Data diode security does not contain decision logic, software or firmware that could compromise infrastructure and eliminates opportunities for malware and online attacks, says Ronald Prins.Part of the innovation driven by internet protocol (IP) communication technologies in utility companies must include better forms of cyber security. Transitioning from one-way power grids to bi-directional smart grids to improve operational and customer service performance can only make sensitive data and programming that controls processes more vulnerable. As part of a nation's critical infrastructure, utility companies are prime targets for cyber attack. A January audit report by the Federal Energy Regulatory Commission on its monitoring of power grid cyber security concluded that security "remains a critical area of concern".A report by Pike Research on smart grid cyber security, which identifies key issues that require attention if smart grids are to become secure, noted that "many industrial control systems have seemed secure simply by being isolated from IT networks. The Stuxnet attacks demonstrated that USB memory sticks give attackers a convenient workaround for that lack of connectivity."In fact, devices used for air-gap data transfer can be misplaced, stolen, or infected with malware such as the Stuxnet worm and transferred to a critical network, intentionally or accidentally. Even when connected systems and networks are fully compliant with the latest security standards, they are limited to distributed component object model (DCOM)-based access permissions and firewalls which, through human error and malicious intent, can be wrongly configured.Data diode technology offers an effective solution to achieve both the systems interoperability envisioned for smart grid and the cyber security needed to protect sensitive systems and data. A data diode is a security system for connecting networks with different security levels. It allows data to be sent from a process control network for information updates but physically prevents electronic access to that network.Just as a diode in basic electronics allows current to flow in only one direction, data diode technology allows data to flow safely in one direction to connect the sensitive part of smart grid infrastructure with less secure systems and networks.Data diode security does not contain decision logic, software or firmware that could compromise infrastructure. It eliminates opportunities for software malfunctions, malware, tampering and online attacks. It cannot be misconfigured, eliminating the potential for human error.This technology can be easily implemented at OLE for process control (OPC) servers that connect data from programmable logic controllers (PLCs), remote terminal unit (RTUs), meters, sensors, analysers, distributed control systems and improvised devices for smart grid systems interoperability. It improves connectivity between process networks and back-office systems by eliminating the delays in information transfer associated with air gap procedures, which are neither continuous nor real time. Information can be exchanged between a high-security network and less-secure information management systems in real-time for up-to-date business visibility and decision making affecting financial, operational and customer service performance-without exposing the bulk electric grid to cyber threats.A European-based provider of data diode security has had its technology certified for the highest level of computer security (Evaluation Assurance Level 7) in compliance with the internationally recognised common criteria for information technology security evaluation (ISO/IEC 15408). The technology has been approved for connection of networks up to and including NATO secret and, in Europe, is increasingly used to upgrade the security of government networks. Security standards similar to those mandated by governments are needed for smart grids as well. This particular data diode technology supports all standard SCADA protocols including OPC, inter-control centre protocol (ICCP), distributed network protocol (DNP3) and modbus. The data diode technology is implemented with a hardware data diode, proxy servers, and software that provides data integrity (error detection and correction), data transfer synchronisation, event logging and simple network management protocol (SNMP) traps (on both sides of the data transfer), and a user interface for administrators and security auditors.A one-way physical connection is made between the two servers to prevent data leakage and guarantee the security of the process control network. Each server has an easy-to-use web interface that allows authorised users to configure what information is to be transferred. As the physical connection between networks is one-way (hardware), malware will never compromise the security of the grid. One data diode can support transfers from multiple OPC servers. The basic solution can be augmented with additional application servers to add specific functionality to the one-way data transfer.A leading provider of data connectivity software for SCADA networks now offers data diode technology as another layer of security for power companies' overall defense-in-depth strategies. When used with advanced OPC server software, data diode technology supports complete control over information browsing, reading, and writing on a per-user, per-access basis in smart-grid environments. Instead of relying only on global, DCOM-based, "all-or-nothing" system access permissions, power companies can have granular, role-based control over security to prevent unauthorised access to process data and programming controls, whether accidental or intentional.The author is CEO, Fox-IT. Views are personal.
I wish to start pvc / pp electric wire unit in Delhi. What kind of information I can get if I subscribe for your magazine
Pls invite me all auction in gujarat
we are doing business developing for solar power ,thermal power , customer supporting and we have 45 mw splar power on hand needs investors.....
pls call +910842559230