Download PDF
Securing ICS/SCADA Network: A Case Study of Central Hidroeléctrica de Caldas
Technology Category
- Automation & Control - Supervisory Control & Data Acquisition (SCADA)
- Networks & Connectivity - Gateways
Applicable Industries
- Electrical Grids
- National Security & Defense
Applicable Functions
- Logistics & Transportation
- Quality Assurance
Use Cases
- Tamper Detection
- Traffic Monitoring
Services
- Cybersecurity Services
- System Integration
The Challenge
Central Hidroeléctrica de Caldas (CHEC), a major electricity generator and distributor in Colombia, faced a significant challenge in securing its Supervisory Control and Data Acquisition (SCADA) devices. These devices, located in power plants and substations, monitor and control the transmission and distribution networks that deliver power across the regions. However, these SCADA systems were deployed years ago, before cyber security controls were deemed necessary. As a result, they were vulnerable to cyber attacks that could potentially compromise one or more SCADA devices and gain control of vital systems. Furthermore, power plants generating more than 100 megawatts of power and substations transferring more than 115 KW were required to comply with security controls mandated by the Ministerio de Minas y Energía de Colombia and the Comisión de Regulación de Energía y Gas. The challenge was to secure the SCADA devices to prevent network infiltration by attackers and meet governmental security requirements for power generation plants, all while operating in harsh, inhospitable environments.
About The Customer
Central Hidroeléctrica de Caldas (CHEC) is a major electricity generator and distributor in Colombia. It is part of Grupo EPM, the second-largest business group in Colombia. Founded in 1944, CHEC pioneered the delivery of electricity for street lighting in the coffee-growing region of Caldas. Today, CHEC powers 40 municipalities with 100% electricity coverage in urban areas and 99.62% in rural areas, providing power and illumination for almost half a million customers. As the company grew and consolidated its power generation capabilities, it built transmission and distribution networks to deliver power across the regions. These networks are monitored and controlled by SCADA devices located in power plants and substations.
The Solution
To address these challenges, CHEC turned to Check Point's 1200R Ruggedized Gateways and R80 Cyber Security Management. The team designed a proof of concept to test the 1200R Rugged gateway in its environment, installing a gateway in one substation in Monitor Mode and a second system in another substation in online mode. The 1200R gateway, designed for deployment in harsh environments, provided integrated security as part of a complete end-to-end Industrial Control System (ICS) security solution. It enabled full visibility and granular control of SCADA traffic, allowing the team to log SCADA protocols, including commands, for forensic analysis. The R80 cyber security management system provided a single pane of glass for managing security across the SCADA environment, with policy, logging, monitoring, event correlation, and reporting in a single system. Multiple team members could work in Check Point R80 simultaneously without conflict, simplifying management across locations. Check Point Smart-1 5050 Appliances were also used to consolidate management for up to 50 systems, delivering full threat visibility and control of SCADA traffic.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Hydro One Leads the Way In Smart Meter Development
In 2010, Ontario’s energy board mandated that time-of-use (TOU) pricing for consumers be available for all consumers on a regulated price plan. To meet this requirement, Hydro One needed to quickly deploy a smart meter and intelligent communications network solution to meet the provincial government’s requirement at a low cost. The network needed to cover Hydro One’s expansive service territory, which has a land mass twice the size of Texas, and its customers live in a mix of urban, rural, and remote areas, some places only accessible by air, rail, boat or snowmobile. Most importantly, the network needed to enable future enterprise-wide business efficiencies, modernization of distribution infrastructure and enhanced customer service. To meet these needs, Hydro One conceptualized an end-to-end solution leveraging open standards and Internet Protocols (IP) at all communication levels. The utility drew upon industry leaders like Trilliant to realize this vision.
Case Study
Selling more with Whirlpool
Whirlpool wanted to add connectivity to appliances and transform the company's relationship with customers. Traditionally, Whirlpool interaction with customers was limited to purchases made once every ten years. Connected washer and dryers provide exciting new features like remote management of start times and inter-machine communication.
Case Study
SAS® Analytics for IoT: Smart Grid
Companies face falling revenues, rising infrastructure costs, and increasing risk of outages caused by inconsistent energy production from renewable sources. Less money is coming in as more people and organizations take steps to curb their energy use. Utilities are paying more to maintain and build infrastructure due to increasing complexity, resulting from the rising number of intermittent and variable renewable energy sources connected in the distribution grid.
Case Study
Enel Secures Italian Power Generation Network
Electric energy operators around the world are working to increase the reliability and cyber resiliency of their systems. This includes Enel, a global power company that manages and monitors the Italian power grid. This grid:• Serves 31 million customers• Has a net installed energy capacity exceeding 31 gigawatts• Includes more than 500 power generation plants,including hydroelectric, thermoelectric, and wind• Is managed and monitored by Enel 24/7/365• Is operated by Terna, the Italian Transmission System Operator (TSO)Enel is responsible for the availability of the grid’s underlying ICS and industrial network. It also manages Regional Control Centers and Interconnection Centers which connect with the TSO. The TSO manages the flow of energy to the grid plus controls and remotely regulates the power generation of power plants, increasing and decreasing power production as required. The complex system of interaction and cooperation between Enel and the TSO has strong security implications as well as operational and business challenges.
Case Study
IoT based Energy Quality Availability Monitoring Solution
There were several challenges faced:Since this data would be in the public domain, accuracy and authenticity of this data were of paramount importance. It should be able to withstand scrutiny.It is challenging to build an appliance that can withstand a wide range of voltage fluctuations from as low at 90v to as high as 320v. Since the device would be installed in remote locations, its resilience was of paramount importance.The device would have to deal with poor network coverage and have the ability to store and re-transmit data if networks were not available, which is often the case in rural India. The device could store up to 30 days of data.The platform that deals with the data should be readily available and highly reliable and never lose a packet of data.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.
