Secondary Substation Communication in a Smart Grid Network
Smart grid refers to the use of information technology to intelligently deliver energy to customers by using a two-way communication. However, while the convergence of the electric grid with information and communications technology creates a platform for value creation and the provision of new services beyond energy, these grids introduce a unique challenges, stemming from the information technology incorporated into the electrical power grid.
Smart grids have been gaining popularity in recent years, evident by the rapid pace of smart grid deployment by Advanced Power Distribution Operator (DSOs).
At the distribution layer, the process included installation of smart metering concentrators and grid automation devices in the secondary substations sites. Those sites are usually very small, distributed and with limited wire-line connectivity.
These operating conditions present a large number of vulnerabilities, including exposure of networked meter data and power companies’ -computers and those of customers could all be vulnerable to tampering.
Radiflow’s approach to securing smart grids combines the iSID industrial threat detection system, the CIARA risk assessment and management system, and the iSEG-3180 secure ruggedized gateway.
Multi-Layered Cyber Protection
Radiflow’s solution smart grids provides multi-layered cyber-protection, adaptable to the unique challenges they present.
The iSID Industrial Threat Detection system is a server-based software that analyzes all OT network traffic (via mirrored stream) to generate and display a network topology model, which serves as a baseline for detecting exceptions on the network. iSID packs six detection engines, each for a distinct threat vector or operational aspect: network visibility, maintenance management, cyber attack detection, policy monitoring and enforcement, anomaly detection and operational behavior measuring.
iSID incorporates the iSAP Smart Probe is a cost effective solution that enables collection of data from sub-networks to a central iSID server making it ideal for large chemical facilities with multiple primary DCS networks and secondary SCADA/PLC networks. iSAP enables sending data traffic to a central iSID without taxing the network, thanks to Radiflow’s advanced industrial compression algorithms.
The CIARA risk assessment & management platform helps ICS operators gain insight into their overall network risk as well as the risk introduced by each networked device and business process. Based on mutiple soucres of threat intelligence, and in strict compliance with the IEC 62443 standard, CIARA provides a prioritized list of mitigations aimed at optimizing cybersecurity expenditure by focusing on the attacker tactics, and their corresponding mitigations, that are relevant to the operator’s region and sector.
The Radiflow 3180 secure ruggedized gateway is ideally suited for deployment in secondary substation sites. It is compliant with IEC 61850-3/IEEE 1613 and offers an authentication Proxy Access (APA) for pre-configured task-based access; Integrated Dual cellular modem which enables redundant backhaul connectivity; extensive security capabilities including SCADA service-aware Firewall and IPsec VPN with certificates; and support for Ethernet and Serial interfaces to connect modern and legacy metering and automation devices, and SCADA protocol gateway for migrating legacy RTUs to an IP-based SCADA system.