested, do not always represent the in-service conditions. This article provides an overview of the state of the art in materials and component testing and future trends towards a successful transition to a hydrogen economy.
Catalyst management against the background of the coal phase-out
Tobias Schwämmle, Christoph Blessing and Anne Wiesel
The SCR catalyst (selective catalytic reduction) is an important element in the flue gas cleaning of a hard coal fired power plant. The SCR management deals with all aspects of the operation and maintenance of the DeNOx reactor. In order to be able to understand the often as a “black box” considered SCR reactor, the chemical reactions and interactions at the catalyst has to be understood. In addition, technical and contractual points in view on suppliers and service providers must be considered. The approaching phase-out of the coal-fired power generation in the market brings new questions and requirements in the catalyst management and the possibly still necessary procurement of new SCR catalysts. These new considerations are explained in this article with a current example.
Theories about exfoliation of duplex scale in steam path based on ECOCIDE hypothesis
Hong Xu, Yunfeng Yan, Qinzu Feng, Jihong Wang and Haohao Gao
Based on Ecocide hypothesis, the theories about the exfoliation of duplex scale in steam path had been elaborated. The causes which induced exfoliation of duplex scale could be divided into two types: internal and external factors. The former was the number and scale of voids existed in the inner and outer layer interface nearby, and the latter was the total stress response of scale. Furthermore, the internal and external causes by which the voids mentioned above might be affected were respectively chromium content of steel and steam conditions. In superheated steam, oxygen content bears pronounced correlation with chromate content. Superheated steam cation conductivity could serve as the characteristic index of the chromia evaporation of scale under the impact of oxygen in steam. The inner layer would continue to increase in thickness after exfoliation of outer layer, but hard to flake off then. In this case, supercritical units that had suffered thorough exfoliation would be relatively safe, without a worry about spalling for a long period of time.
Maintaining a stable electricity grid in the energy transition
Mike Garwood
Economies depend on reliable, stable, cost-effective electricity grids and associated systems. Interruptions to supply have a direct impact on business, society and economies. The report provides an overview of electric power grids in the energy transition from system fundamentals to the complexities associated with future technical solutions, potential impact on system security, resilience and cost. It highlights the emerging risks associated with proposed and ongoing changes to current systems and the associated market environment as well as market developments which may jeopardise previously stable and secure power systems. Costs and cost analysis including the limitations of the commonly adopted levelised cost of electricity (LCOE) metrics and wider system costs, are discussed. In particular, the role, characteristics and associated value of, and need for, dispatchable power capability in the energy system are reviewed, especially in the context of the increasing share of variable renewable power generation.
Eurelectric position paper on governance of the energy union and climate action
eurelectric
Eurelectric welcomes the revision of the Governance Regulation and the discussion on the introduced tools, namely the National Energy and Climate Plans (NECPs). Challenges and potential for optimisation are noticed.
Editorial
Andreas Jambor
Central Information Security Officer
RWE Generation SE,
Essen, Germany
The synergy between OT security and artificial intelligence
Dear readers of the vgbe energy journal,
In an increasingly digitalised world, where industrial and infrastructure systems are becoming more and more connected and automated, the security of operational technologies (OT) is becoming ever more important.
Critical infrastructures play a central role in today’s networked world, as disruptions or attacks on these systems can have serious consequences for society. A proven framework for ensuring information security is ISO 27001, an international standard for information security management.
ISO 27001 defines requirements for a comprehensive Information Security Management System (ISMS) that aims to ensure the confidentiality, integrity and availability of information. Organisations in critical infrastructure, such as energy suppliers, telecommunications companies and government institutions, can benefit from implementing ISO 27001 to identify, assess and manage risks.
An essential part of an effective security strategy is conducting risk assessments. By analysing potential threats, vulnerabilities and impacts, appropriate security measures can be developed to minimise risk. This proactive approach allows organisations to continuously improve their security measures and respond to new threats.
However, the ongoing development of artificial intelligence (AI) also raises questions about OT security in critical infrastructure. While AI technologies offer many benefits, such as the automation of processes and the improvement of systems, they also harbour potential risks. The use of AI in safety-critical systems can open up new attack vectors or have unforeseen consequences if AI algorithms are flawed or deliberately manipulated.
AI could offer many opportunities to improve OT security. The use of AI algorithms would make it possible to detect anomalous activity more quickly, proactively mitigate threats and identify security vulnerabilities. In addition, AI makes it possible to analyse large amounts of data more precisely in order to identify patterns and correlations that are critical to OT security. Or will AI define entirely new attack vectors?
Integrating AI into OT security solutions would enable continuous monitoring and real-time adjustment of security measures, surpassing traditional security approaches. The combination of AI-based threat detection, automated responses and continuous learning from past security incidents promises greater resilience to cyberattacks and more effective protection of industrial assets and critical infrastructure.
It is therefore essential that organisations in critical infrastructure carefully consider both the opportunities and risks of AI integration and implement appropriate security measures. ISO 27001 can serve as a guide to ensure that appropriate security controls are implemented for the use of AI and that potential risks are adequately considered.
Overall, security in critical infrastructure is a complex and constantly evolving topic that requires a holistic approach. By adhering to best practices such as ISO 27001, conducting risk assessments and critically evaluating new technologies such as AI, organisations can help to strengthen the resilience of their systems and effectively combat potential threats.
The future of OT security undoubtedly lies in the intelligent combination of technology and risk analysis to effectively combat the ever-changing threats in an increasingly digitalised world. By taking a holistic approach that combines technology, processes and people, we can strengthen the security of our industrial infrastructures while increasing efficiency and productivity.