Benefit from a comprehensive portfolio of well-known security brands, supplemented with functions tailored to the needs of control systems.
Background: In Europe, the protection of critical infrastructures, including energy supply with its control systems, is important to the government. A strong demand for protection of the energy supply is also internationally raised. Malicious software and attacks such as StuxNet and Duqu have shown: Energy suppliers are in focus of cyber attacks, malicious code and cyber espionage, despite their isolated systems.
Secure installation and update (PSIsiu)
With PSIsiu, you can install devices from the platform product families safely and efficiently. You always have an status overview of each individual devices.
From a hardened operating system to the protection of all transmission paths
Secure connection of end devices
The PSIsiu server has all components to be installed at hand: software versions, modules, patches, configuration files, data models, etc. You define a target state and rules for each device. The PSIsiu agent executes everything independently.
From a hardened operating system to the protection of all transmission paths
Secure connection of IEC-60870-5-104 devices with GridConnect components
The proxy acts between control systems and IEC 104 devices. It establishes connections as an IEC 104 master and serves as an IEC 104 slave in direction of the control system. Additionally to the proxy functionality, it offers options necessary for sustainable protection:
Additionally implemented monitoring and filter functions expand the area of application. A command line interface and a web interface are available for configuring. It's powerful hardware offers sufficient reserves to be able to safely operate communication-intensive process couplings with a high connection density. The robust, fanless device design has an extended operating temperature range and allows installation in harsh industrial environments.
With the 19" installation kit, the IEC104 Security Proxy can be installed in 19" racks. The installation kit also enables a redundant power supply for the device.
Devices with the "Telecontrol Gateway" modules meet the standards for software in critical infrastructures
These are based on the specifications of the BDEW Whitebook. The NENUX 6.0 operating system platform offers important upgrades for security in data transmission between the network control center and the telecontrol station.
The SHA512 hash function ensures that passwords are stored securely on the device. With AES256 and SHA256, more secure crypto algorithms are used for VPN communication. VPN encryption is based on Strongswan and uses IKEv2 and Diffie-Hellman Group 14 (modp2048) by default.
Device management is carried out exclusively via the secure protocols SFTP and HTTPS as well as SNMPv3. In addition, rights are defined via user roles. The devices use unique security keys, e.g. B. for the installation of IT security patches. The data partition of the integrated memory card is completely encrypted.
An established, long-term supported kernel is used via regular updates. The kernel offers optimized drivers, virtualization and security support.
All devices are hardened when delivered. Additional measures reinforce this hardening:
From default disallowing to explicitly allowing activities
Conventional programs can only stop known malware but are helpless against new and unknown malware. Application whitelisting technologies work differently:
Instead of blocking malicious code, only allowed activities are permitted. This is achieved by creating a whitelist. Only files with known and correct checksum can be executed. In consequence only valid processes will run. Moreover, only files and network connections that are known and allowed can be accessed by processes.
PSIsecure has a recorder mode that records any access to the infrastructure. From this, rules for application whitelisting can be created automatically.
Get in contact with us! Your questions and requirements are important to us: Via E-mail to info@psigridconnect.de or by Phone +49 721 94249 0.