The Moreno Valley Electric Utility (MVU) provides safe, reliable, and economical public electric service with a focus on innovative customer solutions, infrastructure enhancement, community development, and environmentally responsible resource management.
MVU’s service stretches across just over 33 sq.mi. (85 sq.km.) in southern California. Its operations are supported by a few substations and interconnection sites that together supply 202 Million kWh of energy to residential and commercial customers as well as 3,200 EV public charging stations. MVU uses a mix of conventional and renewable energy sources including Biomass & waste, Geothermal, Hydroelectric, Solar, Wind, Coal, Natural Gas and Nuclear.
When MVU decided to take its cybersecurity to the next level – as a result of rising threat levels, as well as falling below NERC CIP regulations – they turned to their trusted partner iS5 Communications, which had previously set up MVU’s entire substation communications system.
Known for its professionalism and capability to ensure high performance, security, reliability, and availability for critical infrastructure networks in harsh environments, iS5 recommended that MVU begin continuously monitoring their OT networks, as recommended by several standards including NIST CSF, NERC CIP & IEC62443. iS5 also suggested they consider iSID, an industry leading IDS from Radiflow.
After thorough evaluation of various monitoring solution vendors and seeing a demo of iSID, MVU chose to proceed with Radiflow, mainly based on:
The solution proposed by Radiflow and iS5 consisted of installing a central, virtual (using VM Ware) instance of iSID on an iS5-provided server at MVU’s headquarters.
For efficient data transfer from all substations to iSID over MVU’s LAN, a Radiflow iSAP smart collector was installed at each substation. iSAP’s proprietary packet data filtering and compression algorithm (up to 90% reduction in packet volume with no effect on operational data) prevents LAN overload by multiple substations’ data, and would eliminate the need to add bandwidth to accommodate to further expansion.
Once the project was green-lighted, the iSID software was installed on an iS5-provided server at MVU’s HQ and select substations, first as a limited-scale pilot and later in full. The deployment included remote login capabilities to be used by Radiflow and iS5 professional services, for ongoing support and provisioning, or for remote monitoring if needed.
Overall, while deployment suffered some delays due to Covid-19, the process itself, performed by iS5 and Radiflow’s professional services teams, was fairly straightforward, as noted by MVU personnel.
Operational phase started with a complete cyber assessment, which provided MVU with a comprehensive snapshot of all network assets, cyber-vulnerabilities, communication protocols, ports status and more. This assessment would be used in the following months and years to provide a roadmap for future network hardening.
One of the major aspects of the project was user education. Radiflow’s team took the time to train MVU’s OT staff in regular usage, best practices and incident escalation protocols. Follow-up training activities were included as an integral part of the project.
Since completion in mid-2022, the Radiflow-iS5 OT cybersecurity system is operational throughout the MVU OT network to the full satisfaction of the customer.
Radiflow iSID’s network maps provide drill-down visibility into all devices along with their full properties and connections
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3