How utilities block cyberattacks, become NERC CIP compliant

Power journeyProtect your assets

Cyberattacks are not only a real threat – they’re common. That’s why it’s important to invest in the right safeguards.

The North American Electric Reliability Corporation critical infrastructure protection (NERC CIP) plan is a set of requirements designed to secure the assets required for operating North America’s bulk electric system. Utilities’ NERC CIP compliance, audited annually, involves physical security and cybersecurity – especially with substations.

Megaplex SystemThe ask: NERC CIP requires utilities to have remote access to their substation configurations, including change and workflow management.

The challenge: This management is costly and complex.

The solution: An automated system that gives you secure broadband communication. By adopting such a system, utilities will:

  • Have an affordable system that provides 24-hour security for critical assets.
  • Avoid fines with NERC CIP compliance.
  • Establish authorized users and network traffic.
  • Adopt mechanisms to better understand and defend against attacks.
  • Better understand network vulnerabilities and mitigation techniques.

Case study: RAD bolsters substation security

For more than 30 years, RAD has provided the power utility industry with multiservice aggregation and, most recently, its Megaplex line of networking platforms.

Security perimeterMegaplex is a fortress against cyberattacks, and it strategically manages electronic access to a substation. It also helps utilities achieve NERC CIP compliance. Here’s how:

  • Device Connection Control (DCC): This (marked as A) provides a single point of access control through the Megaplex to each intelligent electronic device operating within the perimeter. All communication is authenticated and role-based, while each device and port is monitored and recorded.
  • SCADA-aware security layer: This (marked as B) operates as an application-specific firewall, controlling all connections within the substation perimeter. It also detects system anomalies.
  • Man in the middle attack prevention: IEEE 802.1AE (MACsec) integrity and confidentiality mechanisms (marked as C) help secure all communications to and from a substation, preventing man in the middle attacks. MACsec is set up so high-layer protocols can securely flow across the network.

Case study continued: SecFlow reinforces Megaplex security capabilities

Along with Megaplex, SecFlow helps complete an optimal security system.

SecFlow’s line of compact gateway/ruggedized switch and routers feature built-in security mechanisms designed specifically for SCADA applications that control mission-critical operations. This helps integrate multiservice functionalities that typically require dedicated communication devices to provide network access to remote sites over fiber connections or over public 3G, LTE cellular networks.

SecFlow’s defense-in-depth design provides efficient protection from insider cyberattacks. Devices are deployed to provide distributed security for smart grids, water and gas utilities, public safety and homeland security agencies, as well as intelligent transportation operators.

Access the following through SecFlow:

  • Next-generation critical infrastructure communications with advanced switching and routing functionalities.
  • Comprehensive multiservice support (IEC 61850, IEC 60870-5-104, DNP 3.0 and their serial legacy protocol equivalents) that reduces the number of network elements.
  • A top-level cybersecurity suite that boosts NERC CIP compliance levels for bulk electric systems.
  • A certified approach to meet industrial-grade requirements.
  • A field-proven method that’s been deployed worldwide.

Sample applications:

  • Ruggedized substation LAN
  • Distribution automation and smart metering backhaul
  • Oil and gas utilities communications
  • Mass public transportation communications
  • Highway communications
  • Smart city communications

A sound investment

Unprotected or low-security communication networks for substation perimeters jeopardize the reliable operations of utilities’ facilities. It’s important that utilities’ security measures are not only reliable, but smoothly migrated for NERC CIP compliance.

The solution is an all-in-one automated platform that provides secure multiservice protection.