Synopsis
A Midwest-based electric utility was looking to add a security layer to its communications network, primarily to achieve compliance with new, broader NERC CIP v6 requirements for Low Impact Cyber Security Assets.
In addition to implementing LERC/LEAP initiatives for the purpose of compliance, the utility took the opportunity to leverage the project and further upgrade the existing substations networks with the latest security technology. After researching and testing multiple systems, the utility finally chose Radiflow.
The Challenge
Several requirements needed to be met to support the network project:
The Solution
For this project the utility chose Radiflow’s 3180 Ruggedized Security Gateway. It has the capability to monitor traffic and send syslog connection data messages back to a central server. This allows the operator to examine traffic patterns and create specific firewall rules that can be loaded back into the 3180.
For secure remote access the 3180 offers a unique, highly granular feature called APA (Authentication Proxy Access). APA allows the operator to define specific date/time/user/device/protocol parameters for remote IED access. Once a technician has authenticated into a 3180 successfully, a PCAP record is generated and stored for future network forensics.
The 3180’s DIN-rail mounting and compact size make it perfect for small enclosures, while supporting a variety of interfaces – Copper and Fiber Ethernet, serial and even dual-cellular ports. Support for multiple 3G/4G networks assures continuous connectivity without overloading the limited microwave links.
The Radiflow 3180 gateway can be ordered with serial RS232 or RS485 interfaces to support legacy applications via terminal server application.
The 3180 switch meets and exceeds the rigorous requirements for IEEE1613 and IEC61850-3 certifications, which define the benchmark standards for communication devices within power utility environments.
In addition to the 3180 Gateway, the project included Radiflow’s iSIM management tool, as well as the iSID Industrial Cyber Security & Intrusion Detection System.
Radiflow’s iSIM is a powerful centralized management tool for provisioning all the features on the 3180, including ACL management. It presents a network topology map in both logical tree structure and graphical map. Additionally, it supports pre-scheduled software updates and database backups for Radiflow switch products.
Radiflow’s iSID Industrial Cyber Security & Intrusion Detection System enables mapping application flows in sub-stations, which in turn allows writing more accurate and more secure firewall rules, in preparation for firewall deployment. Furthermore, used as a passive monitoring tool, iSID can further detect and alert on any anomalies in the sub-stations using its six security engines. It continuously checks for known vulnerabilities (signatures) and anomalies and is able to alert SIEM systems of potential attacks.
Final Decision
Factors that pushed Radiflow into the winner circle included:
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3