Centralized user management and network monitoring

customer:
Transmission Utility
Application:
400 kV Substation
Country:
Middle-East

Customer Challenge

The utility designed the next generation of its 132 kV transmission substations with cybersecurity from the ground up. The IT manager wanted to centrally manage users from a Security Operation Center and go beyond standard antivirus scanners to detect potential cybersecurity incidents.

GE's Solution

GE integrated the cybersecurity solution with the utility central user management system and implemented a network intrusion detection system (NIDS). The project scope included:

  • Installation of a read-only user database replica in the substation (Read-Only Domain Controller, or RODC), synchronized with the utility's central Domain Controller
  • Integration of GE's DS Agile substation automation system, Micom P40 protection relays and GE Reason switches with the RODC using LDAP and RADIUS
  • Installation of a Nozomi Networks Guardian NIDS to monitor strategic points of the substation protection and control system network

Customer Benefits

  • All users of the 15 substations are centrally managed therefore accesses can be quickly revoked from the central security center
  • System operation is maintained when the management communication link is unavailable
  • The network traffic is centrally monitored, alarming the security engineers in case of unexpected events such as connection of a new device or detection of a new type of communication protocols

Regulatory compliance

customer:
Offshore Windfarm
Application:
225 kV Offshore Substation
Country:
Europe

Customer Challenge

The operator of a 480MW wind farm composed of 80 turbines required a solution to ensure the cybersecurity of its offshore and onshore substations and reliably deliver power to 700,000 homes and industries. The solution had to comply with the country cybersecurity authority requirement not to store user password database in unmanned substations to avoid the risk of physical theft of computers.

GE's Solution

GE supplied a cybersecurity solutions integrating systems and components in the offsite operator's central user management database. Thus, in case of communication loss, the system can still be locally operated using local emergency accounts. The solution included:

  • A routing and firewall policies detailed definition to precisely control authentication traffic between the protection and control system and the operator's system.
  • The configuration of the central management system in coordination with customer’s team
  • A review of the telecom infrastructure to lay out and document the potential failure cases

Customer Benefits

  • Implementation of a security architecture validated by the country authority
  • Centralized user management for grained access control
  • The high availability of the wind farm is preserved as one of the essential system functions, in the event of a communication failure on the security channel

CYBER PROTECTION AGAINST MALWARES

customer:
Power Generation
Application:
Evacuation Substation
Country:
Asia

Customer Challenge

A 300MW coal generation plant operator discovered a malware in its digital control system running on an unsupported operating system, that fortunately did not affect operations. The customer required a solution to remove the malware and prevent an incident to happen again, without upgrading the installed DS Agile 5.0 system to the latest supported version.

GE's Solution

GE executed the WinXP Bundle package from GE CyberSentry Security Service offer that included:

  • Performing a backup of the system before and after the maintenance operation
  • Searching for, identifying the malware and cleaning of the impacted laptops
  • Executing actions to harden the unsupported operating system by disabling used services, protocols and implementing various configuration actions
  • Installing security updates to protect against known malware and McAfee Application Control whitelisting software on all PCs

Customer Benefits

  • Cybersecurity risk significantly reduced without the need of upgrading the full system
  • Update provided remotely
  • No operation outage required during the implementation of the plan with only 4 days of work on site