West Burton Energy

West Burton Energy Reduces Threat-Detection Alerts by 98% and Improves Efficiency by 87% Using Tenable OT Security

In 2022, nearly 11%* of cyber attacks targeted energy companies, so for power plants, healthy OT systems are crucial for high uptime and safety, as they control and monitor essential equipment, such as generators, turbines, transformers, and more.

As an important part of the UK’s critical infrastructure, West Burton Energy takes a proactive approach to secure its OT network and assets. The InfoSec team uses Tenable OT Security for in-depth asset visibility, asset inventory, and OT vulnerability management to ensure the safety of its employees, while guaranteeing reliable energy generation and delivery to its customers.

West Burton has reduced the time and resources needed to manually manage their asset inventory, saving more than 200 hours per year. Additionally, they were able to create efficiencies in identifying, mitigating and remediating OT vulnerabilities.

Proper OT security requires a proactive approach to asset and network safety in order to stop cyber attacks before they start. West Burton chose Tenable OT Security for OT asset visibility, OT vulnerability management, and threat detection – a set of use cases that have proven challenging for so many companies in the power industry. West Burton has reduced the number of threat detection alerts by more than 98% compared to their previous solution – a time savings of more than 87%. Rather than chasing false positives, the team can focus on remediating the security alerts that put operations at the greatest risk.

“We are a critical infrastructure organization, so although our InfoSec team is relatively small, we have to minimize risk and harden our cyber resilience,” says Tom Keyworth, C&I Engineer. “Tenable OT Security gives us comprehensive visibility without burdening us with labor-intensive workloads.”

Error-prone processes had InfoSec team looking for a better way

Keeping the lights on in the UK, West Burton Energy is an advanced and efficient Combined Cycle Gas Turbine (CCGT) plant and 49 MW battery energy storage facility that delivers 1,333 MW of power to the National Grid; enough electricity to power 1.5 million homes and businesses.

In 2021, West Burton spun off from EDF Energy resulting in a three-member security team responsible for securing their entire OT environment with a product alerting on far too many false positive threat notifications. They had to handle engineering changes in the OT environment, new projects, and the decommissioning of older systems, leaving the team with a significant workload.

Dealing with original equipment manufacturers (OEMs) was especially painful. The InfoSec team relied on the knowledge of the plant engineers and various OEMs to keep track of assets, which involved a laborious, error-prone and spreadsheet-driven process.

“Between waiting on OEMs to perform preventative maintenance and patches, and with status reports lagging by days or even weeks, we spent several hours per week just managing asset lists,” notes Keyworth.

“We relied on the OEM issuing technical advice letters and alerts to make us aware of CVEs that might be relevant to a specific asset,” adds James Cartwright, C&I Engineer. “It wasn’t unusual for us to spend several hours investigating the issue only to discover that we didn’t even have the equipment in question.”

Keeping the front office informed about the OT vulnerabilities, and remediation statuses and overall cyber risk is also paramount, but it in the past wasn't always easy to deliver in a way that was both timely and user friendly.

“We struggled to safely and securely move data from the OT environment and display it to corporate IT users in a way that makes sense is important,” says Cartwright.

To overcome these challenges and bolster its cyber resilience, West Burton wanted to check several important boxes, including:

• Visibility of OT assets on the OT network without impacting uptime and availability
• A centralized asset inventory to move away from a time-consuming manual process, without disrupting the operation of modern and legacy systems
• Ability to demonstrate compliance to regulators with confidence
• Clear remediation and mitigation strategies to adhere to the company’s acceptable level of risk
• Using the most up-to-date OT vulnerability database to reduce false positives

That’s when Keyworth and the team set out to find a new solution to secure its OT environment and ensure leadership had a complete understanding of the plant’s complexity and associated risks.

Tenable OT Security – purpose built to safeguard converged IT/OT industrial environments without disrupting productivity

Tenable OT Security brings visibility, security, and control to industrial environments, critical infrastructure and more, helping organizations maintain productivity, meet compliance requirements, and stay safe from cyber attacks.

Using a patented hybrid discovery approach to safely gain visibility into devices and cyber-physical systems without causing disruption, Tenable OT Security delivers a complete asset inventory along with deep situational awareness across all global sites, all in a single interface.

Tenable OT Security lets organizations prioritize action and enables their IT and OT security teams to work better together.

Plant team manages remediations and delivers actionable data to front office

Tenable OT Security was initially deployed in 2022, providing Keyworth and Cartwright with complete visibility and control over the West Burton B’s operations, which includes countless assets which may or may not be supported by the many OEMs charged with maintaining the plant’s myriad of equipment.

“We use Tenable OT Security to identify vulnerabilities and maintain a complete asset list, sometimes surfacing issues that our OEMs either don’t know exist or no longer support,” says Keyworth. “Then as part of our workflow we import everything into Tenable Security Center for scoring, prioritization and to track how we are reducing vulnerabilities asset by asset as we remediate.”

When facing a situation where a vulnerability simply can’t be remediated, such as on a piece of legacy OT equipment that is no longer supported, the team uses Tenable to assess the acceptable level of risk. The team can then implement measures to prevent access to those systems and keep leadership informed.

“With Tenable OT Security, the data is visible on the wall,” says Cartwright. “Vulnerabilities are fed into an alerting system, and if we install a new device the asset list is updated in an automated way.”

“The front office has the data they want, they understand where it came from, and more importantly, they know what it means,” adds Keyworth.

InfoSec team optimizes OT Security, saves time and streamlines compliance

Most organizations view any opportunity to increase efficiency as a win, but for a small team spread thin, process and time-savings improvements mean even more. Today, West Burton actually spends more time on vulnerability management than ever before. And that’s a good thing.

Prior to implementing Tenable, the InfoSec team didn't have a complete picture of what was vulnerable, often waiting months for an OEM to issue technical advice letters and alerts to make the team aware of CVEs that might be relevant to a specific asset. What’s more, it wasn’t unusual for the team to spend hours investigating an issue only to discover that they didn’t even have the equipment in question.

“Using Tenable OT Security we can identify vulnerabilities early in the process, review the published CVE documentation and implement remediation and security restrictions without waiting for the OEMs,” says Keyworth. “Not only can we challenge the OEM guidance from an informed position, but we’ve taken the 200-plus hours per year saved by eliminating manual asset management and applied them to the time we spend on critical vulnerability management efforts.”

West Burton uses Tenable Nessus, built into Tenable OT Security, within one of its OT environments to scan Windows servers and network switches and other IT equipment. Simply initiating a scan across the entire Windows environment helps the team discover vulnerabilities, for example, from the impact of an OEM’s latest release or a version of software that is out of date.

“From patch level through to programs and everything installed on a machine, Tenable Nessus highlights vulnerabilities that the OEM probably never thought to look for,” says Keyworth. “Tenable has earned our confidence to embed Tenable Nessus within our OT environment. From a vulnerability management perspective this puts us far above what we’d have been able to achieve without it.”

“Tenable OT Security plus the Tenable Nessus scanner provides far richer data that we had before,” adds Cartwright. “It allows us to use Active Query to communicate with and discover OT assets, and IT assets as well – all in one solution, which eliminates additional costs and saves time. It would’ve saved our team many hours of effort during Log4j.”

Fewer false positives also provides new freedom for the team. The passive tool that was in place prior to the corporate separation was alerting on more than 500 possible vulnerabilities per day – some 182,000 per year. Today that number clocks in at only 50 per day.

“With Tenable OT Security tuned and trained to prevent false positives we’ve reduced the number of reported events by 98%, resulting in tremendous time savings,” says Keyworth. “What used to take two days per week to manage now takes only a few hours, and we’ve improved efficiency by 87%.”

“Tenable OT Security does a lot, but it isn’t a ‘fit-and-forget’ solution – nor should it be,” adds Cartwright. “You have to invest the time and effort to configure the product to understand what ‘normal’ looks like on your network, because that’s where you’ll derive true business value.”

Keyworth agrees. “How do you see the woods for the trees if you don’t condition the solution to understand your OT environment? I think many people buy these bits of kit, install them, and it ticks loads of boxes from a compliance perspective, but the results that are returned aren’t worth the digital paper it’s written on.”

Speaking of compliance, West Burton and the auditors are confident in the results reported by Tenable OT Security versus manual processes. Keyworth explains that the accelerated pace of the OT and IT environment no longer allows for spreadsheets and handwritten records to be a viable source of truth.

“It would be very difficult to demonstrate compliance without a tool like Tenable OT Security. The time savings is virtually immeasurable,” says Keyworth. “It gives auditors a level of assurance that you are doing the correct things. From the asset list to risk scoring, Tenable makes the whole compliance piece so much easier.”

West Burton appreciates culture of teamwork and respect

West Burton’s decision to implement Tenable OT Security was as much about the Tenable team as it was about the technology. Having confidence in support and responsiveness for the long haul was the differentiator.

“We looked at a number of products, but right from the start it was clear that Tenable appreciates our experiences, understands where we want to go, and just as importantly, values our input about how to make the product even better,” says Keyworth. “So often a vendor makes a sale and walks away, but from day one we’ve been plugged into an engineering and R&D team with deep knowledge and a genuine interest in helping us reach and exceed our goals.”