Cybersecurity of electric infrastructure and facility power

""

Is dependence to electric power the Achilles heel for businesses against the emerging cybersecurity threats? 

Cybersecurity threats to electric infrastructure continues to be a top-of-mind topic for many business executives. From healthcare and data center facilities to commercial and industrial buildings, businesses depend on electric power to continue their operations. Moreover, this dependence has been further amplified with the greater adoption of connectivity and increased interdependence of sub-systems and processes within a facility or business.

For those that oversee these facilities and power generation equipment, being future-ready requires increased cybersecurity. This is a challenge. At Cummins Inc., we make our partners’ challenges our challenges; make their goals, our goals. 

To help our partners in these industries be future-ready, we have asked three experts their take on the cybersecurity of electric infrastructure. These three perspectives aim to provide you with diverse viewpoints on how to strengthen your facilities’ cybersecurity.

How do cybersecurity gaps threaten our electric infrastructure?

Professor Alan Woodward, an internationally renowned computer security expert, offered his perspective on this question. Alan has particular expertise and current research interests in cyber security, covert communications, forensic computing and image processing. Alan is currently a Visiting Professor at Surrey Centre for Cyber Security, University of Surrey. You can follow Alan on Twitter at @ProfWoodward.

Here is Alan’s take on cybersecurity and infrastructure. 

There is more computing power in embedded systems today than is used on desktop computers, yet it goes largely untended. As soon as any system is made “intelligent” it becomes a target for hackers. Being embedded and untended, these systems go on for years without the upgrades that are necessary to keep them secure. Moreover, remote monitoring has moved from private networks to using the internet as the means for communications. Put these together and you have a target that is at high risk of remote attack.

Anyone looking after systems that have any embedded computing power needs to manage that computing infrastructure just as if it was in a data center hosting thousands of websites. It is even more difficult in infrastructure, as some vendors don’t always keep their software updated. We’ve seen examples of scanners in hospitals that could be upgraded to escape ransomware, yet the scanner manufacturer didn’t support the latest software. Anyone managing these devices needs to look at the horizon and think “what if.”

Choosing your equipment vendors has also taken a different dimension. It’s no longer just about who has what certification, meets which standard, or has the best hardware maintenance operation. Now, you need to explore how the vendors keep the software embedded in your equipment up to date and respond to any cybersecurity threats. 

Those managing infrastructure have the worst of both worlds. Hackers are beginning to see them as the soft spot for attacks, and not all equipment manufacturers see software security as part of their core business. 

It’s vital to remember that it’s not just the embedded software that can cause infrastructure issues. You need to be aware of the interdependency between software that directly controls infrastructure and other systems. For example, if a payments system is held to ransom, could your pipeline continue to operate even though the direct control systems were fully functional?

How to prevent cybersecurity threats that could result in power outages?

We have asked this question to Kenneth Holley. Kenneth founded Silent Quadrant – a Washington, D.C.-based digital protection agency and consulting practice – in 1993. Over the past 28 years, Silent Quadrant has delivered digital security, digital transformation, and risk management to the world's most influential government affairs firms, associations, and businesses. With a particular focus on infrastructure security and threat modeling, Kenneth has assisted many clients ensure brand and profile security. You can follow Kenneth on Twitter at @KennethHolley.

Let’s look at Kenneth’s perspective on preventing cybersecurity threats that could result in power outages.

As facilities technology continues its rapid emergence, facility managers and operators have become increasingly reliant on integrated technologies and iot. This convergence of IT and operational technology (OT) underscores the critical role of facility executives. This critical role is to ensure systems security, resiliency, and facility business continuity.  

Facilities need to understand very clearly that there is a new dynamic. Intelligent organizations leverage connected sensors, facilities automation systems, and actionable intelligence to optimize operations and business continuity. This new dynamic means that the threats are now everywhere. This establishes a new level of criticality securing those connected systems designed to prevent power outages.

I encourage all facilities, as part of a broader security assessment, to immediately focus on the following Center for Internet Security (CIS) controls:

  • Secure Configuration of Enterprise Assets and Software (CIS Control 4): Establish and maintain the secure configuration of enterprise assets (end-user devices, network devices, non-computing/iot devices, and servers) and software.
  • Account Management (CIS Control 5): Use processes and tools to assign and manage authorization to credentials for accounts. This includes user and administrator accounts, as well as service accounts.
  • Access Control (CIS Control 6): Use processes and tools to create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts.
  • Security Awareness and Skills Training (CIS Control 14): Establish and maintain a security awareness program. The aim here is to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks.
The 18 Center for Internet Security Controls

Visibility of all assets within your facility is critical. You cannot hope to protect and provide resilience for what you cannot see and control. At the end of the day, integrated and interconnected technologies are designed to enhance overall business continuity. This requires a renewed operational approach to security. 

Cybersecurity in a product’s design and the complete life-cycle

Dwayne Smith brings us the third perspective on this topic. Dwayne has extensive experience in cybersecurity and the adoption of technologies that support a multitude of applications. Those applications also include power generation and electrical distribution. As an engineer in the fields of nuclear and cybersecurity, he has supported initiatives across multiple customers within the Department of Defense, intelligence community, telecommunication, and other commercial business segments. In his current role, Dwayne works within industries that support data centers, manufacturing, marine, rail, and automotive. Dwayne is currently the Global Cybersecurity Engineering Director at Cummins. 

Industries have and will continue to transform the way they design and build solutions. The introduction of new techniques to innovate and deliver products in a more efficient manner account for cybersecurity early in those processes.  

These new techniques rely on how we think about cybersecurity as a priority within the design and manufacturing processes that produce these new products. This requires cybersecurity to be more than a concept that is thought about as a discrete and separate discipline.
Cybersecurity is now something embedded in a product’s lifecycle. Having cybersecurity embedded in how you build products eliminates the need for bolt on protections or to surround the product with protective technologies. These add-ons can be costly to manage, may hamper the performance of a product, or require the early retirement of a product. 

Taking the proactive step to include cybersecurity early in these processes ensures that the product can be resilient over time. This approach can also increase the service time and life of a product so that it can adapt to evolving cyber threats. This reduces the risk impact and ultimately moves cybersecurity from a concept to a measurable quality metric.

The traditional ways of how systems are engineered, tested, and operated already consider the benefits of software and firmware that deliver the adoption of desired features. 

Now, how these systems are engineered, tested, and operated also need to consider the data they collect or generate. That data is key to improving and sustaining products for both the product owner and the product supplier. How to retrieve that data for use, whether through a remote connection across the internet or from within a larger enterprise network requires that cybersecurity be considered end to end during a products life cycle.

Sign up below for Energy IQ to receive energy focused insights in markets ranging from data centers and healthcare facilities, to schools and manufacturing facilities, and everything beyond. To learn more about power solutions Cummins offers, visit our webpage.

Aytek Yuksel - Cummins Inc

Aytek Yuksel

Aytek Yuksel is the Content Marketing Leader for Cummins Inc., with a focus on Power Systems markets. Aytek joined the Company in 2008. Since then, he has worked in several marketing roles and now brings you the learnings from our key markets ranging from industrial to residential markets. Aytek lives in Minneapolis, Minnesota with his wife and two kids.

Unpacking CARB’s trucking rules, regulations and legal challenges

Semi truck driving

The state of California has positioned itself as a central figure in a revolutionary shift from a 100-year path of internal combustion engines (ICE) used in commercial transportation. Within a three-year span, the state has adopted the world’s most stringent commercial vehicle regulations: Advanced Clean Trucks (ACT), the Heavy-Duty Engine and Vehicle Omnibus Regulation and Advanced Clean Fleets (ACF). The three rules work together to gradually transition commercial trucks, buses and vans to zero emission vehicles (ZEVs).

The stringent regulations have generated plenty of praise, collaboration, concern and even legal challenges. Turning away from familiar and trusted technology will be anything but easy but the industry is proving it is possible.

Questions around ZEV cost and capability relative to ICE are not taken lightly by Cummins nor other players in one of the nation’s most critical industries.

As with prior emissions legislation, amendments will undoubtedly emerge as collaborative efforts between policymakers and industry continue. That is currently the case with the Omnibus regulation as proposed amendments are under review by the Environmental Protection Agency. Some of the amendments in question focus on diesel engine testing, warranty periods and aftertreatment. 

“Omnibus, the amended version, got resubmitted to EPA and is calling for increased legacy allowances,” explained Tom Swenson, Director of Global Regulatory Affairs.

Emission legislation passed by the California Air Resources Board (CARB) requires a Clean Air Act waiver from the EPA when it proves stricter than federal policy. CARB has been receiving federal waivers for its emissions policies since the 1960s given its ongoing battles with air pollution.

Geographical features such as valleys and mountains appearing throughout the state can hinder air circulation to keep pollutants hanging around.

“The San Joaquin Valley in California, for example, is like a little trap of NOx,” Uma Vajapeyazula, North American Market Strategy Director, described.

Eager to overcome its unique air pollution issues, CARB has kept a close eye on ZEV development. Once board members decided the technology was up to the challenge of replacing ICE trucks up to Class 8, CARB adopted the Advanced Clean Trucks (ACT) rule in June of 2020. To date, it’s the only one of the three ZEV polices that has received an EPA waiver.

 The ACT rule requires that manufacturers who certify chassis or complete vehicles with a gross vehicle weight rating (GVWR) greater than 8,500 lbs. sell zero-emission vehicles (ZEV) at an increasing percentage of their annual California sales starting with the 2024 model year. The annual reporting began with the 2021 model year.

 OEMs struggling to sell ZEVs can buy ZEV credits from other manufacturers to unlock sales of their ICE vehicles. However, there’s concern that funds used to purchase ZEV credits could impact their bottom line.

 “One question is, ‘Will ZEV credit trades happen between competitors?’” Swenson said.

In September 2021, CARB adopted the Heavy-Duty Engine and Vehicle Omnibus Regulation to “drastically cut smog-forming nitrogen oxides (NOx) from conventional heavy-duty engines. The Omnibus Regulation will significantly increase the stringency of NOx emissions standards and will also lengthen the useful life and emissions warranty of heavy-duty diesel engines for use in vehicles with a gross vehicle weight rating (GVWR) greater than 10,000 pounds. The more stringent NOx emission standards begin with the 2024 model year engines and become more stringent with 2027 and subsequent model year engines.”

 Extending warranty coverage will necessarily increase the cost of equipment, Swenson noted.

 Advanced Clean Fleet legislation rolled out next in April 2023. ACF requires fleets to gradually replace acquired ZEVs while allowing them to retain ICE vehicles throughout their useful life. Per CARB, useful life is defined “as the later of either: 1) 13 years, beginning with the model year that the engine in the vehicle and was first certified for use by CARB or United States Environmental Protection Agency (U.S. EPA), or 2) the date that the vehicle exceeds 800,000 vehicle miles traveled or 18 years from the model year that the engine in the vehicle was first certified for use by CARB or U.S. EPA (whichever is earlier).”

ACF compliance challenges

In August, EPA held an ACF waiver hearing that included a full day of testimony, comments were also accepted online. One of the companies to participate was Sundance Stage Lines in San Diego. The charter bus company currently uses diesel-powered custom-built buses with a 1,000-mile range and 20-minute refueling time. It has stated opposition to ACF’s zero-emission mandate.

“As BEVs, range is cut to approximately 200 miles (substantially less in cold weather), at which point the vehicle requires a four-hour charge at a dedicated high-voltage charger before it can proceed another 200 miles,” Sundance Stage Lines writes. “Thus, any group attempting to access an area not serviced by either an airport or a nearby charter operator will be forced to make other arrangements. This will have substantial negative effects both on motorcoach operators and the traveling public.”

Among the concerns expressed, Sundance noted that “four major motorcoach manufacturers offer at least one of their models as battery-electric vehicles (BEVs.) In converting the vehicle to run as a BEV, all of the buses have lost over 70% of luggage space because the volume of batteries needed to give the vehicle a reasonable range requires the batteries and the accessories normally driven by the engine be mounted in the underfloor luggage compartments.”

Sundance also pointed out the high cost of ZEVs versus ICE. In the case of motor coaches, the company contends the price “more than doubles, from $650,000 each to over $1,400,000 per bus - a cost per unit over twice as high as any other electric vehicle.”

In its ACF waiver request submitted last November to EPA, CARB writes that “anticipated developments will likely both reduce the costs and increase the number of commercially available ZEVs, including projected decreased costs of batteries and improvements in battery energy density due to economies of scale and increasing pace of technology development and decreased costs of other ZEV components resulting from the projected increased production of ZEVs.” 

Legal battles persist

At least three lawsuits that have emerged to challenge the enforcement of ACF make it California’s most contentious trucking legislation to date. 

The first complaint was filed in October 2023 by the California Trucking Association in the U.S. District Court for the Eastern District of California. The challenge has resulted in the state holding off full enforcement that was originally slated to go into effect on January 1, 2024. CTA’s 32-page complaint argues that the state needs a waiver from the Environmental Protection Agency prior to enforcing ACF since its policies exceed federal mandates.

In response, California put ACF enforcement on hold for most fleets pending receipt of an EPA waiver. CTA noted on its website that waivers typically take 9-12 months to process. The state has been enforcing ACF for public fleets since applying for the waiver in November

“They’re implementing and enforcing ACF for state [California] and local government fleets,” explained Mari Mantle, Cummins Regulatory Affairs Manager. “It's the high priority, federal and then drayage [fleets] that they're waiting on the waiver for.”

CTA’s complaint also highlights concerns of ZEVs relative to internal combustion. Acquisition costs of ZEVs, according to CTA, are “projected to be 2 to 6 times higher than comparable ICE tractors”; ZEV range “is less than half that of an ICE truck”; additional refueling stops needed for ZEVs will require additional time and infrastructure and thus limit more route options historically utilized by ICE trucks.

In April, American Free Enterprise Chamber of Commerce (AmFree Chamber) and Associated Equipment Distributors (AED) filed suit also challenging California’s ACF regulation.

In May, the Nebraska Trucking Association topped a list of plaintiffs that included seventeen states opposing ACF: Alabama, Arizona, Arkansas, Georgia, Idaho, Indiana, Iowa, Kansas, Louisiana, Missouri, Montana, Nebraska, Oklahoma, South Carolina, Utah, West Virginia and Wyoming. Several of these same states joined a suit last year against the Advanced Clean Trucks rule.

Tom Quimby headshot

Tom Quimby

Tom Quimby, On-highway Journalist, has a broad range of experience covering various topics for local and national periodicals. His stories and photos have appeared in The Washington Times and more recently in Commercial Carrier Journal, Overdrive, Hard Working Trucks, Equipment World and Total Landscape Care. Tom has reported on Class 1 – 8 commercial vehicles since 2015. A graduate of the University of Southern California, Tom enjoyed growing up around hot rods, dirt bikes, deserts and beaches near San Diego. He now calls Northwest Florida home.

STEM Project Unites Children in the UK and Uzbekistan

Zoom call with West Park School and the Children's Home

If you ever doubted the ability of young minds to grasp what many adults would consider complex concepts, then you'll be amazed by the achievements of two groups of young children - one in a school in northern England, and the other 4,000 miles away in an orphanage in Uzbekistan.

With the support of Cummins, children ranging from six to twelve years of age have managed to bridge the language, culture, and time divide. They are collaborating with great success on building a basic electric racing car.

The story begins with a visit by Cummins to Rudmash Export Service, which has been representing Cummins in Tashkent, the capital of Uzbekistan, since 2018.

Rudmash has an impressive list of clients in mining, construction, gas, and power generation.

It is also a highly respected supporter of community initiatives, a key focus for Cummins.

During the visit, Amit Kumar, Cummins' Technical Territory Manager for the Commonwealth of Independent States (CIS) region, mentioned the work he was doing with local schools involving the Greenpower Education Trust in the UK.

Amit suggested that Rudmash might consider introducing local children to the fantastic learning opportunity that comes from building an electric car.

The Rudmash executive team loved the idea and reached out to their friends at the local orphanage (Children’s Home 22), about the proposed connection with children from West Park Academy – a primary school near Cummins' manufacturing plant in Darlington, England.

Students at the Children's Home working on the car
The children from Children's Home 22 building the car

Speaking through a translator, Rudmash Sales Manager Mr. Mavlonberdi Akhmedov said there was no hesitation from the orphanage. "Everyone was excited about it," he said. "When we showed them pictures of the car, the children's eyes lit up with interest.

"The only issue we encountered was not being able to involve the older children, but I think Amit has something in his mind for them. It will involve a similar collaboration with a UK school on a larger electric car that they can fit in!"

Over in Darlington, teacher Mr. David Fraser and his group of 9 to 11-year-olds were thrilled at the prospect of working with children from another country.

Students from West Park Academy
The children from West Park Academy

"Before our first session, I showed the children a map of Uzbekistan and explained how the time zones worked," Mr. Fraser said. "Tashkent is four hours ahead of us."

"When they started hearing a different language, they were a little hesitant although still excited. However, towards the end, once they got used to the translation pauses, lots of questions were being asked."

"They adapted very quickly, and every session with the orphanage has become more engaging. The children have greatly benefited from the relationship. It's been a great learning experience."

The car involved in the project is called the Greenpower Goblin G2. It comes as a flat-pack kit including chassis, wheels, steering, disc brakes, a 24V electric motor, and two 12V batteries.

Students at West Park Academy working on the car
The children from West Park Academy building the car

"The project is all about inspiring young children to take an interest in engineering in a fun and innovative way," said Amit Kumar, who earlier this year received special recognition at the North-East England STEM (Science, Technology, Engineering, and Mathematics) Awards for his years of dedication to STEM Education.

"The build introduces children to basic mechanics and electronics and might be the first step on the pathway to a career in engineering or another STEM field.

Mr. Fraser said the children soon started discussing aspects of the car such as frames, brakes, and steering geometry. There was a lively question-and-answer session on different materials that could be used to design and make the car's body. Their last session was about controls and driving.

"There are also other general discussions, as the children are eager to learn more about each other's countries," said Amit, who leads the sessions.

Students at the Children's Home looking at the car drawing
The children from Children's Home 22 talking about a drawing while on a zoom call

Rudmash service engineer Mr. Abdullayev Shakhzod said the children were enjoying the experience of working in teams.

"It's a fantastic new chapter in the history of a place that has a storied past. It was established in 1942 during the Second World War to care for evacuees from all over Eastern Europe. Children of over 40 different nationalities have been cared for by this children's home.

"The home is named Antonina Pavlovna Khlebushkina after the woman who ran it in the early days. She would be so proud of what is happening there today.

"As the summer vacation times differ in the two countries, the West Park school children have already finished building their cars, while the Uzbekistan car is about 40% complete.

"When the children return from their summer camp in September, they will start the rear axle, motor, and electrical components. Then they can take it for a drive," Amit said.

"Just before their summer term ended, the West Park children conducted a demonstration for their new friends in Tashkent. They set up a track and showcased driving the car on it. It was a great success."

Mr. Akhmedov, speaking through a translator, mentioned that the management team at Rudmash was considering how the project could expand beyond the children's home and into schools and youth organizations throughout Uzbekistan.

Mr. Akhmedov praised Cummins for their support of the project. "They have shown great responsibility at every stage and been very proactive, always striving to ensure things are done right.

"This is just the beginning for these children. It's already motivating them to learn more and develop their skills in broader technical applications.

"I would say that this project is not only important for the children's home but also for our city of Tashkent and the Republic of Uzbekistan, as it is nurturing an educational culture that is highly valuable. I can't thank Amit and Cummins enough."

Amit expressed that it's a privilege to help Cummins inspire young people about engineering and science from an early age.

Redirecting to
cummins.com

The information you are looking for is on
cummins.com

We are launching that site for you now.

Thank you.