PILOT 1 ENERGY STORAGE & DISTRIBUTION
FRAMATOME, Germany
BRIEF PROFILE
Framatome’s teams design and build nuclear power plants. For more than 60 years, the company has been present at every stage of the process on all types of reactor technologies. Operating from four unique sites in Germany, Framatome employees design and manufacture fuel assemblies, electrical and safety instrumentation and control systems, and specialize in dismantling and decommissioning services for the nuclear industry. Under the brand Coralino, expert teams are leading the development of hydrogen fuelling stations and energy storage solutions to meet the increasing use of renewable energies for low-carbon transportation and temporary storage of electricity. Distributed systems/systems in this area require more flexible remote maintenance concepts. Note that these facilities are usually still critical infrastructures, which places additional security requirements. In light of the current challenges of increasing cybersecurity threats, Covalion aims to ensure the most reliable security possible.
SCOPE
To ensure a safe operation, feeling stations need to be operated securely too. The manufactured fueling stations are handling up to 100 buses per day, which demands for several tons of hydrogen, efficient and reliable processes and backend implementations, and makes those plants critical infrastructure. These infrastructures demand high security to prevent unauthorised access, data breaches and potential operational disruptions. All this through system monitoring to detect any unusual activity, access control to operational and control systems, reporting and incident response.
The interfaces with these systems are of different shape. Besides tank card readers, there is need for web-access to several systems from the different stakeholders, like the operator itself (“Operator A”), hydrogen providers, and the providers of different technical components for service activities and optimisation (“Remote Maintenance XYZ”). The web-access is handled by a secure gateway using 2-factor authentication, and gives the remote staff just the right amount of access (least privilege principle; see in the picture: 2FA Server grants Operator A only access to the internal Server and Remote Maintenance XYZ only access to PLC XYZ) to the internal network to interact with dedicated systems.