Company Overview
A National Grid Operator in South Asia operating a number of regional power generation plants.
Case Summary:
Industry: Electric Grid
Challenge: Maintain secure plants while transferring production data to the Market Operator.
Solution: A single OPDS-100 installed at each plant to securely transfer eDNA production data, alarms and adhoc files to end-users outside of the plants.
Benefits: Plants are now isolated and secured from network cyberattacks. Single low maintenance device in place with ability for software license upgrades in the future.
Cybersecurity Challenge
The Grid operator needed to securely move SCADA/historian information, files, alarms and other adhoc data requests out of the power generation plants to remote users including the market operator so real-time production decisions and adjustments can be performed. The data needed to be transferred out of the secure plants without opening a threat vector into the plant.
Requirements:
- Provide a secure, one-way transfer of multiple data types from multiple sources over a single device
- Replicate eDNA servers in each plant to external eDNA servers accessible by market operator
- Support redundant eDNA servers
- Ability to transfer multiple data flows (2 from historians, 3 for alarms and 1 for files) and multiple protocols (eDNA replication via TCP/IP, FTP for alarms, RFTS for files) simultaneously
- Have the ability to expand throughput as future requirements are identified and implemented
Use Case | Before
Solution
The OPDS-100 was selected to protect the plants in three separate regions from network attacks and securely transfer data to end-users. It is a single, low maintenance device with an MTBF of 14+ years. Each device is configured to handle the various data flows, data sources, protocols and replication requirements of the plant with capacity still available to handle future growth and expansion.
Use Case | After
Deployment
Solutions:
Owl Perimeter Defense Solution – 100 (OPDS-100)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.
Results
- Each plant in each region is fitted with a single, one-way only OPDS-100
- All required traffic flows through the OPDS-100 in near real-time (single digit millisecond latency)
- A “drop-box” was created for internal plant users to automatically send ad-hoc data requests to external End-users
- Redundant eDNA servers at each plant are replicated and accessible by Market Operator
- All OPDS-100 devices are available for future expansion projects now being designed