You are here
Cyber Shield Demo
In this demo, we will show RAD’s Cyber Shield solution for power utilities – in action!
Cyber Shield uses the SecFlow substation security gateway to isolate industrial control systems – ICS – and automation devices from attack vectors.
It protects not only from attacks on SCADA traffic, but also serves as a NERC-CIP Intermediate System to shield the management plane from malicious actions.
We have here a representation of a power utility communication network. Here is one substation (198) serving two sites, and here is another substation (201) and the areas it serves.
Substation 201 is secure, while this one, substation 198, is unprotected.
Let’s focus on substation 198.
First, we’ll simulate an attack on the data plane, or SCADA traffic, via ARP spoofing.
A hacker (operating from within the network) connects to the switch, which represents communication equipment in the OT network.
He or she is running a malicious script to hijack control of the substations while communicating to the control center that all is well.
We see that lights are turned OFF only in substation 198, the unprotected substation, while as far as central control is concerned, the lights in the area served by this substation are still ON.
Now let’s see what happens when the management plane is attacked.
We see a hacker connecting to the PLC management port. Most PLCs don’t have a user name and password. But even a closed OT network is vulnerable to insider attacks.
In this case, the hacker can easily take control of the PLC after connecting to its management port.
What’s more, there is no record of this anywhere.
Now let’s see what happens when we secure substation 198 by connecting the SecFlow substation security gateway.
When our hacker attempts to attack the SCADA plane via ARP spoofing as before – they fail. We can see that the lights stay on.
When the hacker tries to attack the management plane - they are unable to connect to the PLC management port without authentication from the intermediate system.
Impressive, right? But, that’s not all. RAD’s Cyber Shield provides much more!
It provides secure connectivity for both serial and Ethernet or IP-based connections, including protocol conversion; It provides a detailed log of all SCADA communications; It also performs remote user authentication from inside the OT Network via the Intermediate System:
- When an unauthorized user tries to connect to the PLC in substation 201 via a protected serial port, Cyber Shield will block the connection
- When an authorized user tries to connect to the protected serial port, the Intermediate System allows it and the user can manage the PLC
- Again, all activities are logged
And, it performs remote user authentication from outside the OT Network via the Intermediate System: When an authorized user connects, the Intermediate System allows it and the user can manage the PLC we can review all activities in the Smartlog.
As you’ve seen, Cyber Shield provides comprehensive protection to the substation.
It fits any OT network architecture, as well as serial and TCP connectivity.
Cyber Shield is a cost-effective single box solution that acts as an Intermediate System for remote and local secure access. It provides:
- SCADA-aware firewall
- Intrusion prevention
- Man-in-the-middle attack prevention
- Device connection control
- Event logger
- and anomaly detection