Power Transmission and Distribution Substations Meet NERC CIP Version 5 Cybersecurity Regulations

Power Transmission and Distribution Substations Meet NERC CIP Version 5 Cybersecurity Regulations

Company Overview

Bulk electric system (BES) operator with many disparate power transmission and distribution (T&D) substations located across the United States.

Case Summary:

Industry: Power T&D Substations

Challenge: Meet cybersecurity compliance according to NERC CIP v5 without disrupting access to OT data by business end-users.

Solution: OPDS-100D data diodes deployed PI System data replication and Owl OPC data replication software.

Benefits: Achieved NERC CIP compliance via deterministic, one-way data transfer, and enabled remote access to PI System and OPC monitoring data by business end users.

Cybersecurity Challenge

T&D substations subject to North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) version 5 cybersecurity guidelines are required to mitigate network threats to the BES. To achieve compliance, the company had to disconnect substation operational technology (OT) networks from external access. However, the business end-users needed to retain access to OSIsoft PI System historian data and OPC data generated within the substation OT network.


  • Clearly define network segments and eliminate all connections to critical
  • OT systems from external networks according toNERC CIP v5
  • Enable one-way data transfer from OT network to business IT network
  • Replicate and transfer PI System historian data to IT network for business continuity
  • Allow OPC client/server remote data monitoring

Use Case | Before


OPDS-100D was selected to eliminate external access to the OT network and provide effective network segmentation, and deterministic, one-way data transfer out of OT network. Owl applications for OSIsoft® PI System replication (OPTS) and OPC client/server replication were also deployed for remote substation monitoring and data access by corporate end users.

Use Case | After



Owl Perimeter Defense Solution – 100D (OPDS-100D)
DIN rail compatible data diode solution for deterministic, one-way data transfer and effective network segmentation. Supports a wide range of data formats and transport layer protocols at up to 104 Mbps.

Interface Module:

Owl PI Transfer Service (OPTS)
Specialized software developed specifically for secure replication and transfer of OSIsoft® PI System historian data across network boundaries.


  1. Achieved compliance with NERC CIP v5 regulations for US power T&D cybersecurity
  2. Data diodes installed to reduce risk per NERC CIP v5 guidelines, eliminating all inbound connections/threats to OT networks while providing deterministic outbound data flow
  3. Enabled PI System historian and OPC monitoring data replication to IT network, maintaining business continuity and operational insight