The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Post

HardSec Can Secure Private LTE Wireless Networks Today and Well into the Future

image credit: © Artur Szczybylo | Dreamstime.com
Ronald Indeck's picture
CEO Q-Net Security

Ronald Indeck, PhD Dr. Indeck is the CEO of Q-Net Security, an industry-leading company protecting critical national infrastructure and government systems from cyberattack. He is also a Director...

  • Member since 2021
  • 3 items added with 891 views
  • Sep 30, 2021
  • 892 views

This item is part of the Special Issue - 2021-09 - LTE Networks, click here for more

Everyone in the electric utility business today must be concerned about the daily reports of cyber breaches across a wide variety of vertical industries. Significant compromises, such as the recently reported cyberattack of the Oldsmar, Florida water utility, demonstrate the ability of cyber criminals to access SCADA systems and place the public at risk.

It would be natural for electric utility managers to question if their systems might be as vulnerable and if their citizens are equally at risk.

Your access to Member Features is limited.

This is, of course, a serious situation and highlights how vulnerable electric utilities can be. And the stakes are so very high – this is not just a nuisance, lives are at risk!

Fortunately, there are simple, cost-effective solutions on the market to protect electric utility systems and other critical national infrastructure and prevent attacks, like the one in Florida, from ever happening.

SCADA systems, such as those used extensively in electric and other utilities, are an ongoing source of concern for organizations and their OT/IT staffs due to their continuous need for patching (to address new compromises), their age (many devices have software and/or operating systems that are near end-of-life or are already deprecated), and their fundamental lack of provable security.

The good news is that there is a new class of solutions that can immediately lower the risk of cyberattack for utilities with an easy to drop-in, no-maintenance solution – hardware-based security solutions, or HardSec for short.

These solutions are provably secure as they are built with immutable hardware that cannot be changed or modified by accident or by criminal intent. By being hardware-only, the implementation can be as easy as plug-and-play and create a secure network overlay. The endpoints need not be modified as no agents or other applets need to be installed. Instead, the HardSec devices conduct the required cybersecurity tasks. This is especially important for older systems that may be fragile and burdening them with cybersecurity tasks can easily overwhelm them.

Likewise, the networks do not need to be modified as the overlay can be implemented on almost any network – from satellite to LTE to fiber or copper Internet connections. In fact, a HardSec solution can be strong enough to positively secure public networks and drop into private LTE networks such as an Anterix implementation so even remote utility resources can be controlled securely without the risk of malicious access through the network. And since the functionality is embedded in immutable hardware, these devices never need to be patched or updated… making them truly maintenance-free.

The new advanced install-and-forget HardSec solutions will protect well into the future as they can be classified as quantum compute-resistant. Yet most implementations can be installed quickly, protecting critical networks immediately. Finally, HardSec solutions can usually be included in the utility rate-base as plant investment.

Q-Net Security, an innovative cybersecurity company based in St. Louis, Missouri, recently implemented this unique HardSec solution at an industry-leading US renewables energy company. By simply dropping in these HardSec devices this company was able to quickly and cost-effectively implement a provably secure solution to protect critical infrastructure within their environment.

The Q-Net solution functions equally well regardless of the type of network, be it the Public LTE, satellite or the Anterix 900 MHz private LTE network. As an Anterix ecosystem partner, the Q-Net solution has been validated as “market-ready” to provide endpoint cloaking today and well into the future for our electric utilities

Ronald Indeck's picture
Thank Ronald for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Matt Chester's picture
Matt Chester on Sep 30, 2021

What's the typical timeline of an enterprise going from one of the previously installed SCADA systems to the new type of solution you're talking about here? 

Ronald Indeck's picture
Ronald Indeck on Oct 6, 2021

Matt,

 

The Q-Net solution does not actually replace an existing SCADA system. Rather, we complement what currently exists in an electric utility network by creating a secure network overlay, with no changes required to the network. Q-Net devices are plug and play and can typically be installed in minutes to protect any type of endpoint, regardless of age or type of device.

Julian Jackson's picture
Julian Jackson on Oct 7, 2021

Thanks, this looks interesting. Are these installed in main control centers, or are they able to be deployed at substations or DERs, etc. as well? Perhaps it would be helpful to upload a pic of the device in situ, so we can visualize it.

Ronald Indeck's picture
Ronald Indeck on Oct 8, 2021

Julian:

 

Thank you for your question and suggestion ... we have included a schematic below.

 

We typically install our in-line devices near the distributed energy resources (wind turbines, solar arrays, substations, ...) that can connect into a complementary device in front of the DERMS (usually in the NOC/SOC).  This drop-in solution doesn't use endpoint agents or need network modifications, and never requires patching.  Hopefully the diagram below provides a good notional overview.

 

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »