electricity – Waterfall Security Solutions https://waterfall-security.com Unbreachable OT security, unlimited OT connectivity Tue, 09 Sep 2025 08:50:27 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 https://waterfall-security.com/wp-content/uploads/2023/09/cropped-favicon2-2-32x32.png electricity – Waterfall Security Solutions https://waterfall-security.com 32 32 Cybersecurity For Hydropower Generation https://waterfall-security.com/ot-insights-center/power/cybersecurity-for-hydropower-generation/ Tue, 23 May 2017 08:58:00 +0000 https://waterfall-security.com/?p=10402 Compliance with NERC-CIP standards while protect critical assets from cyberattacks and protecting operational and business processes efficiencies.

The post Cybersecurity For Hydropower Generation appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterPowerCybersecurity For Hydropower Generation

Cybersecurity For Hydropower Generation

Protecting The Connected Hydropower Plant From Evolving Cyber Threats
Cybersecurity For Hydropower Generation
Customer/ Partner:

Canadian power generation company.

Customer Requirement:

To comply with NERC-CIP standards and protect critical assets from cyberattacks while protecting operational and business processes efficiency.

Waterfall’s Unidirectional Solution:

Secure the control system network perimeter from external threats with Unidirectional Security Gateways, and enable Real-Time Enterprise Connectivity & 3rd Party Monitoring creating fully operational OSIsoft PI, GE OSM turbine monitoring, and ICCP server replicas.

The Growing Hydropower Industry And Facing Modern Cyber Threats

With an average growth of 4% per year, hydropower has become the leading renewable source for electricity generation – globally supplying 71% of all renewable electricity. Today, hydropower offers not only clean energy but its infrastructure is also used for freshwater management, such as water supply, and flood management. The importance of hydropower has increased significantly in the past decade, leading to the adoption of innovative technology, advanced control systems, and stronger equipment.

When malicious attackers gain access to an industrial control system they are able to sabotage industrial control and safety processes, leading to costly outages, damaged turbines, threats to personnel safety and even environmental disasters. This is why NERC CIP and other industrial security regulations urge operators to thoroughly secure IT/OT interconnections in order to protect these highrisk access points against cyber terrorism and other attacks. The question is – how to achieve 100% protection from remote cyber threats?

The Challenge icon
The challenge

To secure the safe, reliable and continuous operation of hydropower control and safety networks from threats emanating from less trusted external networks, yet still provide real-time access to operations data to enterprise users and applications, as well as to turbine vendors and other third parties. The control systems in modern plants are responsible for power generation and water supply which ultimately affect the lives of millions of people. Protecting these critical assets with software (firewalls or other IT security measures) is not enough as all software by nature can be compromised.

Waterfall solution - icon
Waterfall solution

A Waterfall Unidirectional Gateway was installed between the industrial control system network and the enterprise network. Unidirectional Gateway software connectors replicate OSISoft PI, GE OSM, and ICCP servers from the control network to the enterprise network where enterprise clients can interact normally and bi-directionally with the replicas. A file server replication connector was also deployed, to eliminate the routine use of USB drives and other removable media. Enterprise users and applications, as well as vendors and NERC Balancing Authorities interact bi-directionally with replica servers, while the Unidirectional Gateway hardware physically prevents any Internet-based attack from reaching protected control networks.

Results and benefits - icon
Results & benefits

100% Security: The industrial network is now physically protected from threats emanating from external, less-trusted networks.

100% Visibility: The enterprise network continues to operate as if nothing has changed. Instead of accessing servers on the critical operational network, users on the external network now access real-time data from replicated servers for all informational and analytical requirements.

100% Compliance: Unidirectional Gateways are recognized by the NERC CIP standards, as well as other North American and global industrial cyber security standards and regulations.

vertical red line
Theory of Operation
Click to enlarge

Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and industrial control networks from attacks emanating from external less-trusted networks. Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/ laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected industrial network. The Gateways enable vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. Unidirectional Gateways replicate servers, emulate industrial devices and translate industrial data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments.

vertical red line
Unidirectional Security Gateways Benefits:

arrow red rightSafe integration of hydropower safety & control systems with external networks

arrow red rightSafe, continuous monitoring of critical systems

arrow red rightCompliance with industrial cyber-security regulations, standards and best-practice guidance, including NERC CIP

arrow red rightSafe cloud vendor/services supply chain integration

arrow red rightReplacing at least one of the layers of firewalls in a defense-indepth architecture with Unidirectional Gateways breaks the chain of malware infection and prevents pivoting attacks from less-trusted IT networks

vertical red line
Global Cybersecurity Standards Recommend Unidirectional Security Gateways

Waterfall Security is the market leader in Unidirectional Gateway technology with installations at critical infrastructure sites across the globe. The enhanced level of protection provided by Waterfall’s Unidirectional Security Gateway technology is recognized as best practice by many leading industry standards bodies, including NIST, ANSSI, NERC CIP, the ISA, the US DHS, ENISA and many more.

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Cybersecurity For Hydropower Generation appeared first on Waterfall Security Solutions.

]]> Cybersecurity For Electric Substations https://waterfall-security.com/ot-insights-center/power/cybersecurity-for-electric-substations/ Sat, 08 Apr 2017 08:16:00 +0000 https://waterfall-security.com/?p=10303 Compliance with NERC-CIP standards while protecting critical assets from cyberattacks and ensuring operational and business process efficiency.

The post Cybersecurity For Electric Substations appeared first on Waterfall Security Solutions.

]]>
OT Insights CenterPowerCybersecurity For Electric Substations

Cybersecurity For Electric Substations

Protecting The Connected Substation From Evolving Cyber Threats
Cybersecurity For Electric Substations
Customer/ Partner:

American transmission utility.

Customer Requirement:

To comply with NERC-CIP standards and protect critical assets from cyberattacks while protecting operational and business process efficiency.

Waterfall’s Unidirectional Solution:

Secure substation network perimeters from external threats with Unidirectional Security Gateways, while enabling compliance with NERC CIP regulations and safe monitoring by central Energy Management and SCADA systems.

Modern Threats To High Voltage Substations

High voltage substations are vital to the reliable operation of the bulk electric system. High voltage substations have been targeted in recent attacks though – compromised substations have been used to interrupt power flows to consumers, industries and critical infrastructures such as drinking water purification systems and vital government and military installations. When transmission substations are targeted, there is the potential for cascading failures when the demand for power is high. When substation protective relays are targeted, there is the potential for physical damage to transformers and other vital physical infrastructure. It is for these reasons that regulators in many geographies require electric utilities to provide strong protection for substation control equipment and protective relays

The Challenge icon
The challenge

To secure the safe, reliable and continuous operation of high voltage substations from threats emanating from SCADA Wide Area Networks (WAN) and other external sources, yet still provide central EMS/SCADA systems, Information Technology (IT) users and substation vendors with real-time access to substation data. In particular, ensure that substation protective relays are protected from compromise, to prevent damage to high-voltage equipment.

Waterfall solution - icon
Waterfall solution

A Waterfall Unidirectional Gateway was installed in all substations with physical equipment operating at or above 100KV. Gateway software connectors replicate protective relay event files to a central site for analysis by power engineers. Gateway software also replicates relay and Remote Terminal Unit (RTU) DNP3 servers. Central EMS/SCADA systems interact normally and bi-directionally with the replica servers, sending them poll requests and configuring reporting by exception. Unidirectional Gateway hardware physically prevents any external threat from reaching into and impairing substation or protective relay operations.

Results and benefits - icon
Results & benefits

100% Security: Critical substation relay networks and control networks are physically protected from threats emanating from external, less-trusted networks.

100% Visibility: The central EMS/ SCADA system continues to operate normally. Instead of accessing substation servers directly, the system transparently accesses emulated devices for safe monitoring of substation equipment.

100% Compliance: Unidirectional Gate-ways are recognized by the NERC CIP, French ANSSI and other standards, and regulations as providing the strongest possible network perimeter protections.

vertical red line
Theory of Operation
Click to enlarge

Waterfall Unidirectional Security Gateways replace firewalls in high voltage substation environments, providing absolute protection to protective relays and Remote Terminal Units from attacks emanating from external, less-trusted networks. Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected industrial network. The Gateways enable relay event reporting, vendor monitoring and safe monitoring of substation equipment by distant EMS/SCADA systems. Unidirectional Gateways replicate servers, emulate industrial devices and translate industrial data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments. 

vertical red line
Unidirectional Security Gateways Benefits:

arrow red rightSafe, continuous monitoring of protective relays and RTU equipment by central EMS/SCADA systems

arrow red rightPrompt reporting of protective relay trip events to central power engineering teams for analysis and response

arrow red rightAbsolute protection from online attacks from external networks 

arrow red rightSupport for current and future substation environments and requirements, including DIN-rail form factor and support for DNP3, IEC 60870-5, IEC 61850 Edition 2, IEC 61850 GOOSE and IEC 61850 MMS

Share

Trending posts

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

The post Cybersecurity For Electric Substations appeared first on Waterfall Security Solutions.

]]>