Communications, Data Hardening, and the Smart Grid
Author: Dominic Iadonisi, Senior Field Application Engineer, iS5 Communications
The Smart Grid continues to expand and gather new functions as needs expand. Automated metering, relay operation, RTU operation, electric management systems, remedial action schemes, SCADA, field reclosers, Synchrophasors, remote access, weather, and earthquake monitoring and future needs still yet to be identified. All these operations require low latency, low jitter communications network. The data being transported and the devices functioning on the network require a secure, authenticated and guarded system to operate. Data hardening implies that the data moving across the system is protected and monitored to ensure transmission of mission critical operational information.
There are three primary communications protocols, Modbus, DNP3, and IEC61850, with numerous secondaries. Modbus is primarily poll based and not real-time. DNP3 operates in near real time while using TCP messaging as it requires an acknowledgment and real time if exceptions are used. IEC61850 is a real-time protocol that requires high time accuracy. IEEE 1588 Precision time protocol is the current high accuracy time protocol that utilizes IP networks. It uses Ethernet networks primarily as the transport conduit and requires hardware enhancements to the network switches and routers to perform optimally, producing time accuracy down to the low nanoseconds. IRIG is another common high accuracy time system that is supported out of band using coax and serial connections to reach the relays, RTUs, and other end devices in substations. Precision time protocol uses the Ethernet network to reach those same end devices.
The Smart Grid has moved toward the use of IP networks and away from serial and other slower connectivity technologies. This has created the potential for issues with hacking, viruses, malware, ransomware, denial of service and other devious activities that can be performed externally and internally. Control systems of all types, whether Electric, Industrial, Manufacturing, and even Transportation are focused on SIA- Safety, Integrity, and Availability. The sacred operational triad. What you don’t see here is Security. Another acronym, CIA, is also very valid; Confidentiality of the data, Integrity of the data and the Authentication of the data. Looking at current security tools there are technologies available that can help create a security perimeter around and within assets that are part of the SIA triad. Stateful firewalls utilizing tested/validated rulesets control data access to only identified source and destination devices/systems. Intrusion Detection (IDS) monitors that data as it is passing and looks for data behavior that can result in system misbehavior and failure. Virtual Private Networks encrypt data that is passing across networks that you may not control and may be exposed to bad actors. Access Proxy operations control access to end devices and manage who can access these systems and monitor what they are doing and log it for later analysis in case of issues/outages.
Adding security to control systems is necessary but it requires a detailed understanding of potential control system interactions which may not be either an IT or OT area of expertise. This requires training and understanding of both control system operation and communication network operation. IEC62443 and NERC CIP are security standards that provide guidance for communications networks and control system operators (NERC CIP for Electric Utilities, IEC62443 for Industrial systems).
iS5 Communications has created a platform that incorporates the standard communications functions for Layer 2 and Layer 3 environments as well as incorporating the needed security applications to create more secure IP based systems. High speed Ethernet switching, VLANs, aggressive redundancy support (with Rapid Spanning Tree, HSRP, and PRP), multicast handling (with IGMP), IP routing with redundancy, MPLS, and aggressing QOS/COS. Couple that with stateful Firewall, Intrusion Detection, Virtual Private Networking, Role Based Authentication (RBAC), and Access Proxy functions that protect the network, protect the data, define user access and watch for bad IP data behavior. The RAPTOR® is the next step in integrated network communications/security appliances designed for harsh operating environments.
what our clients say
Thank you again for working with us to enable this functionality on a one‐off situation. Your willingness to develop a new version of the iDMS software just to support us is greatly appreciated and shows that iS5Com is willing and able to go above and beyond the status quo. Please extend our appreciated thanks to all of your team who assisted in this development.Travis Phifer, Projects Manager
It was our pleasure to meet with you guys and get excellent information on your company and capabilities! I feel really confident that we'll have an excellent working relationship as we strive to use your products as our standard offering.Patrick Avery, General Manager, Automation
We, NASMA TELECOMMUNICATIONS LLC, Oman, have installed various models of iS5 Communications Inc. networking devices in our projects and are pleased with their performance and interoperability.Naresh Pai, Regional Head, Telecom & Security
We had a chance to test the updated switches this morning. It’s a night and day difference. Performance is much better. We’re ready to head out to the field.Andrew Spurgeon, Manager, Product Management
iS5 provides a solid, hardened product that meets my utilities needs for a very competitive price. Features such as 1000BaseT Ethernet, fiber optic uplink options, POE, secure protocols for administration, standards-based management and solid user interface provide excellent value for the money. So far, all the units have been working perfectly with no issues, some of them have been in place for over a year.Rett D. Walters, Manager of Information Technology
Have a question? Want to get pricing information? Let us know through the links below!