Finding extraordinary engineers for exceptional clients

Cybersecurity in the power sector

October 14th, 2014
Credit: Thailand Smart Grid
Credit: Thailand Smart Grid

 

The growing risk of cyberattacks on energy sector facilities is a threat that power infrastructure operators cannot ignore. Tildy Bayar speaks with some of them to find out what can be done to protect your facility

 

New risks in the operation of power infrastructure are appearing all the time, including some that wouldn't have been dreamed of even a decade ago. The latest of these to hit the headlines is the risk of cyberattack, brought to the world's attention by the recent 'Energetic Bear' malware attacks. And this risk is growing: a 2013 survey by computer security firm Kaspersky Lab found that 91 per cent of organizations had experienced cyberattacks in that year.

Cybersecurity experts have noted that the shadowy group behind Energetic Bear, dubbed 'Dragonfly', has increased its targeting of energy companies in recent months. Security software maker Symantec identified a shift in the group's focus from around March of this year, with 50 per cent of its targets in the energy sector and 30 per cent in energy control systems.

In a July report, Symantec outlined Dragonfly's widespread campaign of cyberattacks on energy firms in the US, Spain, France, Italy, Germany, Turkey and Poland. Among the targets were grid operators, major power generation companies, petroleum pipeline operators and equipment providers. While the hackers used their illicit access for spying, Symantec said, if they had decided to use it for sabotage they could have damaged or disrupted energy supplies in many countries.

So where exactly are the vulnerabilities in power infrastructure, and how can you protect your facility from the risks associated with cyberhacking?

It's all about the SCADA

In a new kind of hacking exploit, Dragonfly's attacks compromised the targeted plants' industrial control systems. In conversations with cybersecurity experts, it quickly emerges that what is vulnerable in a power station is the control system known as SCADA (Supervisory Control and Data Acquisition). Most SCADA systems utilize human-machine interface (HMI) software that allows users to interact with and control machines and devices. If a hacker can gain access to that control software, it's literally lights out.

SCADA systems underpin virtually all of today's industry, including the energy sector. And there is a simple reason why they are vulnerable to attack: the SCADA architecture was designed before cybersecurity was an issue.

"Big power plants and big energy producers are under heavy and severe threat because 10, 20, 30 years ago we implemented SCADA systems into our networks," says Daniel Jammer, founder and CEO of Israeli cybersecurity firm Nation-E. "The SCADA monitoring tool helps to integrate the network seamlessly, and to make it basically as optimized as possible. In the last 15 to 20 years a lot of network infrastructure was implemented to optimize this kind of SCADA. Nobody was thinking energy sources will be attacked, systems will be attacked - it was a totally different world than today."

Training programmes such as the UK's CybX centre take staff through mock cyberattacks
Training programmes such as the UK's CybX centre take staff through mock cyberattacks
Credit: Serco

Enter MicroSoft

"In the past, ICS [information control systems]was completely isolated from the world," says Shaker Hashlan, ICS Security Engineer at the Saudi Electric Company's Najran power plant. "It wasn't even using TCP/IP technology as networking architecture and didn't even use Microsoft Windows as its underlying operating system (OS). So there was no issue there - most systems were electrical or nomadic, with no microcontrollers in the middle.

"Then the chasm between the two technologies started to shrink," he said, as customers requested more user-friendly workstations and HMIs with which to configure their equipment. "So the need was there, and vendors had to go with the need."

The shift from proprietary systems to the Windows OS was gradual, from around 1995-1999 until 2000-2001 when Windows XP came on the scene. With the early XP machines "there was no need [for security] - Windows Firewall wasn't even enabled by default," Hashlan explained. By 2002 the OS "was sophisticated enough to be used in control systems - and then every vendor started using it everywhere."

In 2010, he continued, the ICS industry "was shaken to the core" by the appearance of the Stuxnet worm - the virus which infected over 50 per cent of Iran's computers and reportedly brought down one-fifth of the nation's nuclear installations. "Then everybody saw the potential and the fame of attacking industrial control systems," Hashlan said, "and how vulnerable they can be to the most basic attacks."

According to Jammer, "cyberattacks like Energetic Bear are hurting systems because … [the hackers] are in control of power plant infrastructure. They can turn it on, off, do whatever they want. For the first time we're really in a big problem because there is a third, fourth, fifth party in supercritical infrastructure. Our energy supply is, for the first time, insecure."

How do the hackers get in?

With the growing complexity of modern energy infrastructure and the increasingly centralized control of ICS systems comes correspondingly increased risk. According to Symantec, many SCADA and ICS systems sit outside traditional security walls and are vulnerable if a hacker knows where to look. And your system is far from difficult to find - in fact, it's just a click away.

"There is a website called shodanhq.com, which is like Google for vulnerable systems on the internet," Hashlan says. "You can go there and, say you're looking for SCADA gateways, it will show you all of the vulnerable ones in the world and give you the username and password. I found a site with an Apache [web] server and figured out that I'm looking at the summary page of a power plant in South Korea. I can tell how many MW output, even see the amount of fuel from the flow meters. Cyberattacks aren't that hard."

Also ubiquitous is Metasploit, a tool that can be used "to hack anything from a small webcam to a turbine control system or a tank management system - it can do anything if implemented correctly," Hashlan says. "An exploit [hack], once developed to a vulnerability, is uploaded to the set repositories, which can be download to Metasploit with a simple command and deployed. Any script-kiddy [novice hacker] can do this."

With the growing use of smart grid technology, more new energy systems are increasingly connected to the so-called Internet of Things, which opens up new security vulnerabilities due to the sheer number of connected systems and the low or nonexistent security often placed around simple devices. (A 2013 Forbes article about Shodan, titled "The Terrifying Search Engine That Finds Internet-Connected Cameras, Traffic Lights, Medical Devices, Baby Monitors and Power Plants", detailed how a power station's internet-connected security, lights, and heating and cooling systems can be vulnerable to attack.)

And there is, as always, the human factor. In addition to writing and deploying malicious software, hackers use more traditional spying methods. "Dragonfly are using something similar to Stuxnet, but how are they launching attacks?", asks Hashlan. "Their main tool is phishing emails! Put a small type of malware in an email, and an employee's curiosity will do the rest. He will follow by using a USB stick at some point on his machine, then using it on his HMI or his workstation. Once that happens, the malware will start sending data collected from the system to the [hacker] group, and they can upgrade their attack via their command and control software."

As a certified ethical or 'white hat' hacker, Hashlan says he has to think like a 'black hat'. "If I were to want to hack a power company," he says, "I wouldn't be directly attacking the firewall, especially if I don't know more details about it - or any other machine on the network, for that matter. A hacker will try to physically compromise the system, find a disguise and walk into the power plant, or try dumpster diving. I'd try 'social engineering': talk to someone I know who has the information there. The idea is that it's not just about cybersecurity; it's the whole package. And once I have physical access, it's mine."

Protecting critical infrastructure

"The moral of any story involving cybersecurity is 'protection, protection, protection'," says Hashlan, and cybersecurity firms indeed advocate multiple protective layers around critical systems. For Hashlan, protection should be not only multi-layered but also multivalent, involving security around software systems, physical infrastructure and human awareness.

First, he says, plant managers need to make sure their software is fully up to date with the latest upgrades and patches, which fix known vulnerabilities, and conforms to international standards. (The first such standard, the SDLA certification, was released in July by the US-based ISA Security Compliance Institute. It certifies that a supplier has designed cybersecurity into its products' development and support lifecycle processes, and follows them consistently. Other standards are in process.)

Will Rockall, a director in KPMG's security practice, has written that Energetic Bear "brings to light the need for companies to pay attention to cybersecurity across all hardware and software that make up their ICS. This includes making sure they are performing sufficient due diligence on their software suppliers' security controls."

Next, says Hashlan, plant managers must thoroughly document any changes made to the plant, creating a change management system to track modifications - a complete history that will enable forensic cybersecurity analysts to find what might have caused a vulnerability and provide a lessons-learned case to be fixed at other facilities.

For protection, he recommends the 'Demilitarized Zone' (DMZ) approach, which is modelled on a US military technique and which he compares to an egg. "You have the strong outer shell (the outer permitter), a strong firewall, then you start going into the white part: another firewall, but with less aggressive protection to allow the HMIs to work smoothly without noticeable delay, then another firewall or a router with a simple access control list, then a really nice runny yolk: your embedded systems that are so sensitive that sometimes, just by pinging them, you could shut them down," he says. "But you need to really harden the shell."

The DMZ approach to network security
The DMZ approach to network security
Credit: Synergist

The DMZ approach is recommended by standards bodies including the Industrial Automation and Control Systems committee (ISA99) and the International Electrotechnical Commission (IEC) because it "will give the bad guys more work to do to penetrate the system, if they can," Hashlan says.

And what are the bad guys after? Matt Middleton-Leal, UK and Ireland regional director at software security firm CyberArk, says, "Today, attackers looking to infiltrate any organization's networks almost always look to take control of the most powerful accounts and access points - privileged user accounts. In the case of critical infrastructure … flaws in [SCADA and ICS] systems, such as unmanaged, poorly secured or shared privileges and other administrative accounts, further compound the security risks.

"With this in mind," he continues, "energy and utility companies must ensure that they are safeguarding their critical assets and mitigating the risk of attack by taking a layered approach to data security. This means securing traditional IT systems, SCADA, ICS and their process controllers with a centralized system capable of controlling, managing, monitoring and reporting on all remote and privileged account access."

Last but not least, Hashlan says, plant managers need to institute awareness campaigns among employees in order to avoid human-factor incidents. You need to "treat cybersecurity as an on-the-job health and safety concern," he says. "You need to educate your employees, tell them about phishing emails or, if an email is from someone you don't know, don't open that link. We need to raise awareness, especially at management level because [managers] don't usually have a good idea about this."

Nation-E's Jammer gives the impression that the firm's approach is designed as much to ensure fast recovery after an attack as to keep attacks from happening. Of course it does include serious protection: it goes beyond software-based defences to building an actual physical protection layer, a backup network which is connected to existing systems but is not integrated into the SCADA system, so does not offer hackers an open protocol. When the software recognizes that a certain line of communication (a TCP/IP line, GSM or satellite communication) is being attacked, it automatically abandons that line while other communication protocols, dormant until this stage, are prioritized and utilized as the main line of communication.

On the recovery side, the firm builds a mirror of the customer's existing infrastructure, making it possible to define which services will stay online in different emergency scenarios. And due to its bidirectional communication structure, Nation‐E says its solution can prioritize energy assets and optimize energy supply. For example, it can jump-start a storage system until a generator reaches maximum capacity and is ready to take on some of the load.

While the company works with software security firms like Symantec, Jammer does not believe firewalls alone can offer full security. With a backup network, "even if all systems are contaminated, you can still continue business and disaster recovery," he says.

A power plant SCADA system
A power plant SCADA system
Credit: Automatrix

Look to the supply chain

Companies don't just need to worry about protection within their own organizations. Richard Ryan, Executive Director in insurance broker Willis's Financial and Executive Risks practice (FINEX), notes that according to a 2013 survey by insurer Allianz, cyber-risk is a new addition to the top 10 risks on UK company risk registers, coming in at number seven. The number one listed risk is business interruption due to supply chain risk - which, Ryan adds, can include the effects of cyberhacking. He points to the recent attack on US retailer Target, which was hacked through someone in the store's supply chain - a heating, ventilation and cooling (HVAC) engineer. "It is important that a company's resilience measures seek to make sure their supply chain is adopting equivalent or better cyber-risk mitigation [than their own]," he says. "As infrastructure companies grow and become more complex, they become a harder target to breach because they become more adept in investing in protection - so a hacker is going to look down the supply chain."

Make sure you're covered

According to Jammer, there is no certain way to avoid being hacked, no matter how much you spend on protecting your systems. "If you are a utility working with SCADA," he says, "every year you're investing more and more money in order to close the attack loophole. Ten years ago you spent $5 million, nine years ago $15 million, eight years ago $20 million - the price continually goes up. The possibility that one piece of malware will infect our systems is always there."

So, with all there is at stake, power producers need insurance to cover them if and when something does happen - and the range of available coverage is growing. According to Ryan, "cyber risk products [will cover] things like cyber-extortion, which could be a growing concern for infrastructure companies; business interruption; network degradation or failure; loss of income; loss or damage to digital assets (updating or replacing software); reputational harm - obviously a big one; and data breach. Expenses in the wake of a cyberattack can also be covered, such as forensic engineers (to identify where the hack came from, where there's been a data breach, and what information they may have got) and lawyers (where there are legal disputes)."

But before applying for insurance, companies need to make sure they have taken the necessary steps to protect themselves - in the same way that your homeowners' insurance may be invalidated if you go on vacation leaving your windows open and doors unlocked. In order to qualify for cyber-risk insurance, says Ryan, a company must fill out a comprehensive proposal form, then an insurance broker will go to the market and find out which insurers are likely to underwrite that risk. Then, with the broker, the client and the insurance companies engage an independent IT specialist.

"The IT specialist then provides a report to make sure the insurer is satisfied that the company is suitably resilient to cyber-risks," Ryan explains. "The specialist looks for a number of things: firewalls, antivirus protection, USB port management, email filtering and control, web filtering and control, corporate network border firewalls around SCADA, network access controls, and Windows file and permissions management."

Lloyd's of London has said that poor 'test scores' from security risk assessors have forced it and other insurers to turn down potential high-value contracts. According to Middleton-Leal, energy companies receive these poor scores because they have not yet "appropriately addressed" the risk of cyberattacks.

Finally, insurance is not defence, Middleton-Leal warns. "While cyber insurance is undoubtedly a good idea given the catastrophic financial implications of an attack, the worry is that it will become another fall-back position, allowing companies to remain dangerously complacent regarding the threat to their business." And, says Ryan, companies need to be aware that some insurance companies seek to exclude cyberattacks on, for example, property policies. "Companies need to review their risk profile and ask whether it's covered under their policy," he warns.

Preparing for a dangerous future

In a mark of growing realization of the changing risk environment, Aegis London active underwriter David Croom-Johnson has called for the formation of a centralized body to oversee cybersecurity for the energy sector. He has suggested that the body could be modelled on the Institute of Nuclear Power Operations, which promotes safety in nuclear power facilities.

"We need a unified industry response to risk management, security, incident response, threat intelligence and loss control," he says. "Critical infrastructure companies would like unified guidance; no-one wants a repeat of the situation which occurred after US retailer Target was attacked, with regulators and shareholders becoming increasingly aggressive and militant."

However, Croom-Johnson says, governments must understand that insurance cannot be the total solution to cyber risk. "Governments tend to think there is unlimited capacity within the insurance market," he said. "This is far from the case. Insurers have only a finite capacity to respond, and indeed some will not wish to respond at all. Governments need to work with us with the objective of increasing cyber risk management and risk modelling capabilities, and of improving security."

Jammer agrees. "Governments and institutions need to work more together to protect the most vulnerable assets," he says - and there are encouraging signs that they are beginning to do so. For example, the US government recently released a Cybersecurity Framework for power plants, water treatment companies and other infrastructure firms, and is reportedly considering arranging for cybersecurity insurance for these facilities.

Then there's the front-line defence approach. Cybx is a new cybersecurity training programme in the UK, set up by the Cabinet Office's Emergency Planning College. Cybx is a simulator where technical staff are trained in mock cyberattacks -- a sort of boot camp for those in the front line of cybersecurity. The programme simulates attacks by the latest malware and attack vectors and offers certification for staff. (Cybx is operated by outsourcing firm Serco, which was hacked in 2012 resulting in the loss of data on employees enrolled in the UK government's pension plan.)

Nation-E's newly-opened Energy Cyber Security Center in Israel offers staff training in a micrgrid environment
Nation-E's newly-opened Energy Cyber Security Center in Israel offers staff training in a micrgrid environment
Credit: Nation-E

Serious business

The consequences of cyberattacks can be especially grave for energy companies. "A lot of problems happen when companies update very old SCADA systems," says Ryan. "During that time it's all quite unstable. For example, say the network on an oil rig is being updated, and a guy comes on and plugs in a laptop, and malicious software goes in. Some days later, when he's off the rig, it creates an explosion and a major environmental disaster." In terms of insurance, he adds, "at the moment this is uninsurable - there isn't enough insurance capacity in the market to underwrite that risk."

"I want people to understand how important this is," says Hashlan. "Last year alone, looking at the actual impact of cyberattacks made on industrial control systems in the world, 5 per cent of the attacks resulted in loss of life."

While if your computer is hacked in the IT sector "the worst that can happen is you lose your email access," he adds, "here we're talking about the lives of those who work to provide energy that we desperately need these days. If a hacker can plant fake historical data and send it to the alarm system, it will affect the way engineers do troubleshooting; they will do something wrong and, in a worst case scenario, cause a horrific incident."

"We need to wake up to threats beyond sci-fi that are now reality," says Jammer. "We need to wake everybody up to mitigate this kind of problem. It's not too late - we're seeing only the first signals telling us that we need to wake up. The world is changing and we need to change too."

More Power Engineering International Issue Articles
Power Engineering International Archives
View Power Generation Articles on PennEnergy.com

A bad week for UK wind power

October 10th, 2014

Wind power proved unpopular in the UK this week, with protests over several projects generating debate at the local and parliamentary levels and obstacles arising for other planned projects.

In Northumberland in England, the county council’s planning committee refused construction applications for EnergieKontor UK’s nine-turbine and five-turbine wind projects after public protests over their predicted visual impact. The refusal surprised some commentators as the developer had offered the community a £3.3m ($5.3m) financial package to develop a long-desired rail station and set up a community fund. Nevertheless, local activists went so far as to create a protest website, www.noturbines.com.

Brenda Stanton, chair of a local parish council, was quoted as saying: “I’m delighted by the decision. Tourism is the life-blood of the area so everybody was so afraid whether people would invest any more money. We live in a Conservation Area and we are so close to the Area of Outstanding National Beauty too.”

In Bournemouth on England’s southern coast, a report issued by the local council argued that the proposed 194-turbine Navitus Bay offshore wind farm could have “dire consequences” for the local economy to the tune of £100,000 per year, and could put up to 2000 jobs at risk.  Navitus Bay Development Ltd, a joint venture between EDF Energy and Eneco Wind UK Ltd, called the figures “misleading” and Mike Unsworth, the firm’s project director, was quoted as saying: "The council have based this figure on one statistic from our tourism survey, but it is misleading to view this data in isolation and to then extrapolate in this way. In fact, [wind] turbines have often boosted tourism in a number of locations.”

Last week the local council voted unanimously against Navitus Bay’s planning application.

Meanwhile, global wind developer Wind Prospect has appealed after a council failed to decide on its planning application for construction of the nine-turbine, 20.7 MW Mount Lothian wind farm in Scotland. A spokesman for the firm, a subsidiary of EDF Energy Renewables, said: “The planning committee was expected to consider the application by the end of May, within the 16 week determination period from the date the planning application was submitted. The decision to lodge an appeal was taken as the council did not determine the application within the statutory 16 week period and did not request for that period to be extended.”

And Scotland’s parliament has debated plans for a 24-turbine, 75 MW wind farm near Rannoch Moor, with objections to the project’s predicted visual impact lodged by the Mountaineering Council of Scotland.

A spokesman for developer Talladh-a-Bheithe Wind Farm Limited was quoted as saying that the "carefully balanced project" would minimize views of turbines from key areas. He said: "Our proposals have developed throughout an extensive consultation process in response to community and statutory consultee feedback. Should our proposals be consented, they will make a valuable contribution towards Scottish and UK government energy targets."

And in Scotland’s East Lothian, a public inquiry has been launched into plans to lay underground cables for Mainstream Renewable Power’s proposed 75-turbine, 450 MW Neart Na Gaoithe offshore wind farm. The scheme is expected to create hundreds of jobs and could power as many as 325,000 homes, but issues around land use rights have proved problematic.  

Despite all the negative publicity for UK wind development, this week Vince Cable, the government’s business secretary, said that opposing wind farms because they are ugly is “irrational”. There is no difference between wind turbines and the electricity pylons that already dominate the nation’s skyline, he added.

Cable, a Liberal Democrat, also slammed his party’s governing coalition partners the Conservatives, saying they have an “irrational phobia” of onshore wind farms which is damaging the UK economy. And LibDem energy secretary Ed Davey said this week that “Onshore wind has been growing fast under [the coalition government]. It now generates around 5 per cent of our electricity, and it’s still growing. But the [Conservatives] don’t like this. Day after day they’ve urged me to cap onshore wind. I’ve just said no. Not just because it’s vital for climate change. But also to keep energy bills down, as onshore wind is now the cheapest large scale green energy option.”

Also this week, Davey accused Conservative communities secretary Eric Pickles of “abusing ministerial power” after Pickles announced that he would intervene in more onshore wind application appeal cases.

Pickles has nixed 10 out of 12 planning permission applications for onshore wind farms in the past year, with four of his decisions going against recommendations by planning inspectors. Commentators say the communities secretary is “killing” the UK’s wind sector.

In response, Department for Communities and Local Government chief planner Steve Quartermain said: "The engagement of the secretary in decisions at appeal amounts to 7 per cent of all decisions on wind farms. I don't think that's a disproportionate engagement in the planning system."

DNV GL comes out on top in E.ON wind forecasting competition

October 10th, 2014

A competition run by E.ON to test accuracy in wind power computer modelling has been won by DNV GL.

The achievement in predictive analysis is likely to lead to a direct improvement in the financing conditions for wind project developers, thereby reducing the cost of electricity delivered to the grid and improving returns.
Wind forecasting
Renewable Energy Foucs reports that the blind test challenged six participants, including some of the most reputable consultancies in the global wind industry, to accurately predict the wind regime at eight wind farm sites.

The most attractive wind farm sites are often found at locations where the wind conditions are difficult to quantify. Examples include sites affected by atmospheric stability, exposed and hilly sites as well as wind farms in or near forests. An ongoing challenge for the wind industry is to accurately predict the variation of wind speed across such “complex” sites in order to determine a credible estimate for the energy output of the project in question.

Participants were asked to make their best predictions of the wind conditions at locations corresponding to existing measurement masts at each site. The predictions were then compared to the actual measurements; the smaller the difference, the higher the ranking in the blind test.

DNV GL in recent years has developed cutting-edge computation fluid dynamics techniques to boost accuracy further.

Rosatom retracts South Africa nuclear contract announcement

October 10th, 2014

News that Russian state-owned nuclear firm Rosatom was to build a fleet of power plants in South Africa has been retracted by both parties amid confusion over the original agreement.

In late September Rosatom issued a statement quoting South African government officials, in which it said it had been given the right to build a number of nuclear plants in the country. However, this week the firm said that wasn’t what it meant to say.

"The wording from Rosatom wasn’t well chosen," Viktor Polikarpov, regional vice-president for sub-Saharan Africa, was quoted as saying. "We have to admit that we worded the statement wrongly. It was lost in translation."

South Africa’s energy ministry also issued a statement, saying that its strategic partnership agreement with Rosatom confirmed only the possibility of future co-operation in the nuclear sector.

While South Africa is seeking to procure 9.6 GW in nuclear capacity, it has not yet announced a tender, which is required by law before any contract can proceed. The head of the nation’s nuclear programme, Zizamele Mbambo, told South African media that the government intends to make strategic partnership agreements with other countries as well.

When the agreement with Rosatom was signed in September, there was confusion over its wording with South African lawmakers suspicious that it would enable Russia to limit their country's trade with other nuclear providers. While the government denied this claim, details of the deal were not released to legislators.

Rosatom has said that, if contracted, it will apply for a $50bn loan from the Russian government to help fund the nuclear plants. The firm said it will bid around $6500/MW for the contract, which South Africa has said could consist of up to eight power plants, most of which would be planned to be operational by 2030.

Agreement on $5.2bn coal-fired power plant in Myanmar

October 10th, 2014

Ratchaburi Electricity Generating has agreed to co-invest in a new coal-fired power plant in Myanmar.

Ratchaburi, Thailand's largest private power producer has confirmed it had signed an initial agreement with Myanmar to work with three other firms on the plant.
Myanmar flag
The three companies are Blue Energy and Environment, Vantage Company Limited (Myanmar) and Kyaw Kyaw Phyo Company Limited (Myanmar), the company said in a statement.

The agreement is the starting point for developing the 2,640 MW plant, which is expected to require about 170 billion baht in investment.

EDF chief attacks Energiewende

October 9th, 2014

The chairman of France’s biggest utility has blasted Germany’s energy policy, referring to it as a disaster.

Henri Proglio, chairman and chief executive EDF told reporters in London that while France undoubtedly has problems, their neighbours’ difficulties with the imposition of their ongoing Energiewende policy were far more acute.
Proglio
“When it comes to energy they are in a disaster,” he said. “The two major companies, Eon and RWE are under huge pressure. One is more or less dead, the other is in a very difficult situation.”

Proglio was responding to a question about perceptions of France’s own faltering economy, which he agreed had difficult challenges to face.

 “It’s very difficult to make a judgment about France in a few minutes. It’s a country where you have some very good and some very bad examples. We have to force the country to make some improvements in public overheads to drive more investments,” he said.

RWE announced a 62 per cent fall in profit in August and said it planned to shut down more power stations. Germany’s second-biggest utility by market value blamed its situation on the expansion of renewable energy, which it said had left many of its power stations unable to cover their operating costs.

Alstom awarded wind farm contracts in Brazil

October 9th, 2014

Votalia Energia do Brasil has handed Alstom a $17.8m contract to provide electrical balance of plant systems at two wind farms in north-east Brazil totalling 201MW.

The contract includes medium and high voltage systems and the French company will be responsible for the construction of the collection system, step-up substation, transmission line and connecting bays.
Wind turbine
High voltage equipment will be manufactured locally in Alstom’s (Euronext: ALO) plants at Itajubá and Canoas.

The Ṣo Miguel do Gostoso complex with a total capacity of 108MW is located in the state of Rio Grande do Norte and is made up of four wind farms РCarna̼bas, Reduto, Ṣo Cristo and Ṣo Jọo, each with 27 MW. It so is scheduled to start commercial operations in March 2015.

Meanwhile the Vila Amazonas complex, in the state of Ceará, has a total capacity of 93MW from Junco 1, Junco 2 of 24 MW each, Caiçara 1 of 27 MW and Caiçara 2 of 18 MW. They should start serving the grid in 2016.

“In the past year, Alstom has been selected in Brazil for more than 10 projects in the wind energy sector… reinforcing Alstom’s growing leadership in the wind segment in Brazil,” said Alstom Grid vice president Sergio Gomes.

Honduras utility forecasts losses of 31.7 per cent by 2015

October 8th, 2014

Honduras's state-owned energy firm the National Electric Power Company (ENEE) has said it expects losses of 31.7 per cent next year. Of that percentage, 12.5 per cent will come from technical losses and 19.5 per cent form commercial losses.

Esmerk Latin American News said that the public company will lose over $400m due to a lack of maintenance on its transmission lines.

Local newspaper El Heraldo also quoted figures from The World Bank pointing out that energy prices and electricity losses are the main causes of ENEE's delicate financial situation.

Almunia says Hinkley approval sets no precedent

October 8th, 2014

European Commission vice-president Joaquín Almunia said today that the EC’s approval for Hinkley Point C nuclear plant in the UK “will not set any precedents”.

He stressed that the go-ahead for revised plans for the project (see European Commission votes approval for Hinkley Point) did not mean that Brussels was favourable to nuclear at the expense of renewables, which it has long backed.

“The choice to promote nuclear is a choice by the UK”, he said, and added: “There is no change of energy policy in the EU.”

Speaking at a press conference this afternoon where he confirmed that the UK government’s plans to support Hinkley “will not lead to undue distortions” of state aid rules, he said: “Without public support this investment cannot take place – the aid is proportionate to the needs.”Joaquín Almunia

He said the EC had been persuaded by the UK that there was no cheaper or less risky alternative to Hinkley, which will be the first nuclear power station built in Britain for almost 20 years.

Almunia (pictured right) stressed that he had assessed – and was comfortable with – the safety risks associated with nuclear. “I can assure you that I care about the risks involved in this kind of energy. I have paid attention to all the risks in this project.”

He told journalists that Hinkley would take almost ten years to build, would be operational for 60 years and cost £34bn – a significant rise on the £16bn price tag that has been quoted by EDF, which will build the plant.

The EC’s decision today was welcomed by the UK’s Nuclear Industry Association. Its chairman Lord Hutton of Furness said the approval was “an important step in securing the UK’s home-grown low-carbon electricity generation while adding jobs and prosperity to the economy”.

He added: “Reaching this decision has been a long process, but it was right the Commission should thoroughly review all the relevant issues. We look forward to EDF Energy taking its final investment decision with the interested investors. This will set in train an important time for the nuclear sector in the UK as new build projects get under way to replace the current ageing generation. It also gives certainty to other European countries looking at the UK system of contracts for difference as a mechanism to secure their own supply.”

The British union for energy and engineering construction workers, the GMB, was also enthusiastic about the EC go-ahead.

National secretary for energy Gary Smith said: "Nuclear new build is crucial to delivering low carbon electricity and keeping the lights on. Our energy infrastructure is creaking and we need to get on with this and building other nuclear power plants as a matter of urgency. This won't solve the immediate crisis in energy but the longer we delay the worse it will get and the more expensive the construction project will be.”

Smith also said that the threat of a legal challenge to the decision from Austria (see Austria confirms it will take legal action if Hinkley Point approved) was “based simply on anti-nuclear prejudice. UK civil nuclear power has run safely for generations and the new power stations will have even higher standards than in the past.”

He added: “New nuclear is expensive but so are renewables. Both renewables and nuclear need subsidies and everyone should be honest about this. Renewables are also invariably intermittent and this means we still need a dependable base load supply with back up to meet peak demand. New nuclear has to be part of the UK energy mix as a result.”Hinkley Point C

The GMB’s national officer for engineering construction, Phil Whitehurst, said: "Hinkley Point C power station is badly needed not only for the thousands of jobs it will secure in the construction industry and supply chain but also to prop up our failing energy production capacity.

“So many coal fired stations are closing and due to the indecisiveness of the government on green subsidies they are not being converted to biomass. Hinkley Point C will be built and managed under safety regimes second to none in the world.”

On the threatened Austrian challenge, the GMB said that “Austria is the EU’s most hostile nation to nuclear energy. However what happens in the UK has nothing to do with Austria. GMB respectfully ask their government not to interfere with this much needed station.”

John Cridland, director-general of the Confederation of British Industry, said: “The European Commission’s green light for Hinkley Point is a significant milestone in the United Kingdom’s energy future.

“Hinkley should set the ball rolling for the UK’s nuclear new build programme, putting us on the right path to achieving a secure and sustainable energy mix. It represents a real opportunity for growth, with the potential to create tens of thousands of jobs for people – not just in the local community, but up and down the whole country.”

Financial close announced for 24 MW Jordanian solar PV plant

October 8th, 2014

US-based solar firm SunEdison has closed financing arrangements for the construction of one of Jordan’s largest solar photovoltaic (PV) power plants, the company has announced.

Work on the $50m project is scheduled to begin in the fourth quarter of this year, with grid connection expected in late 2015.

Funding will be provided by the European Bank for Reconstruction and Development (EBRD) and the US government’s Overseas Private Investment Corporation (OPIC).

The 23.8 MW power plant is to be located in the Ma’an Governate in the southern part of the country, occupying around 50 ha of land. SunEdison’s solar modules on single-axis trackers are expected to generate 57,000 MWh/year and save 35,000 tonnes in CO2 emissions. The plant will sell its power to Jordan’s National Electric Power Company (NEPCO) under a 20-year power purchase agreement. NEPCO will also build a substation to connect the plant to the grid.

Nandita Parshad, EBRD’s Director for Power and Energy, said: "We are delighted to finance the EBRD's first renewable project in Jordan. This is a region with a rapidly growing demand for power but also with a large potential for the development of renewables. Jordan in particular is a country where solar energy can make a clean and reliable contribution to meeting rising demand and reducing dependence on expensive hydrocarbons. We are very pleased to cooperate again with OPIC in Jordan and excited to be working for the first time with SunEdison.”

Follow us: