Leveraging Digital Monitoring to Boost Physical Security Efforts
By Lawrence Mallory, Director, Physical Infrastructure Security, New York Power Authority
The New York Power Authority, the largest state-run utility in the nation, is continually working towards the goal of creating the first all-digital public power utility in the U.S. This aspiration is good news for physical security functions, which will continue to increase in both importance and focus, and will be incorporated into the software platform. However, it also promises to be challenging as physical security programs provide the protections that allow our digital environments to continue to safely and reliably operate.
One of the key milestones on our digital journey is the recent creation of NYPA’s Integrated Smart Operations Center (iSOC). The iSOC is a new, cutting-edge digitized power asset monitoring and diagnostic center at NYPA that uses predictive analytics software to forecast and prevent equipment failures and significant outages at NYPA’s 16 power plants and 1,400 circuit miles of transmission lines. Generation and transmission assets are monitored by the collection of data from more than 24,000 strategically deployed sensors embedded in equipment that are analyzed for signs of normal aging.
The iSOC is one of the latest innovations in Governor’s Reforming the Energy Vision strategy to build an energy system that is cleaner, more resilient and affordable. It is helping NYPA be at the forefront of transforming into a digital utility that uses new technologies, programs and processes to build a power system that meets the needs of a 21st century sustainable, energy-driven economy.
NYPA’s goal is to integrate additional monitoring capabilities on the GE Predix application platform in the future, including cybersecurity and physical security. As is, the iSOC unites several NYPA departments—including physical and cybersecurity— in a shared collaborative, physical space aimed to inspire creativity, problem solving and partnership.
NYPA’s iSOC center brings together collaborative efforts whose goals include detection, prevention, investigation and response to criminal and terrorist activity
The physical and cybersecurity groups are fully engaged with NYPA’s Enterprise Risk Management team ensuring a holistic approach to risk management while strengthening business resiliency.
Many organizations have developed and deployed multi-disciplinary security operations centers where physical and cyber teams collaborate. The iSOC takes this a step further by incorporating groups that may not typically partner with security. Our intent is to protect against a coordinated incident where there may be operational, communications, reputational and security indications of compromise, which on their own may not rise to the same level of severity that they would if they were viewed in a coordinated real-time environment.
We are working toward the very tangible goal of proactively breaking down those typical data silos. The benefits will extend well beyond the response to a significant incident. Building those relationships and supporting that communication can only strengthen our overall security posture and make us more efficient and resilient when it comes to incident response.
NYPA’s iSOC center brings together collaborative efforts whose goals include detection, prevention, investigation and response to criminal and terrorist activity. With our critical infrastructure, we have seen firsthand the value that quick and accurate information sharing provides.
We are striving to create daily relationships between these departments so that at the time of an incident there is already trust and familiarity. By proactively managing risks, in conjunction with NYPA’s Risk Team, these groups will understand each other’s roles and be able to work together on strategy and response if an incident is to occur.
Additionally we are going to leverage the analytic power of the iSOC’s asset health center to strengthen the reliability of our physical security systems and to monitor for trends which may impact reliability and resiliency.