Supervisory Control and Data Acquisition (SCADA) systems are used for controlling utility operations such as electric power, water and renewable energy. In the case of solar fields and wind farms, usually there are both an on-site SCADA system for controlling the local PLCs and remote access for monitoring the site’s performance and for maintenance.
With the migration to renewable energy sources on the rise, their role in the overall national power supply has become critical. As such, their SCADA systems are becoming a primary target for cyber-attacks.
Renewable power plants are usually located in remote, isolated areas, and they tend to have a complex composition of stakeholders, including the plant owner who usually manages several sites, the system integrator in charge of ongoing operation and maintenance, and the power utility that purchases the electricity. As such, renewable power facilities face operational scenarios that are not only complex but also the cause of multiple vulnerabilities.
Radiflow offers a comprehensive cyber security solution for distributed renewable power plants. The solution consists of a secure gateway for remote access to sites, as well as an IDS (Intrusion Detection System) for monitoring local operations.
The combination of the secure gateway and the IDS enables the detection of sophisticated cyber-attacks aimed at disrupting operational processes or changing the data parameters of networked devices before they are sent to the control center.
The secure gateway provides the option to remotely connect to the renewable power site over secure VPN tunnels, with different access rights for each stakeholder. The gateway’s native authentication proxy authenticates each remote user and restricts the user’s access according to his predefined tasks (e.g. which PLC to access, during which time-slot, types of commands approved for use, etc.) All remote sessions are recorded for auditing purposes.
The IDS passively scans the network and creates a baseline model of its normal behavior. Once the operator approves the normal behavior model, the IDS is able to detect anomalies in the operational network’s behavior and alert the operator. Such anomalies may indicate an insider attack (e.g. a malware on one of the PLCs) that couldn’t have been detected by the secure gateway.
Intrusion Detection System (IDS)