Securing On-Site Operations and Remote Access
Supervisory Control and Data Acquisition (SCADA) systems are used for controlling utility operations such as electric power, water and renewable energy.
In the case of solar fields and wind farms, usually there are both an on-site SCADA system for controlling the local PLCs and remote access for monitoring the site’s performance and for maintenance.
With the migration to renewable energy sources on the rise, their role in the overall national power supply has become critical. As such, their SCADA systems are becoming a primary target for cyber-attacks.
Renewable power plants are usually located in remote, isolated areas, and they tend to have a complex composition of stakeholders, including the plant owner who usually manages several sites, the system integrator in charge of ongoing operation and maintenance, and the power utility that purchases the electricity.
As such, renewable power facilities face operational scenarios that are not only complex but also the cause of multiple vulnerabilities.
Comprehensive Cyber-Security for Renewable Energy Plants
Radiflow offers a comprehensive cyber security solution for distributed renewable power plants. The solution consists of Radiflow’s detection & monitoring solution, centered around the iSID industrial threat detection & monitoring system, which also includes the iSAP smart collectors for low-bandwidth transmission of data traffic from remote sites to a central instance of iSID and the iCEN management dashboard for multiple instances of iSID; the iSEG line of secure DPI-firewalled gateways; and the CIARA OT risk assessment & management platform.
The combination of the iSID threat detection system and the iSEG line of gateways enables the detection of sophisticated cyber-attacks aimed at disrupting operational processes or changing the data parameters of networked devices before they are sent to the control center.
The secure gateway provides the option to remotely connect to the renewable power site over secure VPN tunnels, with different access rights for each stakeholder. The gateway’s native authentication proxy authenticates each remote user and restricts the user’s access according to his predefined tasks (e.g. which PLC to access, during which time-slot, types of commands approved for use, etc.) All remote sessions are recorded for auditing purposes.
iSID passively scans the network and creates a baseline model of its normal behavior. Once the operator approves the normal behavior model, the IDS is able to detect anomalies in the operational network’s behavior and alert the operator. Such anomalies may indicate an insider attack (e.g. a malware on one of the PLCs) that couldn’t have been detected by the secure gateway.
Finally, CIA (Confidentiality, Integrity & Availability, as well as Safety) per-business process risk evaluation and ongoing mitigation, using Radiflow CIARA.
iSID: Industrial Threat Detection System
- Network visibility: Display all network assets and any changes in their connectivity based on self-learning of the SCADA network through passive scanning of all data transactions.
- Maintenance management: Monitor and log the activities done during maintenance sessions according to pre-configured policies.
- Anomaly detection: detection of abnormal activity such as changes in the sequence of the SCADA process, abnormal memory access and firmware changes, based on the normal application behavioral model created by the IDS.
CIARA: Industrial Risk Analysis & Management
- Accurate risk calculation: Assess the actual business-related impact of cyber-risk in OT networks with uniqueu00a0calculation of likelihood of attack
- Actionable recommendations: Plain-language, prioritized mitigation recommendations
- Treat intelligence: TI-based risk analytics and risk impact reports, based on multiple sources for attacker tactics and techniques
- Compliance: Strict compliance with the IEC 62443 standard
iSEG RF-3180 Secure Gateway
- Authentication Proxy Access (APA): validate technician credentials and provide pre-configured task-based access, as well as a detailed log of all user activity during each remote access session.
- DPI Firewall: validates each SCADA session behavior using a Deep Packet Inspection firewall.
- VPN: end-to-end IPsec VPN for secure communications between the control center and the photo-voltaic field.
- Cellular: 2G/3G/LTE cellular modem with dual SIM cards for operator redundancy.
- Environment: the secure gateway’s hardware is compliant with the IEC 61850-3/IEEE 1613 requirements for operation in harsh environments such as HV/MV substations.