THANK YOU FOR SUBSCRIBING
Stephen H. King, Director of Technology at Irby Construction Company
Irby Construction is part of the Quanta family of companies. We build and maintain high voltage transmission lines, local distribution power networks, substations, and renewable energy systems. I get to work with brilliant, well-educated, hardworking professionals. Can you imagine working on 500,000 volt powerlines 150 feet in the air? How about residential intersections where you see dozens of bare lines crossing overhead? Or riding out a hurricane in a bunker to be the first out in the weather as the storm passes to start restoring power hoping someone does not kick off an ill-wired generator backing power down the line you are working on? The guys I work for are true heroes.
If there is one thing these heroes keep at the forefront of their minds, it is safety. One slip-up can cost them their lives. When they say, “I am my brother’s keeper!” they mean it. What they don’t think about as much is security. That’s not a bad thing. To a lineman, “Safety” is an idea of personal wellbeing. “Security” is an equipment idea. Making sure you leave work healthy is about safety. Making sure your tools are not stolen is security.
In this industry, a job site accident that causes injury or death can cause a company to lose a contract. Our Safety Team has the power to shut down a job site if there is a safety concern. This protects our employees and secondarily our company and projects. Employee safety is key!
We are seeing a change in our industry regarding the importance of Cyber Security. My company’s customers are the Critical Infrastructure of our nation. These utilities are targets of bad guys. The failure of any part of our nation's power grid places many lives at risk. Our customers are being held to NERC, FERC, and NIST standards for cyber security just to name a few. As a part of this industry, we are held to these standards as well. We are having to look at the power grid system as a whole and our customers' systems specifically as to how we protect these.
The local utilities are demanding more from our IT Security. So, I’m changing the nomenclature to “Cyber Safety” with an emphasis on Safety. Just a few years ago, we were thinking about cyber security in the swim lane of PCI/PII information. That’s not a big part of my company’s day-to-day data. We don’t handle that kind of information outside of the accounting and HR departments. This “Zombie Apocalypse” we have navigated over the last couple of years has changed how we do business. Our hardware and systems have become more tightly interwoven with our customers and vendors. We have expanded our digital footprint across the company with more employees than ever having computers and mobile devices as a part of their standard job equipment.
While our company builds the “brute force” side of the grid, we do interact more with the “digital side” of the grid now. That interaction is growing as the grid becomes more intelligent. We are adapting as the grid’s intelligence is growing and maturing. Our linemen are installing cyber components and have a deeper access to the backend systems that manage the grid.
We are required to connect to the power companies’ systems to update progress and get work instructions. What had been back-office functions in the past are moving closer to the job site.
These connections can be via web access, VPN style access, or customer-provided applications to name a few methods. We even have customers requiring that we enrol our mobile devices in their MDMs.
With this paradigm shift in the industry, IT leaders need to change the culture of our companies. We need to review the RFPs and Bids. Are there requirements in these that you will be held to that you can’t meet? You need to be talking with the field leadership regularly. Helping them understand the Cyber Safety requirements we are being required to follow. What may seem obvious to an IT professional may be a foreign concept to a foreman leading a crew that’s building a substation. Our folks in the field often think they would never be a target of a bad guy since they are “just a superintendent” or “just a whatever-their-job-title-may-be.” To them, they often think it’s just the executives or accounting or someone else that would be a target. They don’t see themselves as potential ingress point to the grid. Just like a groundsman can shut down a job if they see a safety issue that could injure someone, they need to see their value in protecting Cyber Safety.
Our job will be ever-changing. We have to be alert to the fluid threats. There are some quick actions that we can take to start beefing up our Safety. Moving all systems to multi-factor and preaching Anti-Phishing best practices are a great start. Remove local admin right from all accounts, including IT. (Create elevated privilege accounts for key IT folks to use to install software only.) Get all your mobile devices in a good MDM. We need to be doing constant security audits of our systems. Assume you are a target.
You have to walk alongside everyone in the company as a partner in their Cyber Safety and be “My brother’s keeper!”
Read Also
Construction Tech Review
| Subscribe | About us | Sitemap| Editorial Policy| Feedback Policy