Sean McConnon & Abraham Alvarez-Bustos
In Part 1 of this two-part series, authors Sean McConnon and Abraham Alvarez-Bustos explained what asset management (AM) is and why it’s important for those operating, planning and maintaining power systems. Here, in Part 2, we delve into two specific methods of AM: planned outage maintenance and cybersecurity.
Planned outage maintenance
From the perspective of the Transmission System Operator (TSO), two central AM questions are: (i) How to make the best use of the assets over the asset lifetime? and (ii) How to schedule the various asset management operations, i.e., Outages, maintenance, refurbishment, and lifecycle activities.
Optimally selecting which assets to schedule for planned outages to conduct maintenance involves thoroughly evaluating the assets’ condition, risk profile and criticality to the power system’s operation. This decision must be studied deeply, however, some key factors to consider taking this decision are:
Condition assessment: Regular condition assessments are essential for identifying assets that require maintenance. This involves monitoring the equipment’s performance and identifying potential issues or defects that may lead to failure or downtime. Assets with a higher probability of failure or those that are approaching the end of their useful life should be prioritized for maintenance.
Criticality and risk analysis: Maintenance risk analysis involves evaluating the risks associated with equipment failure and determining the appropriate level of investment required to mitigate those risks. Assets that pose a higher risk of failure, such as those that are critical to the power system’s operation or those that could cause safety hazards or environmental damage, should be prioritized for maintenance. The latter is considered ‘criticality analysis’ and will evaluate the impact of asset failure on the power system’s operation. Assets that are critical to the power system’s operation and safety must be prioritized.
Resource availability: The availability of resources, such as labor, equipment, and spare parts, can impact the scheduling of maintenance activities. Assets requiring specialized expertise or resources may need to be scheduled for maintenance when those resources are available.
Maintenance history: The maintenance history of an asset can provide valuable insights into its performance and reliability. Assets that have a history of recurring issues or failures should be prioritized for maintenance.
Cost-benefit analysis: A cost-benefit analysis can help to determine the optimal timing and scope of maintenance activities. This involves balancing the cost of maintenance against the potential benefits, such as improved reliability, reduced downtime, and increased asset lifespan.
Cybersecurity
Although there are many definitions of cybersecurity, for the purposes of this article, we refer to it as every aspect of protecting an organization and its employees and assets against cyber threats.
Traditionally, AM schemes focused on identifying and cataloging asset information relating to physical equipment. As IT infrastructure has developed, there has been an increasing significance in the management of IT and cyber assets. Therefore, AM policies must reflect this importance by maintaining a cybersecurity framework to solve access and security vulnerability issues.
The focus on assets has become a central cyber risk discussion this year driven by the insurance industry, specifically Lloyd’s, the single largest global specialty commercial lines insurance hub in the world. Lloyd’s insurance groups are now excluding claims for catastrophic state-backed attacks. This means that some percentage of cyberattack risks will have to be absorbed by asset owners, the utilities and the electricity organizations. By extension, this means that asset owners need to have a clear understanding of their assets and the risks involved with these assets.
IT and OT
Cybersecurity is guided by a framework and ripples into policies and procedures throughout an organization.
Though information technology (IT) and operational technology (OT) manage and process data and related assets, they serve distinct purposes and function in separate environments. IT primarily revolves around computing and network infrastructure for data and storage applications relating to business-process management. In real-time operation, OT is focused on controlling and monitoring physical devices and industrial systems.
Confidentiality, Integrity, and Availability (in that order) set the priority for IT Enterprise cybersecurity; but in OT cybersecurity, Availability is most important followed by Integrity and Confidentiality.
Aspects of cybersecurity AM
Authentication relates to identifying and authorizing users to access key OT and IT assets. Typically, this is achieved with passwords, biometric data and multi-factor authentication (MFA) methods. A robust authentication profile ensures that bad actors or malicious elements cannot access critical resources.
Access Control is the next step in cybersecurity policies. This is where the level of permissions and privileges are granted to authenticated users. Having a system of defined user access to specific assets helps to limit potential damage to the system by restricting users of a certain level and helps detect anomalous behavior.
Identification of individuals and devices accessing the system is crucial to monitoring and reducing the risk of threats to the system by ensuring all users and assets have unique identifiers assigned. This could be a username, device name or ID that can track access and activity in the system.
Auditing is vital as it monitors and records activities relating to asset management. Maintaining a comprehensive outline of actions, log-in attempts and changes to asset data or access allows cybersecurity experts to identify hazards or gaps in security and conduct investigations when cybersecurity incidents occur.
Exceptions are used when deviations from normal cybersecurity policy are required. This could relate to any previously mentioned aspects, but generally in authentication/access control. It is important that exceptions are managed carefully and securely, providing a balance between efficiency, and maintaining a high level of security.
Issues affecting cybersecurity AM policies
The increasing prevalence of the Internet of Things (IoT) and more specifically, the Industrial Internet of Things (IIoT) is related to the increasing convergence of IT and OT systems. The benefits of this merging of technologies allow for more accurate and efficient data collection and analysis in real-time. A side-effect of this is the increased attack vector available for exploitation by cyber-attacks. Other issues relate to the scale and dynamism of industrial engineering projects and facilities, where there are potentially frequent changes to assets and asset policies that must be monitored closely, especially regarding legacy equipment.
Communication and collaboration between cybersecurity experts, policymakers, technical teams and IT professionals is essential to producing an effective cybersecurity AM procedure, not only relating to the threat of cyber-attack but also to maintaining operational resilience in any situation. A proactive approach ensures these critical infrastructures run smoothly, safely and securely.
How PSC can help
Effective AM in power systems requires a holistic approach that considers the organization’s long-term strategic objectives and the day-to-day management of assets, depending on their specific requirements. By evaluating different types of AM in detail, power system operators can ensure the safe and reliable operation of the power system and maximize the return on investment.
PSC can help support power industry asset management solution optimization with data cleansing and analysis, assessment of financial metrics such as net book value of assets, through policy advice, cybersecurity counsel and development of AM schemes suitable for specific projects or entire asset inventories. PSC energy experts stay abreast of an evolving and diverse mix of energy assets offered by a variety of OEMs to help our clients increase the efficiency of their assets while reducing maintenance costs and operational risk.
Contact us to discuss how we can assist with your asset management needs.
References
[1] https://www.entsoe.eu/Technopedia/techsheets/asset-management-tools-and-procedures
[2] https://link.springer.com/referencework/10.1007/978-3-030-85514-7