Company Overview
A US-based, federally-owned regional power authority serving over 150 municipalities, with a fleet of nuclear, fossil and hydro power plants.
Case Summary:
Industry: One of the top 10 public power suppliers in the US
Challenge: Remediate cybersecurity vulnerabilities and meet compliance with NERC CIP v5 and NRC security guidelines.
Solution: Owl EPDS data diodes along with OPTS PI System replication application.
Benefits: One-way data flow secured OT network from external threats, and achieved compliance with NERC CIP v5 and NRC guidelines. Maintained business continuity through replicated PI System historian at HQ.
Cybersecurity Challenge
An audit by the US General Accounting Office (GAO), revealed a number of cybersecurity vulnerabilities. With nuclear, fossil and hydro plants in their fleet, the power authority is also subject to both the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) and Nuclear Regulatory Commission (NRC) cybersecurity guidelines. The authority had to remediate identified cybersecurity vulnerabilities and meet regulatory compliance while maintaining business continuity.
Requirements:
- Clearly define network segments and eliminate all connections to critical OT systems from outside networks according to NERC CIP v5 and NRC Regulatory Guide 5.71.
- Enable one-way data flow from OT network to business IT network
- Replicate local PI System historians, from across the fleet, to a centralized PI System historian at HQ for access by business group
Use Case | Before
Solution
Owl data diodes (EPDS) were selected to meet specific risk-based criteria of NERC CIP v5 and NRC Regulatory Guide 5.71 regulations. Data diodes removed external access to OT network and enabled deterministic, one-way data flow to HQ. OPTS PI System data replication software deployed to transfer fleet-wide historian monitoring data and operation management reports to HQ.
Use Case | After
Deployment
Solutions:
Enterprise Perimeter Defense Solution (EPDS)
Data diode communication card pair, mounted on independent, send-only and receive-only commercial servers, for network segmentation and deterministic, one-way data transfer.
Interface Module:
Owl PI Transfer Service (OPTS)
Specialized software developed specifically for secure replication and transfer of OSIsoft® PI System historian data across network boundaries.
Results
- Met defense-in-depth cybersecurity requirements according to GAO guidance, NERC CIP v5, and NRC Regulatory Guide for US power facilities
- Data diodes installed, eliminating all inbound connections/threats to OT networks while providing deterministic outbound data flow
- Maintained business continuity through replicated fleet-wide PI System historian data from OT networks to HQ IT network