Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Top 5 security threats for power plants and how to proactively avoid them

By Andrew Luna
power-plant-energy-freepik
July 5, 2021

The last decade has seen tremendous growth in the field of remote communications and access in the energy sector. Before almost everything became connected digitally, technicians and operators had to physically be on site to manage control systems and make adjustments. This is no longer the case.

With this new freedom comes new vulnerabilities. The United States’ complex electrical grid is relied upon to generate and deliver power to businesses and residences throughout the country. End users rarely consider what a massive undertaking is required to provide the electricity they have come to expect. However, criminal actors looking to disrupt this system are constantly looking for new ways to do so.

Just like buildings are physically strengthened to keep out individuals with malicious intent, we must now consider how to fortify our interests amidst the ever-changing digital landscape and the rise of cybercrime. As the technology we use to conduct business changes, so do the methods of criminals.

There are five main areas that should be focused on when considering cybersecurity:         

  • Physical access
  • Remote control access compromises
  • Viruses
  • Business Server compromises
  • Release of sensitive information

Back when threats were only of a physical nature, power plants created and conducted drills to prepare. While a physical attack is still a concern, we must now also consider a digital protection system. Because of the rapid rate of development in this sector, it is imperative that power plant technicians understand both the physical and digital threats they may face. As we see technology change, we must ask what the potential exploits are at every step.

While remote access has certainly improved plant operations, the increase in vulnerability cannot be ignored. The more remote-control access that a facility has decreases the number of individuals required to be on site. It has become standard that the plant has remote monitoring from both its Transmission Operator as well as its Scheduling Coordinator. This has helped create a more monitored and predictive grid compared to a mere decade ago, but this has also created a lot of potential access points that were not of concern in years prior.

For instance, locations specializing in solar or at peaking power plants — which require fewer employees to report in person — frequently use remote operation tools. This opens the door to hacking and information exploitation that must be monitored and mitigated. Operations that rely on remote technology must be even more aggressive with firewalls and monitoring and identification of unauthorized access attempts. While security incidents at power plants do not occur very often, but this cannot be an excuse for complacency.

Though the business server is typically separate from the control system server, this is still an area of concern. Should the business server be compromised, the company’s files and sensitive information may be at risk. Breeches of this kind cause panic, stress and distrust among plant and company employees. Such an event may affect employee performance and could negatively affect the reliability of plant operations.

The best defense against security threats is to be proactive. Educate employees and run drills focused on what an unauthorized access attempt looks like. Then, provide tools and training to counter or completely stop malicious attacks. For some companies, this means dispensing with the “this is how we’ve always done it” mentality. Standard operating procedures must be examined and questioned to determine if they are doing enough to protect your facility.

Acting too late on cyber security at your plant can be detrimental not only to that facility, but also the Bulk Electric System as a whole. Facility management should ask:

  • What are the risks?
  • What software or firewalls can help mitigate these risks?
  • How can we educate our employees, so they understand potential threats?
  • What drills can we run to ensure our employees are prepared?

The Bulk Electric System in the United States it is an obvious target for those wishing to cause large-scale disruption and harm. Plant management need not live in fear nor feel vulnerable. Armed with knowledge, companies should seize every opportunity to prepare and understand new cybercrime prevention technology. Motivated managers can optimize these advances for the country’s benefit instead of passively hoping to avoid an attack by criminals.

The future of power in American is exciting. Advocating for education and innovation in the field of cybersecurity will help make sure we meet the future safely and securely.   

KEYWORDS: critical infrastructure cyber security digital security power grid power grid security ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Andrew Luna, a corporate compliance manager at IHI Power Services Corp, has an extensive and diverse background ranging from the U.S. Navy to control room operator and compliance manager. Through his in-depth knowledge and industry expertise, Luna truly understands what it takes for a business to not only succeed, but to do so safely and compliantly.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • researcher uses IoT medical device

    Top 5 healthcare cybersecurity threats — and how to mitigate them

    See More
  • phishing

    2020’s top 5 phishing scams exposing hackers’ questionable morals – And how to hold strong against them

    See More
  • cyber-incident-freepik

    5 cybersecurity threats for businesses in 2021—and 3 tips to combat them

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing