Ghian Oberholzer explains how artificial intelligence can help overcome the security challenges of industrial IoT
IoT technology that enables the monitoring, control, and internet connection of physical devices of all kinds has had an enormous impact on the energy sector.
High-profile examples of IoT applications include smart meters for electricity and water supplies that communicate usage back to the providers, and systems that remotely control energy consuming devices such as lighting and air-conditioning according to occupancy levels and environmental conditions.
IoT has now grown to impact every stage of the energy supply chain: production, distribution, and consumption. Specifically, on the supply side, it’s the application of industrial IoT (IIoT) that is transforming many aspects of the energy sector.
The application of IIoT involves integrating legacy operational technology (OT) systems, developed long before the internet and onset of digital transformation, with newer IT systems, capable of storing and analysing large amounts of data.
Combining the power of IT and OT networks enables the processes of energy generation and transmission to be optimised, resulting in significant efficiency gains. IIoT is already playing a significant role in renewable energy generation and distribution, and that role will only grow as the relatively new technology evolves.
If the world is to achieve the Intergovernmental Panel on Climate Change’s target of reducing greenhouse gas emissions to net zero by the middle of this century, maximising the efficiency of renewable energy generation, storage and distribution will be essential.
In its simplest form, IIoT supports decision-making by using sensors to gather various information and by enabling the remote control of facilities, but the really big benefits come from some of the more advanced and evolving applications of IIoT, such as predictive and preventive maintenance, artificial intelligence (AI), and digital twins.
IIoT-enabled maintenance
IIoT can enable both predictive and preventative maintenance by applying AI techniques to historical data gathered from multiple machines. AI can determine patterns and commonalities in the data to predict behaviour, such as a failure or breakdown. For example, sensors on machinery can be analysed to avoid unnecessary routine maintenance or anticipate potential breakdowns. It is particularly beneficial for wind turbines, which are hard to access and often located in remote areas.
Up to 30 percent of the cost of power generated over the lifetime of a wind turbine can be attributed to operation and maintenance, and an estimated 70 percent of wind turbine downtime is to carry out major repairs, according to SKF. Therefore, IIoT-enabled maintenance can result in significant cost savings and less operational downtime for energy companies.
The power of AI with IIoT
AI, fed by data gathered from IIoT systems, has many more applications in renewable energy. Take for example wind and solar farms. Outputs from wind and solar systems are at the whim of nature, making it hard for operators to pre-commit to power deliveries.
In February 2019, Google’s AI division DeepMind announced it had been able to use weather forecasts to accurately predict the output of wind farms with 700 MW capacity 36 hours in advance.
When power suppliers can pre-commit to the amount of power they can supply, they can get a higher price. DeepMind said its machine learning techniques boosted the value of the wind farms’ output by roughly 20 percent, compared to the value without time-based commitments.
The digital twin imperative
Another application of IIoT, the digital twin, is also showing great potential for the energy sector and many other industries. It is the digital replication of a real-world machine or process, made possible by using IoT technologies to gather data on every component of the machine or process.
UK company Offshore Renewable Energy (ORE) Catapult recently created a digital twin of its demonstration offshore wind turbine, enabling its technicians to view the turbine’s inner workings and equipment anywhere, anytime. The digital twin has reduced the need for technicians to go offshore, allowed remote inspection of the turbine, made the planning of operations easier, and facilitated the training and familiarisation of teams before deployment.
The security challenges of IIoT
These applications, along with almost every other application of IIoT in the energy sector, rely on the successful integration of IT and OT networks. However, IIoT’s greatest strength is also its greatest weakness: the increasing convergence of IT/OT environments has meant that OT networks are now being exposed to cyber attackers who plague the world of IT.
The challenge of bridging the cybersecurity gap between IT and OT environments is especially tough in the energy sector. As most IIoT assets in the energy sector were traditionally isolated, they were never designed to be secure against cyber threats in the first place, and modern IT cybersecurity tools are incompatible with OT networks. Furthermore, legacy OT assets generally use old and obsolete protocols that are often proprietary to each manufacturer.
Due to the different technology being used across energy firms’ IIoT environments, cyber attacks can be incredibly difficult to detect. The disparate nature of these networks that made life difficult for the attackers before IIoT, is now working in their favour.
AI to aid IIoT security
Just as AI is helping the energy industry leverage IIoT to operate more efficiently, it can also play a huge role in securing IIoT by automatically detecting threats and anomalies.
Using AI, past and predictive models of behaviour can be correlated with online patterns to remove distracting and costly false alarms, as well as to prioritise alerts. It can also be used to create detailed profiles of every single device on the network in order to detect anything out of the ordinary.
Although the integration of IT and OT is bringing new security challenges now, it will eventually become just another element in energy providers’ overall security strategies.