Dragos Platform in Renewable energy industry

Additional information

Source: Web-site of vendor

The project has been delivered on schedule

The budget has not been exceeded

Functionality complies with task

Description

Foreword  NaturEner implemented the Dragos platform in July of 2017, which consisted of nodes at each wind farm and a central monitoring node at its corporate headquarters inSan Francisco. The Dragos Platform now monitors all wind farm networks and Energy Management System (EMS) networks.
We immediately saw value as the platform showed us in detail what was running on all of the networks.  This was known information on the EMS network, but we had not been doing inventory scans on the wind farm ICS networks.
Challenges and Solutions Industrial Control System (ICS) networks are unique in topology, design, and workflow. Each ICS sector has specific requirements producing unique security implications. Visibility of the network and host behaviors are critical to identifying what protections are required and detecting intrusions. These challenges are not unique to NaturEner,renewable energy, or even ICS networks and deserve consideration by others looking to improve their security posture. Shared ICS Challenges •System and subsystem configuration (patch level, best practices, etc) are restricted by vendor and warranty •Distributed networks impede ease in central monitoring •Reliability and safety often take priority over cyber security Wind-Specific Challenges •Many individual units to keep up to date (firmware, configurations, etc.), which is challenging and time consuming •Each unit also acts as a mini substation, introducing additional complexity •Often no secondary or tertiary monitoring systems for safety shutoffs and monitoring •Multiple external remote connections are common (turbine vendor, 3rdparty services, etc.) Large Geographical Footprint NaturEner deployed the Dragos Platform to each US subnet, including all EMS, wind farm (SCADA), and production networks. Traffic from each subnet was aggregated to a centralized data store. This data store facilitates data correlation for analysis between sites, as well as triage and incident response, if the Dragos Platform detects a compromise. NaturEner analysts can now review traffic across the NaturEner ICS and business enterprises through a single platform. Sparse Monitoring Timeframes This challenge is mitigated through continuous monitoring at strategic capture points across NaturEner’s domain.  While comparing baselines can be an effective way to isolate changes within the environment, there is a risk of the baseline including existing adversary communications and data.  The Dragos Platform enables the analyst to combine changes to baseline with threat behavior analytics, ensuring that even “low and slow” attacks are detected. Management of Vendor Devices Vendor devices, specifically those used for wind assets, are used to monitor and perform actions (such as Turbine resets). These devices interact with company assets in the ICS network as a part of their warranty services. NaturEner’s continued network operation and warranties require these vendor devices. Improvements to the authentication of users or processes against the devices require external vendor support. The Dragos Platform passively monitors device communications across the network. This traffic can be organized into custom network zones, as defined by each organization.
We've been able to track who is talking to whomover what ports,and most importantly, see traffic from our warranty vendor's various sites and systems.
Asset Inventory Because networks grow with the business, it is not uncommon to lose awareness of asset inventory, subnet behaviors, or how data moves throughout the network. In these situations, it is very arduous to identify and catalog assets, traffic load, and the flow of information.Asset management is handled within the Dragos Platform by parsing traffic for unique source and destination information. All devices can then be graphically represented in a mapped view and organized based on custom zones, so analysts can view a device’s history, last time seen, protocols used, and create alerts for any new device seen on the network. Limited Resources, Vast Network Every organization faces resource constraints. Staffing is the most critical component of protecting any network; however, the market for experienced ICS cybersecurity professionals is low. Some organizations cannot fund dedicated security staff, so the roles are split between operations. For energy providers, customer charge rates can be limited, due to regulatory law, so revenue is not completely based on the open market. The resulting mission is to do more with less. Conclusion NaturEner operates 399MW of wind power for North America and is expanding into Alberta, Canada. As a leader in sustainable, compliant, renewable energy, NaturEner is also focused on protecting its assets and operations. Implementation of the Dragos Platform allows NaturEner to monitor for adversaries, optimize internal resources, and assume a proactive security program. NaturEner can continue to focus on energy generation and delivery, while being confident its infrastructure is protected.

Details

Problems

No IT security guidelines

Shortage of inhouse IT resources

No centralized control over IT systems

Unstructured data

Risk of attacks by hackers

Risk of lost access to data and IT systems

Business tasks

Support Decision Making

Ensure Security and Business Continuity

Similar deployments

prev
next