Company Overview
A US-based natural gas power plant with over 500 megawatt generating capacity.
Case Summary:
Industry: Natural Gas Power Generation
Challenge: Meet cybersecurity compliance with NERC CIP v5, and maintain turbine vendor access to OT monitoring data to meet SLA.
Solution: OPDS-100 data diodes with DataDiode Technology deployed to transfer turbine operations information to monitoring center.
Benefits: Deterministic, one-way data diode secured plant from external threats and allowed vendor to receive turbine data at remote monitoring center.
Cybersecurity Challenge
The power facility is subject to North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) version 5 cybersecurity guidelines. To achieve compliance, the company had to disconnect critical operational technology (OT) networks from external access, including their turbine vendor. However, according to their service level agreement (SLA), the vendor needed to access turbine monitoring data from the plant.
Requirements:
- Clearly define network segments and eliminate all connections to critical OT systems from outside networks according to NERC CIP v5
- Enable one-way communication from OT network to external end-users
- Provide operations data to turbine vendor’s global monitoring center to meet SLA
Use Case | Before
Solution
OPDS-100 was selected to remove remote access to the OT network and provide deterministic, one-way outbound data flow. This helped the plant to achieve NERC CIP v5 compliance, and enabled the transfer of turbine data to the vendor global monitoring center.
Use Case | After
Deployment
Solutions:
Owl Perimeter Defense Solution – 100 (OPDS-100)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.
Results
- Achieved compliance with NERC CIP v5 regulations for US natural gas power facility cybersecurity
- Data diodes installed to reduce risk per NERC CIP v5 guidelines, eliminating all inbound connections/threats to OT networks while providing deterministic outbound data flow
- Met SLA through one-way transfer of turbine operations data to vendor global monitoring center