Keeping Cyber-Attacks at Bay in Biomass Power Plants Cyber-attacks and ransomware are a threat to energy assets, but there are tools to protect plants against loss of data, time and money.
W
hether they were built 50 years ago or fired up in the past decade, the majority of U.S.-based biomass and bioenergy power plants operate by the same fundamental principle: They burn biomass waste fuel to generate high-pressure steam, which in turn drives a turbine to create electricity and heat. What has changed, however, is the widespread adoption of digital technologies that leverage artificial intelligence (AI) and the Industrial Internet of Things (IIoT) to drive greater operating efficiencies, higher reliability and lower maintenance costs. At the same time, this increased reliance on digital advances to improve the reliability and predictability of power plant operations brings with it the threat of cyber-attacks. While the general public might think of cyber-attacks in the context of the information technology (IT) space solely in terms of identity theft or a virus on their home computer, cyber-attacks on physical operating technology (OT) systems represent a real—and
BY SAM MIORELLI
growing—threat to the reliability and core business of the energy industry.
Cyber-Attacks: Expensive Business Disruptions
Real-world examples of OT-centric cyber-attacks are becoming increasingly common. In May 2021, Colonial Pipeline suffered a double ransomware attack where approximately 100 GB of internal data was stolen and significant portions of its IT systems encrypted, as reported by the Wall Street Journal on May 19. In hearing testimony, Joseph Blount, CEO of Colonial Pipeline, told the U.S. Senate Committee on Homeland Security & Government Affairs that Colonial Pipeline’s concern was that the attack could spread to its OT network, which led it to shut down 5,500 miles of pipeline about an hour after the attack was first discovered. Colonial Pipeline carries approximately 45% of the U.S. East Coast’s fuel supplies. Consumer demand for gasoline surged, putting pressure on gasoline stations across the eastern U.S. At that point, Blount decided
to pay the almost 75 bitcoin ransom, worth about $4.4 million at the time, according to the WSJ. In another example from January 2021, Atlanta-based paper and packaging company WestRock reported being hit with a ransomware attack that impacted its OT and IT systems. While the company’s security teams— with the cooperation of leading cybersecurity firms—started working immediately to remediate the incident, Westrock released a situation update reporting it had experienced an 85,000-ton shortfall in its mill system production just a week and a half later. Attacks such as these are becoming more common as power plants incorporate further automation advances. For example, many plants now include a distributed control system (DCS) that uses AI and the IIoT to automatically operate plant processes, requiring far less human interaction and fewer people on site. Such systems go beyond earlier automation technologies that merely transmit data and signals between the equipment and the operator to now include enhanced reporting
CONTRIBUTION: The claims and statements made in this article belong exclusively to the author(s) and do not necessarily reflect the views of Biomass Magazine or its advertisers. All questions pertaining to this article should be directed to the author(s).
24 BIOMASS MAGAZINE | ISSUE 3, 2021
