Improving Performance, Security and Compliance for Utilities/Energy Networks

Over the past several years, the Smart Grid movement has taken utilities by storm as they look for ways to replace aging infrastructure and create clean, sustainable energy for the future. Electric, gas, oil and water providers around the world are embracing IP-based Smart Grid technologies to improve reliability and efficiency while reducing costs.  

The list of Smart Grid benefits is long and varied, providing value to everyone from the energy provider all the way down to the consumer. Unfortunately, Smart Grid also introduces new network monitoring and security concerns for utilities, as traditional analog technology is converted into IP-based systems. With Smart Grid, infrastructure not originally intended for the Internet quickly finds its way online and is made more complex with the addition of new technologies and data. The more utilities infrastructure evolves and becomes more connected to the World Wide Web, the more critical comprehensive monitoring becomes, as cyber criminals find ways to compromise systems and exploit the Smart Grid for profit and other insidious motives.

 

StealthWatch helps utilities comply with the following standards:
SCADA Security SCADA security compliance requires that proper controls are put in place to minimize risks associated with industrial control systems, which monitor and control processes for delivering critical resources such as electric power, water, oil and gas. Alongside other measures, SCADA system operators must ensure that the control network is kept entirely separate from other network segments to maximize security.  
NERC CIP The North American Electric Reliability Corporation (NERC) has developed mandatory Critical Infrastructure Protection (CIP) Cyber Security Standards to protect the Critical Cyber Assets that control or affect the reliability of North American bulk electric systems. Approved by the Federal Energy Regulatory Commission (FERC), compliance with these standards is mandatory for all organizations involved with the country’s bulk electrical network. 
FISMA/NIST The Federal Information Security Management Act (FISMA) requires federal agencies to implement and maintain a formal, comprehensive information security program to protect government assets. To support FISMA compliance, the National Institute of Standards and Technology (NIST) developed the Risk Management Framework (RMF), a set of standards and guidance for agencies to follow in order to cost-effectively manage security risks. Since industrial control systems are an integral part of U.S. critical infrastructure, these regulations also apply to non-federal organizations, such as utilities, that interact with control systems. 

In addition to the Smart Grid movement, several other factors make stronger network security and control an absolute necessity for utilities and energy providers.

  • Due to the criticality of utilities and energy providers in our daily lives, they are a prime target for cyber terrorists and others (disgruntled employees, competitors, extortionists, etc.) who wish to make a big impact. 
  • The consequences for attacks on utilities and energy providers are massive, ranging from widespread outages and safety concerns all the way to loss of life. 
  • Cyber criminals are quickly turning to physical systems as one of their next big targets. This was recently evidenced with the discovery of the Stuxnet worm in 2010, which specifically targeted control systems found in nuclear power plants. Stuxnet was the first automated malware that specifically attacked and modified industrial control infrastructure. The worm was actively compromising hosts for more than a year before it was discovered. 
  • Evolving industry standards and regulations such as NERC CIP and FISMA/NIST are forcing utilities to take a closer look at their infrastructure to meet tougher compliance requirements. 

StealthWatch® Provides In-Depth Visibility for Enhanced Operations and Protection

All of these factors point to the need for a more comprehensive means of monitoring utilities networks on a 24/7 basis. With StealthWatch by Lancope®, utilities can obtain end-to-end, in-depth visibility into what is going on in the network at any given time, at a fraction of the cost of traditional solutions. By analyzing NetFlow™ and other flow data from existing routers and switches, StealthWatch unifies security, network and application performance monitoring, providing the actionable insight needed to troubleshoot a wide range of issues across the entire network. Flow collection and analysis technology fills in the gaps where traditional network and security technologies leave off, dramatically reducing the time from problem onset to resolution and keeping utilities/energy networks secure and reliable. 

Additionally, with such massive, geographically dispersed operations including many remote offices and mobile field technicians, traditional network and security tools often do not scale to effectively meet the needs of utilities networks. StealthWatch is scalable up to 3.0 million flows per second, and is cost-effective and easy to manage to support even the largest networks. Using its StealthWatch FlowSensor™ technology, StealthWatch can also monitor and protect virtual environments, as well as other environments that do not inherently support flow data, leaving no area of the network unmonitored. 

StealthWatch enables utilities providers to:

  • Provide a complete account of all IP communications 24x7x365
  • Improve security, network and application performance
  • More quickly troubleshoot network and security issues
  • Reduce service interruptions and increase reliability
  • Avoid widespread outages and other disasters
  • Achieve and maintain compliance with industry regulationsIncrease operational efficiency and cut costs
StealthWatch Capabilities
Behavioral-Based Monitoring & Anomaly Detection

StealthWatch continuously monitors the entire network to detect, prioritize and alarm on behavioral anomalies that indicate potential threats to utilities operations. Since IP-based SCADA networks are extremely easy to baseline, they are ideally suited to benefit from flow-based anomaly detection. In addition to uncovering external attacks such as worms and botnets that often bypass signature-based defenses, StealthWatch also detects insider threats including policy violations, network misuse, unauthorized access, data leakage and misconfigurations, which also put utilities at risk. 

Comprehensive internal monitoring is key for utilities, as threats to SCADA systems do not always come from malicious sources, but can also be caused by other issues such as employee errors and equipment failures, which are often not detected by other technologies. In a survey of utilities and energy companies conducted by the Ponemon Institute, 43 percent of respondents stated that the top-ranked security threat their organization faces is negligent or malicious insiders, and that it is the number one root cause of data breaches.1In addition to detecting anomalies, StealthWatch also enables users to easily separate SCADA systems from other network segments, and create granular policies that govern which types of communication can take place within the SCADA system. Alongside helping to combat security threats, the system allows utilities to maintain high performance levels for both the network and mission-critical applications, enabling continuous, reliable service to customers. 

1- State of IT Security: Study of Utilities & Energy Companies, Ponemon Institute, April 2011, http://q1labs.com/resource-center/white-papers/details.aspx?id=99

Application & Identity Awareness In addition to providing broad visibility across the entire network, StealthWatch can also drill down into specific applications and user accounts to pinpoint the exact cause of issues. These capabilities enable utilities to conduct faster, more efficient troubleshooting and forensic analysis, reducing service interruptions and the resulting business impact. They also provide another important layer of security – user accountability – to help prevent intentional or unintentional compromises caused by employees and others with privileged access to critical systems.
Compliance

As the multiple industry and government standards applicable to utilities evolve and become more stringent, electric, gas, oil and water providers will need to be more aware of what is going on inside their network to effectively demonstrate compliance. StealthWatch provides unparalleled levels of visibility, accountability and measurability into both individual host and broad network communications to enable organizations to achieve and maintain compliance. Through advanced capabilities such as user tracking, Host Group Locking (to protect sensitive systems) and Relational Flow Mapping (providing real-time, graphical views of network traffic), StealthWatch makes it easier for utilities to develop and enforce compliance policies, as well as provide proof of compliance to organizations such as NERC, FERC and public utility commissions. Demonstrating compliance is typically an arduous task requiring hours of manual report compilation. With StealthWatch, utilities can select from more than 270 reporting components to create intuitive, on-demand compliance dashboards with ease. 

StealthWatch enables utilities to demonstrate compliance by:

  • Providing an inventory of all assets on the network and baselining normal behavior to detect anomalies
  • Separating sensitive systems like SCADA from other network segments through Relational Flow Maps and Host Group Locking technology
  • Continuously monitoring for network and application-level activities that pose a risk to the SCADA system 
  • Detecting, prioritizing and optionally mitigating security threats
  • Tying threats to individuals involved to increase user accountability
  • Greatly simplifying the creation of compliance reports

Customer Testimonials

Benefits Testimonial
Better Security & Control for SCADA Systems

“With StealthWatch, we can identify security threats, capture statistics and data streams for capacity planning, enforce usage policies, and solve performance problems much faster. It also enables our staff to respond to network threats and outages quickly and intelligently, reducing business impact.”

“There are considerable security risks associated with even the smallest changes to the [SCADA] system. StealthWatch proved its value immediately by helping us determine the security and effectiveness of our SCADA changes in real time.” 

Henry County Water & Sewerage Authority

Greater Network Intelligence & Streamlined Workflow

“The depth of analysis and information available from StealthWatch is astounding. The reports it produces—either scheduled or on-demand—are excellent and easy to understand. Its ease of configuration and self-tuning reduces ongoing maintenance efforts. And its accuracy and integration within our existing environment provide ongoing security assurance for our network.”

ElectraNet