Six Key Considerations for Power Generators Evaluating Remote Operations Solutions

“The pandemic and its economic impact have ignited and accelerated permanent operational changes across industries. A solution [for] remote operations enables Power Generators to adopt remote staffing, flexible resourcing, centralized monitoring, and autonomous operations."

          -  Kevin Prouty, IDC, Group VP, Energy & Manufacturing Insights

The pandemic has clearly raised the need for Power Generators to operate reliably under unexpected circumstances. But more importantly, it is accelerating the awareness and adoption of a flexible, location-independent operating model. Control room functions need no longer be confined to the control room. Remote expertise can be called on as needed. Certain job functions can be centralized and provided on-demand across plants. A detailed list of uses goes on to include:

• Contingency operations
• Fleet operations control center
• Un-staffed plant operations
• Leveraged expertise and support
• Onsite mobility and collaboration
• EPC and third-party monitoring and support

What is a remote operations solution and what does it do?

What does a remote operations solution do? In short, a remote plant operations solution provides power generation operators with the ability to permanently support remote and mobile worker access to on-site plant monitoring and control systems – all in a safe, secure and NERC-CIP compliant package.

There’s much to unpack here in terms of features, functions, and security. Whether you intend to purchase a commercial solution or pursue in-house IT development, here are some of the most important factors you need to consider when choosing your path forward.

But before we start, one question is often asked.

Do I really need a commercial product for “remote HMI”?

Simply enabling remote access to in-plant HMI screens is not rocket science. Many organizations have “back door” VPN access capabilities for a quick emergency. But, the do-it-yourself approach typically falls short in security, compliance, access controls, user functions, safety, mobility and more. As remote plant operations become a permanent fixture of an overall operating  strategy, these considerations come to the forefront and most often demand a commercial-grade solution.

Below are the key considerations emerging from our customer interactions, implementations and industry expert discussions. We’ll start with the critical underlying security and controls foundation and then shift focus to user functions and safety.

• Security, compliance and reliability
• Access controls and monitoring
• Interactive permissioning
• HMI and other user capabilities
• Mobility features and safety
• Multi-vendor and equipment compatibility

Security, compliance and reliability

First things first. A secure zero-trust communications backbone is a must for full risk mitigation and compliance with NERC-CIP and other regulations.  Among other things, this requires a dedicated on-premises security appliance and firewall deployed in a separate security zone with no direct connection to the plant equipment.

There are many technical details to note in this domain, including pixel-only transfer (screen images, not actual screens), data encryption, file transfer controls and more that are beyond the scope here, but these details can make the difference of whether a solution forces your site or entire fleet to a NERC-CIP High or Medium category.  Here and in the following section we are speaking of the level of sophistication already in use today for online banking and other cases where security is absolutely critical.

Always-on availability and reliability are other important solution attributes. Look for a robust high-availability configuration option and understand what safety features the solution provides should control room communication be completely disrupted. Needless to say, this is especially critical when operating plants with zero onsite staffing.

Access controls and monitoring

Hand in hand with a secure backbone is the control and monitoring of user access. As Kevin Prouty of IDC notes, “Beyond security and compliance requirements, customers need to have granular access, permissioning, and safety controls that allow location-independent work without undue risk.”

Multi-factor user authentication is a must, preferably including hardware tokens. Going further, a central administrator should be able to specify granular access control per user. Must-have parameters for power generators include: equipment lists, time windows, and monitor vs. control. These are basic access scope definitions, final equipment access at a given time should still be granted by a designated control room operator.

For proper system administration, security and compliance, the system must also support full session monitoring, alerting, event logging, log export, and ideally, full session recording.  The latter is critical for forensic investigation but can also be leveraged for staff training.

Interactive permissioning

A remote operations solution will often be used as part of a real-time collaboration among staff ranging from in-plant control room operators, to remote operators, engineers or supervisors, to in-plant mobile maintenance staff. Someone must be in charge. Control changes must be clearly requested and granted. Everyone needs a clear view of who is in control.

These features are highly recommended for proper risk and safety management and should include a simple and intuitive built-in user interface for permission controls and status. Compatible audio communication may also be a desirable feature. 

HMI and other user capabilities

The user now has secured communications, access rights and has been given active permission. Which existing control room screens are to be accessible? Are there custom or summary views that should be added? Are there other functions, such as remote e-stop, that are desired?

Your goals and circumstances will dictate your requirements. The important solution criteria are that the technology can support all of the above and that your vendor has the capability to provide remote access to any of your existing systems and also can guide and create any new custom screens desirable.

Mobility features and safety

Remote operations access should be enabled for any type of user and location, so native support of iPad or industrial-equivalent devices is important. But simple direct screen display is rarely sufficient. A shrunken replica of a complex HMI screen may have limited use and be a safety risk.

The experience and skill set to create optimized mobile displays is therefore an important factor. Moreover, a highly capable mobile interface in the hands of in-plant maintenance staff demands built-in safety features. Beyond the permissioning features mentioned above, look for: automatic locking, view-only default mode and most importantly, intent verification for actions taken.

Multi-vendor and equipment compatibility

Even if your first phase implementation does not require remote/mobile control of equipment and software from multiple suppliers, rest assured that eventually you will need it. Whether for expanding across plant equipment or for broader fleet deployments, you will want a vendor-agnostic solution. That does not preclude choosing software from a well-known equipment supplier but be sure to validate their credentials outside of their own equipment.

The global pandemic has demonstrated the criticality of emergency remote operations capabilities. But the long-term flexibility and cost reduction benefits of incorporating plant-independent operations are clear and compelling. As the energy market continues to evolve, the strategic focus on these factors is only increasing. A remote operations solution is an important technology pillar to enable a long-term winning strategy for any power generator.