Cyber Security Threat in Energy Sector
Since the cyber attack of Ukraine’s power grids in December, 2015, it is clear that traditional ICS, SCADA and off-the-shelf operating systems in substation present imminent vulnerabilities for cyber attack. As the OT networks in critical infrastructures and IT-based control layer devices are more and more interconnected, there have been more loopholes exposed to cyber intruders. Since the energy infrastructures are highly critical to the economic well-beings of the societies, a successfully penetrated attack would cause devastating effects to the enterprises, the government and the people. Therefore, it is necessary to implement an industrial-grade network gateway to secure the industrial communication networks and protocols as most cyber attacks come from this channel.
Designing a Communication Platform for Substation Cyber Security
An industrial cyber security solution provider headquartered in Beijing, China, came to Lanner for designing and developing a new hardware platform tailored for cyber-security implications for IT/OT convergence in the power grids, power plants and substations. The required communication platform must fulfill several technological prerequisites in order to work in the power-generation sites.
- EMC certifications required for power sectors
- Comply with NSAS (Network Security Audit System)
- IEC 61850-3 certified for energy and critical assets
- High-performance CPU to process huge data volume
- Multiple Ethernet interfaces for optimal connections under harsh environments
- Scalability to adapt into demanding environments
- Wide operating temperature
IEC61850 Certified Network Security Gateway
With the above-mentioned technological requirements in mind, Lanner introduced LEC-3230, an IEC-61850-3 certified 2U rackmount industrial gateway empowered by Intel® Core™ i7-3517UE CPU. The fanless system supports wide operating temperature (-20 to 55°C) and has passed EMC and NSAS tests required for deployments within critical assets.
LEC-3230 is empowered by high-performance Intel® Core™ i7-3517UE CPU to process huge volume of data and perform various cyber security applications in an efficient manner. The system supports rich Ethernet configurations, with 4 + 4 GbE or 4 + 8 GbE LAN ports, which support 10/100/1000 Gigabits transmission specifications. The design of rich, scalable Ethernet ports allows multi-purposes of cyber security functions including DPI (Deep Packet Inspection), IPS (Intrusion Prevention System), web/protocol filtering, data encryptions, DDoS prevention and more.
Regarding future-proof design for connectivity scalability, LEC-3230 also comes with options of add-on, expandable I/O module cards, including:
- 4 x 10/100/1000 RJ45 GbE
- 8 x 10/100/1000Mbps RJ45 GbE
- 2 x RJ45 + 2x fiber GbE
These modules provide the flexible Ethernet configuration of your choices, allowing system integrator to select their LAN modules to meet their individual needs.
For Serial port connectivity, LEC-3230 comes with 2 + 8, or 2 + 16 isolated serial COM ports with RS-232/422/485 signals. The high serial density allows connections with various industrial devices through RS-232, RS-422 or RS-485 connections. Both the Ethernet and serial interface types are designed with ruggedized measures against surge and magnetic which may occur in power substations.
To provide high availability services in substation, LEC-3230 has been IEC-61850-3 certified on electromagnetic interference, temperature range and shock/vibration tests. As required for critical infrastructures, LEC-3230 has passed EMC standards and NSAS (Network Security Audit System) tests.