Power & Renewable Energy

   Jul 05, 2021 | Radiflow team

With the migration to renewable energy sources on the rise, their role in the overall national power supply has become critical. As such, renewable energy firms’ automation (SCADA, IIoT) systems have become a primary target for hackers, including well-funded state-sponsored hacker groups.

Renewable power plants are usually located in remote, isolated areas, and they tend to have a complex composition of stakeholders, including the plant owners (who usually operate several sites), the system integrator in charge of ongoing operation and maintenance, and the power utility that purchases the electricity.

Adding to the complexity is the interconnectedness of DER (distributed energy resources) grids, which introduce network risk to renewable energy plants from across the entire distribution system.

In addition, renewable energy operators are subject to a host of security and environmental regulations. It’s not surprising, then, that despite the technological advances and innovation, renewable energy operators have yet implemented adequate OT network protection and risk mitigation measures.

Challenge: securing Reneable Energy Facilities

Power generation facilities of all kinds face complex operational scenarios that lead to multiple vulnerabilities, due to the sheer number of components and the gradual addition of IT/OT connectivity

Also, the dispersed nature of renewable energy networks makes “inside job” easier and requires sending large volumes of network data from remote locations to a central SOC for analysis.

Another challenge is the danger of politically-motivated malicious attacks. As with conventional energy facilities, renewable energy facilities may be targeted as part of global cyberwarfare, on top of profit-motivated hackers

Challenge: Cyber Security for Distributed Power Plants

Securing ICSs, and in particular national-critical infrastructures, requires a structured process for planning and implementing an effective hardening plan:

  1. Network modeling and visibility: this stage involves creating a model of the renewable energy facility’s complete network, including topology, device properties, state, vulnerabilities and potential inter-zone attack vectors; protocols and ports, etc. The result is a virtual model which can be used for OT-BAS (breach and attack simulations), as well as providing complete network visibility.
  2. Risk assessment: this stage includes simulating relevant breach attempts using the virtual model to provide an accurate risk-assessment for the entire network.
  3. Implementation: The simulation data enables generating an ROI-optimized OT security plan matching the user’s security preferences and budget constraints, and provides the user with key indicators and reports for the network’s risk state. The user is presented with a prioritized list of mitigation measures toward strengthening and optimizing OT security, in accordance with IEC62443.
  4. Long-term security management: The facility’s OT network is not static, and the security system takes this into consideration, allowing for the addition of new components and updated software. The key to long-term system security is ICS network monitoring, which provides constant identification and mitigation of breaches as well as changes in the risk posture due to newly evolved threats.

Radiflow solutions for Renewable Energy and Power Plants

Radiflow offers a range of cybersecurity solutions which have been designed especially for OT systems. Even the complexities of securing a remote renewable energy plant can be undertaken with Radiflow’s innovative threat detection and risk-assessment systems:

SEE (VISUALIZE) – Radiflow’s iSID, industrial threat detection and monitoring system, generates a visual model of the entire facility network including assets, connections, protocols, and vulnerabilities.

KNOW – Radiflow’s CIARA industrial risk assessment and management platform uses the iSID data along with MITRE ATT&CK and other resources to thoroughly understand which threat actors and attack tactics are most relevant for testing. By using non-intrusive threat intelligence based breach and attack simulations it is possible to assess the effectiveness of corresponding mitigation measures (IEC62443-compatible).

ACT – Prepare and implement a security roadmap based on the organization’s long-and short-term security preferences (e.g. strengthening a single business unit vs. reducing overall risk) as well as budgetary constraints.

MONITOR – Detect abnormal behavior indicating breach attempts and changes to various BMS components and continuously monitor the network at the corporate SOC or offsite. Designed especially for OT, Radiflow’s solutions support all relevant OT protocols (e.g. BACnet, Profibus) for accurate modeling and anomaly detection (new devices, topology changes, abnormal memory access, and firmware changes) as well as ethernet and serial interfaces for modern and legacy devices.

Additional Resources

Skip to content