OT Insights CenterSafety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering

Safety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering

The industrial internet is coming. Reap almost all the benefits with almost none of the risks.

The Industrial Internet of Things (IIoT) is the future of automation in power generation and many other industries. The IIoT promises huge gains in efficiency and flexibility, with cloud-based systems and decision-making at the heart of these gains. Today, even safety-critical and critical-infrastructure (CI) decision-making is moving steadily out into the cloud.

But safety-critical and CI systems deserve engineering-grade cybersecurity. So, how can we provide this for Internet-based clouds?

Watch the webinar where we will look at the problem from the perspective of the new Cyber-Informed Engineering (CIE) initiative and dig into 7 design patterns for different kinds of safety-critical, cloud-based systems. 

In this webinar Andrew Ginter takes us through:

Review the limitations of traditional IT-grade cyber protections for cloud systems.

Explore seven engineering-grade designs for protecting safety-critical and reliability-critical clouds.

Propose design principles for evaluating critical cloud designs.

For practitioners in power generation, OT security, or other critical infrastructures, this is an opportunity to explore two leading edges: the Industrial Internet (future of automation) and CIE (future of OT security).

We hope you can watch the webinar.

About the Speaker

Andrew Ginter

Andrew Ginter is the most widely-read author in the industrial security space, with over 23,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.

Share

Trending posts

Secure Industrial Remote Access Solutions

August 28, 2025

Remoting Into Renewables – the latest guidelines for secure remote access applied to renewables generation

August 28, 2025

NIS2 and the Cyber Resilience Act (CRA) – Episode 142

August 18, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post Safety-Critical Clouds in Power Generation – 7 Designs Using Cyber-Informed Engineering appeared first on Waterfall Security Solutions.

OT Insights CenterPowerWebinar: Industry-Specific 62443 Insights for Power Generation

Webinar: Industry-Specific 62443 Insights for Power Generation

Watch the webinar for an in-depth session that goes beyond the buzzwords and provides practical, industry-specific guidance on applying the ISA/IEC 62443 standards to safeguard critical power infrastructure

The ISA/IEC 62443 standards provide a robust framework for enhancing cybersecurity across various industries, yet interpreting the standards in power generation presents unique challenges and opportunities.

Whether you’re a cybersecurity professional, OT engineer, or industry leader, watch the webinar recording for an in-depth webinar that goes beyond the buzzwords and provides practical, industry-specific guidance on applying the ISA/IEC 62443 standards to safeguard critical power infrastructure.

In this webinar, Dr. Jesus Molina takes us through:

Decoding the complexities of 62443: Gain a clear understanding of the standards, their structure, and how they apply to power generation

Navigating the implementation challenges: Learn how to address the unique needs of safety-critical and equipment protection sub-networks.

Adopting a consequence-driven approach: Discover how to conduct effective risk assessments that account for high-impact, low-probability scenarios.

 Architect secure networks: Implement zoning and interconnected structures that enhance OT resilience.

 Strengthen defenses beyond SL4: Explore engineering-grade controls to complement cybersecurity measures and reduce reliance on expensive SL4 classifications.

About the Speaker

Dr. Jesus Molina

Jesus Molina is Waterfall’s Director of Industrial Security. He is a security expert in both OT and IT security. A former hacker, his research on offensive security in industrial systems has been echoed by many publications and media, including Wired and NPR. Mr. Molina has acted as chair of several security organizations, including the Trusted Computing Group and the IoT Internet Consortium. He is the co-writer of the Industrial Internet Security Framework and the author of several security-related patents and academic research papers. Mr. Molina holds a M.S. and a Ph.D from the University of Maryland.

Share

Trending posts

SCADA Security Fundamentals

August 14, 2025

What is OT Network Monitoring?

August 14, 2025

What Is ICS (Industrial Control System) Security?

August 14, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post Webinar: Industry-Specific 62443 Insights for Power Generation appeared first on Waterfall Security Solutions.

OT Insights CenterPowerRecorded Webinar: Engineering-Grade IEC 62443 – A Guide For Power Generation

Recorded Webinar: Engineering-Grade IEC 62443 – A Guide For Power Generation

Webinar Recording: An in-depth look at the IEC 62443 standard, IEC 62443-3-2 risk assessments, and why would we need 62443-4-2 certified components for power generation operations.

Waterfall team

• April 2, 2024

IEC 62443 is used widely in power generation, but some aspects of the standard are ambiguous, and others are easily confused.

The Cyber-Informed Engineering (CIE) initiative, funded by the US Department of Energy, is a new way to look at IEC 62443 – a perspective that clears up a lot of confusion.

In this webinar recording, Andrew Ginter guides us through the intricacies of IEC 62443 for power generation, seen through the lens of CIE

In this recorded webinar, Andrew took us through:

What are the IEC 62443 standards and which ones apply to power generation?

How can CIE help IEC 62443-3-2 risk assessments determine Security Level targets?

 How can engineering-grade mitigations eliminate cyber threats, in addition to IEC 62443-3-3 mitigations?

What kind of extra protection do we get from 62443-4-2 certified components?

Watch Now:

Share

Trending posts

Network Duct Tape – Episode 141

August 13, 2025

Credibility, not Likelihood – Episode 140

August 6, 2025

Rethinking Secure Remote Access for Industrial and OT Networks

August 6, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post Recorded Webinar: Engineering-Grade IEC 62443 – A Guide For Power Generation appeared first on Waterfall Security Solutions.

IEC 62443 is a global cybersecurity standard for industrial automation and control systems (IACS). It defines security requirements for system components, processes, and organizations. The standard helps reduce cyber risks by guiding asset owners, system integrators, and product suppliers on implementing secure-by-design principles and defense-in-depth strategies.

The ISA/IEC 62443 set of cyber-security standards are truly great. They are the world’s most popular, most widely applicable, and most comprehensive standards for securing industrial automation and control systems (IACS or ICS). Created by the International Society of Automation (ISA) and then accepted and co-developed by Europe’s International Electro-technical Commission (IEC), the standards were endorsed by the UN for their Cybersecurity Common Regulatory Framework in 2019. In September 2020, the new Part 3-2 of the standard was released, providing guidance on performing risk assessments on an IACS so that security countermeasures can be identified and applied.

In 2021, IEC members voted to make 62443 a horizontal standard, meaning it will form the basis for all future ISA and IEC industry specific industrial security standards and frameworks. Most ICS security standards are narrow in scope and tied to an industry, nation, or government body. It’s very refreshing that 62443 is completely generalized. It would be nice to say that it’s almost perfect, but automation and control technologies are changing fast, and a standard this big does have some confusing spots. This is not lost on ISA’s SP99 technical committee that writes the standard, who are hard at work on a major rewrite of several of the older sections. So, if you’re tasked with implementing IEC 62443, what are the essentials you need to know? What’s confusing, and what’s changing?

Speak with one of our 62443 experts  >> Contact Us >>

Essential Knowledge for Protecting ICS Networks

IEC 62443 is a multi-part standard, and very broad. I’m assuming that readers here will be asset owners or charged with protecting an industrial site. In that case, relevant sections to get started are:

• 1-1, Terminology, concepts and models
• 2-1, Security program requirements for IACS asset owners
• 3-2, Risk assessments for system design
• 3-3, Security requirements and security levels

These are outlined in red in the following chart in Figure 1.

Getting access to the IEC 62443 standards does cost money, but I highly recommend grabbing the free Quick Start Guide, downloadable from the ISA. Also – membership in the ISA is less than the cost of two or three volumes of the standards, and ISA members get free access to ISA and IEC 62443 standards.

In a nutshell, implementing the standard to secure an ICS site means implementing a security program, described in 62443-2-1. To do so, a risk assessment would be carried out and any changes to the network and security design would be made, based on 62443-3-2. Based on the assessment results and design that exists, that site’s cyber defenses would be categorized into one of five levels, described in the 3-3 document. The level selected determines the degree of requirements needed to complete implementation of the security program, so secure the site to what you have determined is an acceptable level. The higher the security level, the greater the strength of the applied protection. The five levels are summarized in Table 1: IEC/ISA 62443-3-3 Security Levels.

Table 1: IEC/ISA 62443-3-3 Security Levels

Effectively, 62443 lays out a roadmap to engineer cyber security defenses, and to iterate between risk assessments and system design until an acceptable level of protection is deployed. IEC 62443 security levels are all defined based on the type of threat – the most capable adversary that the system is designed to defend against. This worst-case attacker is further defined in terms of their means, resources, skills and motivation. While this all sounds great, selecting the appropriate security level is confusing, and it is unfortunately too easy to select the wrong security level as the target level for an automation system or site.

Would you like to speak with one of our IEC 62443 experts?  >> Click Here >>

IEC 62443 Part 3-3: Picking The Right Security Levels

Choosing a security level (SL) target is difficult in the current version of IEC 62443 Part 3-3, because in most of the 62443 series of documents, security levels are described in terms of the characteristics of the perceived adversary, and not in terms of the worst-case consequences of compromise.

In a bit more detail, IEC 62443-1-1 states that a target security level should be assigned to every network zone based on a “… consideration of the likelihood and consequences of security of a zone or conduit being compromised.” The problem is that 62443-3-3 (repeatedly) describes security levels as in Table (1) – in terms of the capabilities of the adversaries the zone must be protected against, not in terms of consequence severity. This is not entirely wrong – it is reasonable for example to look at a safety system designed to prevent an environmental catastrophe and say that this safety system deserves the highest degree of protection – SL4. The problem is that many practitioners forget this one paragraph in 1-1 and look at 3-3, where security levels are repeatedly defined in terms of the capabilities of the adversary.

IEC 62443 section 3-3 was released over a decade ago, in 2013. Back then, risk assessments based on the profile of an attacker alone were understood to be a robust method. This might make sense if you are trying to protect the information in your network, where denying access to the information systems would use the most sophisticated defenses to make it very difficult for the attacker. With industrial systems and critical infrastructure, protecting operations is key. Here the goal is to keep operations running safely, continuously, and reliably. The updated way to look at operational cyber risk is to consider that every CPU, at any level of the control system, could be compromised to mis-operate. Then consider what systems and processes pose a health and safety, or operational reliability risk, with consequences too dangerous or costly for the business or operations team to accept. It is important that the process be protected from harm, and not be solely concerned about who or what type of threat would cause that harm.

Take the example of a small-batch distillery, renowned for their gin made from locally sourced ingredients. Being in the mountains, seasons are short and only one batch is produced per year. Any spoilage of the batch by any threat actor could bring unacceptable harm to the business, including bankruptcy. Tampering of the safety instrumented systems on the still could cause a fire, release of steam, or product. But since a very small number of staff generally stay out of the plant, have a regimented safety program, and stay safe behind a sealed door and tempered glass during operations, the greatest concern is losing their precious gin. They are mostly concerned about their local competition and the rise in the threat of criminal ransomware groups, more than they are about sophisticated ‘nation-state’ attackers.

Contrast the gin distillery to the example of a 600 MW natural gas-fed power plant. Here, mis-operation could cause not only loss of power to thousands of downstream customers, but loss of extremely long lead-time assets such as turbines, power lines, transformers and more. Further, the health and safety consequences of out-of-control rotating equipment, electric arcs, would be completely unacceptable. In some cases, a loss of 600 MW can be absorbed by the electric grid with enough excess capacity, but during times of peak demand could instead cause widespread outages over large geographical regions. The ensuing chaos on such a scale significantly endangers the public. Whether an attack is made by an unsophisticated adversary just poking around (a ‘script-kiddie’), or a highly motivated and well-resourced attacker (a ‘nation state’ group) does not really matter. The power company is expected, and mandated by regulations, to prepare their defenses accordingly. A higher security level and stronger security program should be chosen to protect a power plant than for a distillery, because of the nature of the consequences, not because of the nature of the expected adversary.

Into The Future with IEC 62443

The point is that consequences determine the security level, not the nature of the threat or the adversary. A risk assessment asking the wrong questions could lead to a naively applied security level and program. It’s good to know that the ISA is aware of this fact. About a year ago, on the Industrial Security Podcast Episode #73, Eric Cosman, chair of the ISA99 committee which authors the series of standards, mentioned that a revision to 62443 Part 3-3  is in the works, and that security levels were being re-evaluated in light of issues like this that have come up in the course of using the standards this last decade.

It might sound like IEC 62443 has fatal flaws. Far from it. Last year, Alex Nicoll, co-chair of the ISA99 committee, appeared on the Industrial Security Podcast Episode #79. In it, he expressed the committee’s goal to keep up with industry changes, and the understanding that change is occurring quickly in not only automation and control, but in cyber security as well. The committee has largely achieved its goal of creating a general, widely-applicable and accepted framework for improving security in the industrial and critical infrastructure space.  He re-affirmed concerns around Security Levels and Risk Assessments, while also mentioning that new technologies like containerization, virtualization, edge devices and the cloud need to be incorporated. Alex mentioned that the strength of the standard is that it is made up of volunteers and depends on input from those with experience to ensure standard is relevant and applicable to a wide range of businesses. Applying principles is key, as fundamentals haven’t changed in 20-30 years and requires collaborative input and effort from asset owners, operators, integrators, and suppliers.

In short, the series of standards is useful and valuable. Issues have been identified with the series, and are being addressed in new versions of the standard.

Speak with one of our 62443 experts  >> Contact us>>

The post The Essential Guide To ISA IEC 62443 appeared first on Waterfall Security Solutions.

OT Insights CenterPowerSecuring Power Generation At New Brunswick Power

Securing Power Generation At New Brunswick Power

Partnering With Énergie NB Power To Secure Production And Assure Compliance

Customer/ Partner:

Énergie NB Power.

Customer Requirement:

Secure, safe and continuous operation of power production networks in all power plants, while enabling real-time OT monitoring and compliance with NERC-CIP regulatory security requirements.

Waterfall’s Unidirectional Solution:

Waterfall Unidirectional Gateways were deployed to separate the OT and enterprise networks. All business and operational applications – especially ICCP / PI servers – continue to operate reliably to ensure smooth operation and maintenance of power stations.

Protecting Reliability And Ensuring Compliance At Power Generation Sites

Énergie NB Power supplies wholesale energy products in a competitive environment. Electricity is generated at 14 hydro, coal, oil, and diesel-powered stations, with an installed net capacity of 3,142 MW, comprised of 1,724 MW thermal, 893 MW hydro and 525 MW combustion turbines. Énergie NB Power’s industrial and corporate networks support power generation plants as well as business offices, all with different business needs. From these networks, the OSIsoft PI application and ICCP protocol are used for monitoring of the power stations.

The challenge

Énergie NB Power wanted to prevent cyber attacks that could result in power outages, loss of revenues and physical damage to equipment. The company was also challenged with the task of complying with NERC-CIP standards and cyber-security requirements. The business determined that using firewalls to allow real-time data flows from a control network to an enterprise network introduced unacceptable risks to safe, correct, continuous and efficient power generation operations.

Waterfall solution

Waterfall Unidirectional Security Gateways were deployed at each power plant, along with Waterfall’s OSIsoft PI and ICCP server replications. The Waterfall Gateways replicated PI servers and ICCP servers unidirectionally from each plant’s OT network to the Énergie NB Power enterprise network. On this external network, users and applications continue to interact normally and bi-directionally with the replica servers.

Results & benefits

Security: Absolute protection from online attacks originating on the IT network, and from Internet-based attacks.

Visibility: Online access to real-time operations data, with no change in end-user or business application- integration procedures.

Compliance: Reduced NERC CIP compliance costs for Énergie NB Power.

Operational Costs: Reduced operating costs associated with training, administration, audit, testing, and monitoring costs when compared to a firewall-based solution.

Theory of Operation

“Waterfall’s Unidirectional Security Gateways have proven to be highly reliable and easily integrated into our existing networks. They are instrumental in helping us comply with the NERC-CIP standards and secure our critical assets against any type of external cyber-attack or hacking threats”

Greg Wright, Énergie NB Power IT Specialist

Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and industrial control networks from attacks emanating from external networks. Waterfall Gateways contain both hardware and software components. The hardware is physically able to send information in only one direction. The software replicates servers and emulates devices. The gateway software produces an accurate, timely replica of PI and ICCP servers for use by enterprise and external applications and users.

Unidirectional Gateways enable safe IT/OT integration, vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. The gateways replicate servers, emulate industrial devices and translate industrial data to cloud formats. Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that always accompany firewall deployments. Replacing at least one layer of firewalls in a defense-in-depth architecture breaks the attack path from the Internet into critical systems

Unidirectional Security Gateways Benefits:

Dramatically reduces NERC-CIP compliance costs.

Eliminates any risks from external cyber attacks and human errors.

Enables secure, high throughput and real-time access to ICCP and PI server information.

Strong, physical protection for production processes and personnel safety.

Global Cybersecurity Standards Recommend Unidirectional Security Gateways

Waterfall Security is the market leader for Unidirectional Gateway technology with installations at critical infrastructure sites around the world. The level of protection provided by Waterfall’s Unidirectional Security Gateway technology is recognized as best practice by leading industry standards bodies and authorities such as NIST, ANSSI, NERC CIP, ISA / IEC 62443, the US DHS & CISA, ENISA, TS50701 and many others.

Share

Trending posts

Unidirectional vs Bidirectional: Complete Integration Guide

July 30, 2025

The Top 10 OT-Capable Malware: What We’ve Learned and What Comes Next

July 20, 2025

13 Ways to Break a Firewall

July 16, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post Securing Power Generation At New Brunswick Power appeared first on Waterfall Security Solutions.

OT Insights CenterPowerCybersecurity For Electric Substations

Cybersecurity For Electric Substations

Protecting The Connected Substation From Evolving Cyber Threats

Customer/ Partner:

American transmission utility.

Customer Requirement:

To comply with NERC-CIP standards and protect critical assets from cyberattacks while protecting operational and business process efficiency.

Waterfall’s Unidirectional Solution:

Secure substation network perimeters from external threats with Unidirectional Security Gateways, while enabling compliance with NERC CIP regulations and safe monitoring by central Energy Management and SCADA systems.

Modern Threats To High Voltage Substations

High voltage substations are vital to the reliable operation of the bulk electric system. High voltage substations have been targeted in recent attacks though – compromised substations have been used to interrupt power flows to consumers, industries and critical infrastructures such as drinking water purification systems and vital government and military installations. When transmission substations are targeted, there is the potential for cascading failures when the demand for power is high. When substation protective relays are targeted, there is the potential for physical damage to transformers and other vital physical infrastructure. It is for these reasons that regulators in many geographies require electric utilities to provide strong protection for substation control equipment and protective relays

The challenge

To secure the safe, reliable and continuous operation of high voltage substations from threats emanating from SCADA Wide Area Networks (WAN) and other external sources, yet still provide central EMS/SCADA systems, Information Technology (IT) users and substation vendors with real-time access to substation data. In particular, ensure that substation protective relays are protected from compromise, to prevent damage to high-voltage equipment.

Waterfall solution

A Waterfall Unidirectional Gateway was installed in all substations with physical equipment operating at or above 100KV. Gateway software connectors replicate protective relay event files to a central site for analysis by power engineers. Gateway software also replicates relay and Remote Terminal Unit (RTU) DNP3 servers. Central EMS/SCADA systems interact normally and bi-directionally with the replica servers, sending them poll requests and configuring reporting by exception. Unidirectional Gateway hardware physically prevents any external threat from reaching into and impairing substation or protective relay operations.

Results & benefits

100% Security: Critical substation relay networks and control networks are physically protected from threats emanating from external, less-trusted networks.

100% Visibility: The central EMS/ SCADA system continues to operate normally. Instead of accessing substation servers directly, the system transparently accesses emulated devices for safe monitoring of substation equipment.

100% Compliance: Unidirectional Gate-ways are recognized by the NERC CIP, French ANSSI and other standards, and regulations as providing the strongest possible network perimeter protections.

Theory of Operation

Waterfall Unidirectional Security Gateways replace firewalls in high voltage substation environments, providing absolute protection to protective relays and Remote Terminal Units from attacks emanating from external, less-trusted networks. Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected industrial network. The Gateways enable relay event reporting, vendor monitoring and safe monitoring of substation equipment by distant EMS/SCADA systems. Unidirectional Gateways replicate servers, emulate industrial devices and translate industrial data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments. 

Unidirectional Security Gateways Benefits:

Safe, continuous monitoring of protective relays and RTU equipment by central EMS/SCADA systems

Prompt reporting of protective relay trip events to central power engineering teams for analysis and response

Absolute protection from online attacks from external networks 

Support for current and future substation environments and requirements, including DIN-rail form factor and support for DNP3, IEC 60870-5, IEC 61850 Edition 2, IEC 61850 GOOSE and IEC 61850 MMS

Share

Trending posts

What Is Industrial Control System Software?

July 16, 2025

Cross-Domain Solutions: What They Are, How They Work, and Where You Use Them

July 14, 2025

Lessons Learned From Incident Response – Episode 139

July 9, 2025

Stay up to date

Subscribe to our blog and receive insights straight to your inbox

Tags

• industrial cyber attacks
• NERC CIP
• IEC 62443
• NIST
• OT security Standards

The post Cybersecurity For Electric Substations appeared first on Waterfall Security Solutions.