A US-based coal power facility with over 2,500 megawatt capacity.
Industry: Coal Power Generation
Challenge: Meet cybersecurity compliance according to NERC CIP v5 without disrupting access to OT data by business end-users.
Solution: OPDS-100 data diodes deployed along with OPTS PI System replication and Owl OPC data replication.
Benefits: Deterministic, one-way data flow secured OT network from external threats, and enabled transfer of PI System data and OPC monitoring data to corporate network.
As a US-based fossil power facility, the plant is subject to North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) version 5 cybersecurity guidelines. To achieve compliance, the company had to disconnect critical operational technology (OT) networks from outside access. However, it also needed to retain access to OSIsoft PI System historian data and OPC client/server data by the business IT unit.
- Clearly define network segments and eliminate all connections to critica
- OT systems from outside networks according to NERC CIP v5
- Enable one-way communication from OT network to business IT network
- Maintain business continuity through PI System historian replication
- Allow remote monitoring of OPC data via replication to business IT
Use Case | Before
OPDS-100 was selected to prevent remote access to the OT network and provide deterministic, one-way data transfer out of OT network. Added PI System replication (OPTS) and OPC data replication for remote plant monitoring and data access by business end-users unit.
Use Case | After
Owl Perimeter Defense Solution – 100 (OPDS-100)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.
Owl PI Transfer Service (OPTS)
Specialized software developed specifically for secure replication and transfer of OSIsoft® PI System historian data across network boundaries.
- Achieved compliance with NERC CIP v5 regulations for US coal power facility cybersecurity
- Data diodes installed to reduce risk per NERC CIP v5 guidelines, eliminating all inbound connections/threats to OT networks while providing deterministic, one-way outbound data flow
- Enabled PI System historian and OPC monitoring data replication to IT network, allowing business unit staff to “get their jobs done”