In our day and age, high-tech companies face ever greater challenges. In addition to digitalization and the rapid pace of progress in technology, guaranteeing data security has become one of the biggest concerns. Especially major infrastructure facilities like energy utilities represent an obvious target for sabotage.
Wiener Netze, the largest combined network operator in Austria, uses Data Diodes made by Advenica, one of Europe ‘s leading providers of cybersecurity solutions, to provide complete protection for SCADA systems in operational technology. The listed Swedish company produces and sells future-proof and sustainable cybersecurity solutions at the highest level that protect against hacking, theft and data loss.
Security for critical infrastructure
Being ranked among the most innovative providers across Europe, Wiener Netze reliably delivers electricity, gas, district heating and data to millions of people in Vienna and its suburbs. Power generation, trading and distribution were separated from network operation at Wiener Stadtwerke once the utility market was liberalized at the start of the millennium. As a consequence, the electricity, gas and district heating network as well as a telecommunications network were bundled and integrated into Wiener Netze. And Wiener Netze already has another forward-looking project underway: the largest smart meter rollout in the German speaking regions. By 2020, nearly 80% of all served households will be equipped with a digital electricity meter.
Using over 30,000 km of power cables laid across Vienna, the network operator serves two million people and boasts a supply reliability of 99.99%. So, it belongs to the most secure and reliable networks of the world. Previous key investments focused on primary technology, for instance on the type of transformer to be built and the dimensioning of the power cable ‘s cross section. As digitalisation progresses, investments in IT are now clearly dominating. With the aim of offering its customers a persistently high standard in power supply, Wiener Netze is increasingly investing in automation, like for the end-to-end monitoring of individual components in the energy streams.
In addition to infrastructure, the much-debated energy transition and the integration of renewable energy sources also constitute major challenges for Wiener Netze. A growing number of private wind turbine and solar energy system operators want to feed the electricity they generate into the grid. The main drawback for electricity utilities is the volatility of renewable energy sources. For instance, when a wind farm breaks down and suddenly stops generating electricity, real-time systems need to identify and compensate for the effects as quickly as possible. By the similar token, the installation of charging points for eMobility requires greater intelligence and flexibility in the network.
Real-time analytics ensure a quick response
These are key topics of today and tomorrow where information security plays a vital role. Suppliers need to be perfectly structured in order to determine where segmentation is possible, where limits need to be set and where to implement a shield in the event of an imminent threat to ensure that the system as a whole does not suffer damage. Therefore, it is very important for businesses to take effective preventive measures not only to minimise damage in the event of an attack but also to thwart the attack ahead of time.
Advenica offers certified top-security solutions
The largest combined network operator in Austria relies on a product provided by the Swedish cybersecurity company Advenica. Advenica is one of the few companies that has been issued numerous security certifications (Secret UE / EU Secret, Swedish Hemlig/Top Secret, NATO Confidential and the national security certificate in Austria). When implementing its high-security solution on the basis of the Data Diodes, Advenica physically isolates the SCADA systems in the operation technology of Wiener Netze to warrant full protection and, at the same time, guarantee absolutely secure communication.
“It was absolutely vital for us to find a partner for this sensitive issue whom we can trust blindly and whose components come with the appropriate security certificates."
By ensuring a hardware-based optical separation of networks, the Data Diode warrants that information can travel only in one direction. The high-end product was developed to meet security requirements of the highest level and can be integrated into any system.
“As the law obliges us to provide proof of our security, it was absolutely vital for us to find a partner for this sensitive issue whom we can trust blindly and whose components come with the appropriate security certificates," explains Roman A. Tobler who is head of Digital Information and ICT Governance at Wiener Netze GmbH.
Wiener Netze operates 47 substations and about 12,000 transformers in Vienna. A typical application for Data Diodes is the automatic switch in a substation, which needs to be controlled from various sites. For security reasons, this part of the network is not allowed to access the internet and must be segregated. It is monitored using a SCADA system. If the network is compromised and measurements are manipulated or simulated, the power supply of an entire district may be interrupted, and attackers could even cause a blackout.
Using SecuriCDS Data Diodes to protect SCADA systems
Due to the convergence of modern IT infrastructure, companies like Wiener Netze are no longer able to operate with two or more different IT systems. Therefore, secure air gaps are needed at the network ‘s interfaces – for example between the office and the OT network – to quantify the amount of electricity and gas that has been directed through a specific pipe, check where disruptions occur and establish which information needs to be notified to the authorities. And this is precisely the point where Data Diodes are put to use as well, allowing communication to travel in one direction while preventing it from travelling in the other direction by means of both physical and galvanic isolation. Once this has been ensured, the network can no longer be compromised – not even at transfer points to adjacent network operators.