The demand for more greater energy efficiency and the commoditization of connectivity have made the smart grid an inevitability.
It’s easy to get caught up in the rush for smart grid support. However, while the world analyzes the efficiency of a more connected utilities industry, you’re left wondering how to maintain security.
The era of the smart grid is here—it’s time we focus on making security practical.
Stay Grounded Despite the Hype of Fog Computing
The value of the smart grid isn’t just lessening environment impact through energy efficiency. Utility companies stand to reap attractive benefits as service providers, such as:
- Having autonomous, self-healing systems throughout the grid
- Cost reduction in grid maintenance
- Optimization of asset utilization
Smart meters and Internet of Things (IoT) sensors can help you achieve these benefits. But you also need a new computing model that modernizes your infrastructure and helps consumers access shared resources. This is why many utility companies are starting to favor Cisco’s fog computing model.
As you move away from your traditional serial connections or point-to-point infrastructure, you may move from Ethernet connectivity all the way to IoT adoption to keep up with competitors. However, you know that security applications and devices can’t be intrusive to your smart grid network—you need passive solutions that also help you defend against the rising tide of Industrial Ethernet attacks.
It’s nice to think about all the benefits that the smart grid offers and how you can best deploy more modern services. But don’t get ahead of yourself with the smart grid hype.
Take a step back and think about how you’ll actually set up new (and necessary) security devices.
Connectivity Basics for the Edge-Focused Smart Grid
We’ve talked about chaining the edge for secure IT environments, but things are a bit different for the smart grid because of its data injection limitations.
To secure your smart grid, you need network TAPs that allow you to connect your new intrusion detection systems and other security appliances without disrupting traffic. This is why aggregating network TAPs are most common for utilities—they capture 100% of your traffic off the wire and send copies to your security and monitoring solutions.
Using aggregating network TAPs to connect your security appliances and defend the smart grid helps solve a few unique challenges for utility companies:
- Speed Conversion: Even as you move to the smart grid, you’ll likely still have plenty of 100M tools. In this case, you can tap your 100M tools and aggregate them to new 1G monitoring/security appliances. Keeping your long-standing 100M tools will help you maintain stability so moving to the smart grid doesn’t disrupt mission-critical services.
- Eliminating SPAN: Some of your older technology might not even support SPAN ports for connectivity. But as you upgrade, you might be tempted to copy SPAN to monitoring ports—and because SPAN ports are bidirectional, hackers can get in and wreak havoc on your utility services. Using network TAPs eliminates the need for SPAN ports and are invulnerable to hacking because they aren’t network-connected.
- Supporting Substations: As your substations gain connectivity, you open yourself up to attacks. If someone takes down a New York City substation, and it’s the middle of summer, people could literally die because AC units aren’t working. Your substations usually have much lower speeds than your main network, so you have to be aware of the varied security and monitoring needs of your smart grid. This scenario is an extension of speed conversion. You might typically tap 100M and aggregate to 1G, but for substations you might have to convert 1G down to 100M for proper connectivity.
No matter your unique networking needs, there’s one thing to keep in mind—network TAPs are the only way to guarantee visibility for your security and monitoring solutions.
If you want to dig deeper into the topic of smart grid/Industrial Ethernet security, download our free white paper, Defending the Industrial Ethernet, and see how you can overcome connectivity challenges.