Securing On-Site Operations and Remote Access
Supervisory Control and Data Acquisition (SCADA) systems are used for controlling utility operations such as electric power, water and renewable energy. In the case of solar fields and wind farms, usually there are both an on-site SCADA system for controlling the local PLCs and remote access for monitoring the site’s performance and for maintenance.
With the migration to renewable energy sources on the rise, their role in the overall national power supply has become critical. As such, their SCADA systems are becoming a primary target for cyber-attacks.
Renewable power plants are usually located in remote, isolated areas, and they tend to have a complex composition of stakeholders, including the plant owner who usually manages several sites, the system integrator in charge of ongoing operation and maintenance, and the power utility that purchases the electricity. As such, renewable power facilities face operational scenarios that are not only complex but also the cause of multiple vulnerabilities.
Radiflow offers a comprehensive cyber security solution for distributed renewable power plants. The solution consists of a secure gateway for remote access to sites, as well as an IDS (Intrusion Detection System) for monitoring local operations.
The combination of the secure gateway and the IDS enables the detection of sophisticated cyber-attacks aimed at disrupting operational processes or changing the data parameters of networked devices before they are sent to the control center.
The secure gateway provides the option to remotely connect to the renewable power site over secure VPN tunnels, with different access rights for each stakeholder. The gateway’s native authentication proxy authenticates each remote user and restricts the user’s access according to his predefined tasks (e.g. which PLC to access, during which time-slot, types of commands approved for use, etc.) All remote sessions are recorded for auditing purposes.
The IDS passively scans the network and creates a baseline model of its normal behavior. Once the operator approves the normal behavior model, the IDS is able to detect anomalies in the operational network’s behavior and alert the operator. Such anomalies may indicate an insider attack (e.g. a malware on one of the PLCs) that couldn’t have been detected by the secure gateway.
Intrusion Detection System (IDS)
- Network visibility: Display all network assets and any changes in their connectivity based on self-learning of the SCADA network through passive scanning of all data transactions.
- Maintenance management: Monitor and log the activities done during maintenance sessions according to pre-configured policies.
- Anomaly detection: detection of abnormal activity such as changes in the sequence of the SCADA process, abnormal memory access and firmware changes, based on the normal application behavioral model created by the IDS.
- Authentication Proxy Access (APA): validate technician credentials and provide preconfigured task-based access, as well as a detailed log of all user activity during each remote access session.
- DPI Firewall: validates each SCADA session behavior using a Deep Packet Inspection firewall.
- VPN: end-to-end IPsec VPN for secure communications between the control center and the photovoltaic field.
- Cellular: 2G/3G/LTE cellular modem with dual SIM cards for operator redundancy.
- Environment: the secure gateway’s hardware is compliant with the IEC 61850-3/IEEE 1613 requirements for operation in harsh environments such as HV/MV substations.