David: With the migration to smart grid I have many more devices interconnected than I used to in the past, which means that my grid can be disrupted from anywhere, by anyone with access.
Mark, RAD Engineer, Utility Communications: That’s exactly right. The centralized firewall approach is no longer effective for utilities. If an attacker can gain access to a connected device in the internal network, the entire grid can be hacked.
So your security solution should assume an insider attack scenario and protect the distributed assets. We offer the ruggedized RADiFlow Ethernet switches with built-in firewall/VPN. Local access with malicious intent to a device is feasible and can’t be fully prevented. That’s why RADiFlow’s target is to detect abnormal behavior at the application-level by infected devices and block them before they cause damage.
David: Shouldn’t I just take all the knowhow IT departments have developed over years of protecting corporate networks and implement them? Why is my network different?
Mark: Utilities applications have different characteristics:
The end-devices are mission critical – implementing frequent anti-virus patches on them is not realistic. Security needs to be layered on top so that updates will not bring down the end devices
There are many legacy end-devices we can’t add security to; the best solution is to add it in the access network
Utility applications are very limited. The preferable solution is to deploy white-listing security measures, rather than the black-listing measures that are used in the enterprise world
David: Ok, so you convinced me I need to layer security everywhere in my network. But what about cost? I’m thinking not just about the upfront investment but also about management and maintenance down the line.
Mark: We want to prevent added cost and increased network complexity as well. That’s why we offer RADiFlow, which is a fully functional ruggedized Ethernet switch like the ones you have everywhere in your network, except that we incorporated firewall and VPN capabilities into the switch itself. Its the only truly secure switch in the market and you get multiple functions in a single device.