Читать книгу Maintaining Mission Critical Systems in a 24/7 Environment - Peter M. Curtis - Страница 41

It is important to address the physical and cyber security needs of critical infrastructures, including systems, facilities, and assets. Security requirements may include capabilities to prevent and protect against both physical and digital intrusion, hazards, threats, and incidents, and to expeditiously recover and reconstitute critical services. Personnel should be trained and made aware of security risks and consequences, ensuring that sensitive information will not be leaked and lead to a security breach.

A sensible and cost‐effective security approach can provide a protection level achieved through design, construction, and operation that mitigates adverse impact to systems, facilities, and assets. This can include vulnerability and risk assessment methodologies that identify prevention, protection, monitoring, detection, and sensor systems to be deployed in the design. Also, less frequent, but greater consequence risks must be taken into consideration. No longer are accidents, the only risks to be expected, but deliberate attacks must be accounted for as well.

The increased use of advanced information technology coupled with the prevalence of hacking and unauthorized access to electronic networks requires physical security to be complemented by cyber security considerations. Hacking techniques are becoming more sophisticated, and before enabling remote access for monitoring and/or control of critical infrastructure systems, cyber security protection must be assured. Major damage can be done remotely, and the greatest effort should be made to prevent illicit access to critical networks.

For mission critical facilities, this cements the need for the design of backup power systems – including UPS, generators, transfer switches, etc. – to be on par with the challenges facing us as today’s digital society evolves and necessitates the digitalization of the power grid. The importance of ongoing and technical maintenance programs, coupled with strong training and education, should also be stressed. Without these elements, no business recovery plan will be successful.