OT Cybersecurity for Substations with On-Site IDS (Threat Detection & Monitoring)

Comprehensive Security for Critical Utilities

Supervisory Control and Data Acquisition (SCADA) systems are used for controlling industrial automation operations at utilities such as electric power, water and oil. In the case of power utilities the SCADA function is fulfilled by Distribution Management Systems (DMS). These SCADA systems are responsible for controlling highly critical operations, making them, especially over the last decade, a primary target for cyber-attacks. 

Due to their complexity and criticality, and to meet relevant governing standards and regulations, cyber-protecting power substations requires an integrated system that goes beyond firewall protection, as much of the vulnerabilities in today’s Industry 4.0 automation networks stem from inter-communication between devices, which may not be intercepted by on-site firewalls typically designed to handle incoming and outgoing traffic.

In addition, the rise of standards and regulations for the power generation sector, such as NERC-CIP regulations for protecting Bulk Electric Systems (BES) and IEC 62443 for Industrial Automation and Control Systems, requires that any cyber-security solution installed would be compliant with all mandatory standards.

Radiflow’s multi-tiered solution suite for critical industrial control networks (ICS) covers all facets in the protection, monitoring and management needs of critical OT networks:

  • iSID threat detection & monitoring platform, for the detection, prevention and ongoing monitoring of attack attempts
  • A complete visual model of the OT network: assets, connections, protocols and vulnerabilities
  • Intelligent alerting upon anomalous network behavior and changes to devices
  • Management of network and device vulnerabilities
  • CIA (Confidentiality, Integrity & Availability, as well as Safety) per-business process risk evaluation and ongoing mitigation, using Radiflow CIARA
  • Management of physical and virtual access into the OT network, with Industrial DPI firewall capabilties

Three-Tier Protection

iSID: Industrial Threat & Vulnerability Detection

  • System-wide visibility
  • Auto-learning of assets, links & business processes
  • Multiple security engines; Attack Vector Analysis
  • Non-intrusive DPI analysis
  • PLC monitoring for configuration changes
  • Central or local (on-site) deployment

iCEN: Central Monitoring & Management for iSID

  • System-wide view of assets, iSID health, alerts & maintenance status
  • Centralized provisioning
  • Dual display modes: map and tabular
  • Local and remote (using AD) user management
  • Ideal for OT-MSSPs

iSAP: Smart OT Data Traffic Collector

  • Collection of all LAN traffic via port mirroring
  • Compressed, filtered stream with unidirectional encrypted tunneling, for low-bandwidth connections
  • Single iSAP per remote site

iSEG: Secure DPI-Firewall Gateways

  • Authentication Proxy Access (APA) for user authentication & pre-configured task-based access
  • User activity log within each remote access session for compliance & auditing; validation of user behavior using a per-port DPI firewall
  • IPsec VPN for secure inter-site connectivity between manufacturing facilities
  • Ruggedized appliances with Ethernet & Serial interfaces
  • iSIM remote management dashboard for large iSEG arrays

CIARA: Industrial Risk Analysis & Management

  • Assess the actual business-related impact of cyber-risk in OT networks with unique calculation of likelihood of attack
  • Plain-language, prioritized mitigation recommendations
  • Treat intelligence (TI)-based risk analytics and risk impact reports
  • IEC 62443 reporting support

iSOC: MSSP Framework

  • iSID and CIARA Optimized operation in OT-MSSP SOC setting
  • iCEN for managing multiple instances of iSID
  • Integration with leading industry CVE vulnerability database update and alert feeds

On-Site or Central Deployment

To comply with cyber defense requirements, Radiflow’s IDS, the iSID threat detection & monitoring platform, can be installed at a central location (e.g. corporate or OT-MSSP SOC) which supports multiple sites, or deployed on-site at select remote sites, with or without an additional central deployment of iSID.

The consideration whether to deploy iSID at a central location or on-site depends on how crucial is the remote site and how complex its network.

As a rule, iSID should be installed on-site at critical sites (as defined by the operator), where the complexity of the network exposes it to in-field attacks. This is usually the case in large sites that host a large number of often-unprotected devices, making it extremely difficult to detect the source and the pattern of cyber-attacks.

In the case of on-site deployment, all iSID systems are managed from a central location using the iCEN management solution for mutiple instances of iSID.

Radiflow’s iCEN provides efficient access and management of multiple local instances of iSID through a simple map-based interface. 

Implementation

SCADA Solutions for water systems