Challenges

Looking for a secure connectivity solution for remote substations, including for industrial customers who are generating their own power and feeding some of it back into the organization’s Smart Grid.

Solution

Airwall deployed at remote substations that needed secure connectivity over VPLS to the control center. It was also deployed for industrial customer sites that needed secure connectivity over the public internet to the control center.

Wins

This Energy Utility Organization is now able to seamlessly manage remote substations and easily monitor power usage and generation for industrial customers in their Smart Grid.


The challenge

This Large Energy Utility owns, operates, and maintains electricity transmission and distribution systems in and around a major North American city. Their Control Systems team was looking for a secure connectivity solution for their remote substations. They wanted a platform that routed and encrypted traffic between these substations and central offices rather than traditional network security solutions like firewalls or SSL VPNs.

This organization also had industrial customers who wanted to generate their own power. Supporting this would require small energy units onsite. These customers have sub-megawatt generation capabilities (solar panels) that can safely send extra renewable electricity back into the Smart Grid for others to use.

This project, the first of its kind in this region, was exploring two-way power flow on a segment of the electrical grid that had not historically been able to support this. The organization was looking to strengthen the resiliency of their grid and enable future customer opportunities.

The solution

As this organization was looking for a secure connectivity solution, they considered next-gen firewalls and VPNs. However, they quickly realized these options would increase cost and complexity, along with diminishing returns around usability and security.

The team began looking for a solution that was faster to deploy, easier to manage, and that scaled quickly. They landed on Tempered when they learned how easy it was to deploy it to their remote substations. These remote locations connected to their private OT network through a VPLS. The team was also looking for industrial, ruggedized hardware that was purpose-built, low-power, cellular-capable, and able to work in harsh environments. With minor change to the network underlay, the team was able to easily add Tempered hardware and software to encrypt traffic and simplify routing while rendering their industrial devices invisible to potential attackers.

The team also realized that Airwall hardware and software could be leveraged for Smart Grid expansion. Because they had industrial customers who wanted to generate their own power, the team needed a solution that could both secure connections over the internet and easily deploy hardware in a customer’s environment. Tempered Airwall platform addressed these security requirements for better integration of devices at customer sites and added layers of control.

Customer success

As this large energy utility continues to expand and their use cases are better defined, they are finding increased value with Airwall. The ease of deployment and management, industrial-grade hardware, and military-grade encryption is helping serve its industrial customers and secure critical infrastructure.

Taking it further

“We don’t have to spend a lot of time managing our Airwall deployment. Once [the [Airwall] Conductor is set up and device groups templated, it is very easy to onboard devices as necessary

Control Systems Security Specialist

Deployed Airwall Solution Components

Tempered Airwall Conductor

Airwall Conductor:

The team deployed the orchestration engine for provisioning, segmentation, allocation, and revocation of their OT network. The Conductor allowed them to visualize their segmentation and do granular white-listing of the network.

server-2

Airwall Relay:

This identity-based routing device was deployed in the cloud, allowing secure traffic between industrial customer sites and the control center, encrypting traffic over the internet.

Tempered Airwall Gateway 150-series

Airwall Gateways:

Physical Airwall Gateway 150 devices were deployed to protect remote sites and ensure a seamless connection to the control centers.

Additional resources

Secure critical infrastructure with Airwall
Secure Building Automation Systems (BAS) with Airwall
Download Airwall whitepaper - we make networks invisible