Electricity + Control May 2018

CYBER SECURITY

Conclusion Umeå Energi now has one common HMI that spans the entire system and its processes, giving the operator a completely integrated plant and dis- trict heating network experience. Furthermore, all production and distribution network process data are available in one common database. This ena- bles Umeå Energi to conduct, for the first time, a larger investigation to see how different parts of the distribution network interact and how they could be optimised together. The PLCs are opti- mised to work together, fine tuning the complete process, instead of only completing their individual task therefore creating a much more coherent pro- cess control of the PLCs.

integration,” says Dirk Mottmann, IS and Process Manager at Umeå Energi. Now with function blocks optimised to match their application and fewer object types, integration into the System 800xA’s HMI would be highly cost efficient. Information from the PLCs was directly integrat- ed into the existing process screens of the System 800xA HMI. This meant that the presentation in the process screens could be optimised, such that the original 100 process screens in the Siemens setup, was reduced to 20 process screens in Sys- tem 800xA. For the operator, it does not matter which con- troller or PLC is connected to the asset, everything works in the same way and for the operator the experience is a seamless integrated environment.

ABB OPC Connect is a tool that connects PLC objects and its signals simultaneously, saving up to 50% of engineering time.

Dirk Mottmann is IS and Process Manager at Umeå Energi. Enquiries: Email kundservice@umeaenergi.se

round up

CYBER SECURITY

Early detection and rapid response – critical for targeted attack remediation In combatting a targeted attack on your network, early detection and rapid re- sponse are both critical. Cyber security experts accept the strong possibility that criminals will be able to enter their network at some or other point, and in this context, the issue becomes less about being able to keep them out, and more about detect- ing them and taking remedial action as soon as their presence is discovered. This is according to a recent report from global cybersecurity company RSA. approach to threat response and mitiga- tion, noting that the response process ‘… takes into consideration data from multiple sources including in-house systems, open source research, “RSA Live” threat intel- ligence and the customer’s threat intelli- gence sources.’ The approach taken includes network analysis, using host forensics, harvesting threat intelligence and malware analysis, as follows: be relatively small in terms of file size, which helps the attackers to avoid de- tection. Malware analysis allows an incident response team to develop blocking techniques and make the or- ganisation more resilient Jacobsz concludes, “Attackers do leave clues to their presence and analytic intel- ligence, as offered by RSA, is key in being able to offer early detection and rapid re- sponse. Ongoing analysis and threat intel- ligence further allows an organisation to bolster its defences into the future.” Enquiries: Alec Aronson. Email alec.aronson@nu.co.za

• Network analysis: Data from packets and logs collected by RSA NetWitness is used to identify suspicious or risky communications • Host forensics: Executables, files and libraries are used to identify unauthor- ised services and processes deployed by the attacker and running on end points • Threat intelligence: Research is con- ducted to gain insights about the attack infrastructure, tools and techniques, which is particularly helpful in gaining insight about threat actors that are per- sistently targeting the organisation • Malware analysis : Malware tends to

Anton Jacobsz, managing director at value-added distributor, Networks Unlim- ited , which distributes RSA products and solutions in Africa, comments, “The report from RSA Incident Response Services notes that, once detected, rapid response is needed to mitigate the potential damage and prevent them from achieving their ob- jectives. RSA’s Advanced Cyber Defence (ACD) services for Incident Response en- able organisations to prepare for security incidents without having to accept the in- evitability of loss.” The report outlines the comprehensive forensic analysis framework in the RSA

Electricity + Control

MAY 2018

23