Cybersecurity threats on the energy industry represent unacceptable risks to rotating equipment, reliable operations and employee and public safety.
Unidirectional Security Gateway products and technologies are deployed routinely at generating sites to provide stronger-than-firewall solutions for reliability-critical equipment and control systems. Unidirectional Security Gateways provide safe IT/OT integration by replicating industrial servers and devices from generating networks to business networks through a system of hardware modules that physically prevents any attack from reaching back into the protected critical control system network.
Unidirectional Gateways replace one level of firewalls in an industrial Defence in Depth architecture. Firewalls have proven inadequate as a primary perimeter cyber defence for ICS as every bidirectional path through a firewall has the potential to allow attacks back into the critical network. Unidirectional Security Gateways enable safe IT/OT integration, without the serious security risks that always accompany firewalls.
Routinely-deployed unidirectional use cases include:
- IT/OT integration
- Control system vendor and turbine vendor monitoring and diagnostics
- Generation dispatch center / ICCP communications
- Protecting protective relays
- Protecting safety systems
- Secure historian database replication
- Secure OPC server replication
- Secure ICCP server replication
- Remote Screen View
- NERC CIP V5 and V6 standards
- French ANSSI control system security standards
Plus many other control system security standards, regulations and best practice guidelines world-wide. The North American NERC CIP V5 and V6 standards provide for significant reductions in CIP compliance costs and CIP compliance obligations at unidirectionally-protected sites, thus reflecting the reduced risk to electric system reliability from unidirectionally-protected sites.
Firewalls and IT-centric security provisions provide insufficient protection to generating units and generating control systems. Turbines and generators after all, cannot be “restored from backup” the way IT systems can. Generating units are not expendable. The time has come to deploy Unidirectional Security Gateways instead of firewalls to enable safe IT/OT integration at generating sites.