Resilient Networks through Security

Protect control systems from cyber attacks

Security Portfolio Especially for Control Systems

Benefit from a comprehensive portfolio of well-known security brands, supplemented with functions tailored to the needs of control systems.

 

Background: In Europe, the protection of critical infrastructures, including energy supply with its control systems, is important to the government. A strong demand for protection of the energy supply is also internationally raised. Malicious software and attacks such as StuxNet and Duqu have shown: Energy suppliers are in focus of cyber attacks, malicious code and cyber espionage, despite their isolated systems.

 

PSIsiu - Configuration Management

Secure installation and update (PSIsiu)

 

  • you need to put many devices into operation at the same time?
  • you must ensure devices are all up to date?
  • you must log any installation of patches?

With PSIsiu, you can install devices from the platform product families safely and efficiently. You always have an status overview of each individual devices.



Commissioning
of Devices



Updates
for Devices



Backup
and Logging



Central
Device Registry



Ease of Use
for Operators



Comfortable
Device Replacement

Secure Process Coupling with GridConnect Software

From a hardened operating system to the protection of all transmission paths

 

 

Functionality

Secure connection of end devices

The PSIsiu server has all components to be installed at hand: software versions, modules, patches, configuration files, data models, etc. You define a target state and rules for each device. The PSIsiu agent executes everything independently.

Secure Process Coupling with GridConnect Software

From a hardened operating system to the protection of all transmission paths

 

 

IEC-104 Security Proxy

Secure connection of IEC-60870-5-104 devices with GridConnect components

The proxy acts between control systems and IEC 104 devices. It establishes connections as an IEC 104 master and serves as an IEC 104 slave in direction of the control system. Additionally to the proxy functionality, it offers options necessary for sustainable protection:

  • Protocol check of involved components
  • Filter for incoming and outgoing data
  • Monitoring mode
  • Easy migration
  • Transparent installation< /li>
  • (D)DoS avoidance
  • Statistics and alerting

Additionally implemented monitoring and filter functions expand the area of ‚Äč‚Äčapplication. A command line interface and a web interface are available for configuring. It's powerful hardware offers sufficient reserves to be able to safely operate communication-intensive process couplings with a high connection density. The robust, fanless device design has an extended operating temperature range and allows installation in harsh industrial environments.

With the 19" installation kit, the IEC104 Security Proxy can be installed in 19" racks. The installation kit also enables a redundant power supply for the device.

NENUX - Hardened LINUX Operating System

Devices with the "Telecontrol Gateway" modules meet the standards for software in critical infrastructures

These are based on the specifications of the BDEW Whitebook. The NENUX 6.0 operating system platform offers important upgrades for security in data transmission between the network control center and the telecontrol station.

The SHA512 hash function ensures that passwords are stored securely on the device. With AES256 and SHA256, more secure crypto algorithms are used for VPN communication. VPN encryption is based on Strongswan and uses IKEv2 and Diffie-Hellman Group 14 (modp2048) by default.

Device management is carried out exclusively via the secure protocols SFTP and HTTPS as well as SNMPv3. In addition, rights are defined via user roles. The devices use unique security keys, e.g. B. for the installation of IT security patches. The data partition of the integrated memory card is completely encrypted.

An established, long-term supported kernel is used via regular updates. The kernel offers optimized drivers, virtualization and security support.

All devices are hardened when delivered. Additional measures reinforce this hardening:

 

  • enable firewall
  • disable external interfaces
  • disable ADM interface
  • disable web server

Application Whitelisting (PSIsecure)

From default disallowing to explicitly allowing activities

 

Conventional programs can only stop known malware but are helpless against new and unknown malware. Application whitelisting technologies work differently:

Instead of blocking malicious code, only allowed activities are permitted. This is achieved by creating a whitelist. Only files with known and correct checksum can be executed. In consequence only valid processes will run. Moreover, only files and network connections that are known and allowed can be accessed by processes.

PSIsecure has a recorder mode that records any access to the infrastructure. From this, rules for application whitelisting can be created automatically.

 

Questions so far?

Get in contact with us! Your questions and requirements are important to us: Via E-mail to  info@psigridconnect.de or by Phone  +49 721 94249 0.