As a U.S. resident, one of things I’m blessed with is a stable electric grid, at least relative to the grid in many other parts of the world. It’s so stable, in fact, that the general public sometimes takes power availability for granted.
The exception, of course, is when a natural disaster or grid outages happen. In the U.S., Hurricane Sandy knocked out power on a wide scale, and back on Aug. 14, 2003, a cascading series of events and errors caused power to go down across wide swaths of the Northeast and parts of Canada.
The utility industry and other stakeholders have begun to increase their attention to prevention and preparedness in the wake of the vulnerabilities exposed by such past crises. One of the responses has been an effort known as GridEx, a drill that simulates vulnerabilities and response to an electrical grid outage. The first GridEx was held a couple of years ago, and now this week, Nov. 13 and 14, the organizers are putting on a larger, more ambitious drill known as GridEx II.
The intent of GridEx is highlighted in this recent New York Times article, but rather than explain GridEx further, let’s turn the preparedness issue outward, and ask, are individual companies and organizations prepared and protected in the case of another grid crisis?
This is where the concept of Secure Power comes into play—putting together power protection systems that ensure that not only do your building systems and information technology (IT) assets stay powered up in the event you have to switch over to generator power, so does all the critical machinery and equipment that carry out your core business processes. Today, we live in a digitized world where manufacturing production equipment, material handling systems, medical imaging equipment, and a whole host of other equipment that used to be analog, electro-mechanical, or photochemical-enabled, is now digital. So the question becomes, how to you protect your exposure to business risk from a grid outage when nearly every class of equipment is digitized, not just traditional IT assets?
The answer lies in applying some of the same type of data center physical infrastructure (DCPI) products that protect IT assets to critical systems for industry and infrastructure. Today, the more well prepared companies employ unterruptible power supply (UPS) gear and other types of DCPI technology to their production assets. In some cases, this gear needs some special features to make it ideal for use in specialized “Secure Power” scenarios, but its basic function is similar to the gear that protects data centers around the world.
Today, UPS increasingly is used to provide high reliability, “always on” power to gear like medical imaging equipment, and many types of industrial process control systems managed by programmable logic controllers. UPS not only provides power availability before generators kick in, some types of UPS serve an important “power conditioning” function by converting and governing the quality of the power going to mission-critical equipment.
From a risk management perspective, Secure Power systems not only ensure the continuity of the production or customer-service process at hand—let’s say it’s mixing a batch of chemicals, or shooting an MRI test—they protect the stream of data coming out of the equipment. In essence, you not only need to keep digitized machines running, you have to protect the information flow from those machines, because there are all sorts of business processes and analytics that rely on the data stream.
There are other technologies involved in Secure Power other than UPS, such as cooling or monitoring solutions. Monitoring can be implemented that not only looks like a limited class of equipment, like UPS units, but also can give facilities or IT staff a view into building control systems, IT systems, power distribution, and the electrical architecture of a building. It’s interesting to note that in the wake of that historic 2003 grid outage in the Northeast, one of the factors that is said to have played a role in the extent of the crisis was the failure to properly monitor conditions at the larger grid level.
An exercise like GridEx II should serve individual companies as a reminder to stop and think about their own level of exposure to risk from problems with the grid. Yes, a company might have good generators and good protection systems for its data centers or networking gear, but has it fully protected the digitized equipment that carry out its core business processes? And, are those mission-critical systems being properly monitored, cooled, and supplied with high-quality power? These are some of the Secure Power questions that people in industry should know the answers to, well before the next crisis.