Matomo

Protecting telemetry data of power grids | Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Cossack Labs
search
List of customer stories
Case Critical infrastructure Industrial 2019 - 2021

Protecting telemetry data in state-wide critical infrastructure network

[REDACTED] is a country-wide transmission system operator that operates across a wide range of legacy and modern hardware. Due to various technological constraints, the availability of telemetry data in the central dispatch system is limited.

Our customer had the requirement to rapidly collect and securely utilise the telemetry data from hundreds of power distribution stations, generators, and large consumers to enable dispatch system functionality impossible with a current SCADA system.

Technology Challenges Solution Products Results

Industry

  • Power grid operator

  • Critical infrastructure

Technology stack

  • Telemetry hardware

  • IEC-104 compliant meters

  • TSO Central Dispatch system

Regulations

  • Internal security policies and IEC standards

Technology requirements

Secure data flow

Normalisation, accumulation, and transmission of sensitive telemetry signals to the core dispatch systems.

Data availability

It's crucial to to have a backup "source of truth" system capable of accumulating all the data.

SCADA integration

Data delivery to SCADA/dispatch systems within central network in a secure and controlled fashion.

Challenges

Legacy

Most of the hardware emitting telesignals is heavily outdated legacy equipment, typically compatible only with a limited number of devices gathering and transmitting telemetry data signals.

Telemetry security

Telemetry data signals are sensitive data and must be transmitted securely.

No direct communication

There is no direct communication link between power distribution stations and central dispatch system, so hybrid GSM/private/transit network combinations are used.

Unavailable cellular networks

Available public cellular networks are unreliable in some areas.

Solution

We have designed a secure data flow architecture based on our products, applicable security standards, and security considerations.

We've built small ARM-based devices that implement several functions:

  • Parsing of telemetry signal data and unification of its format to be understood by central SCADA system (IEC 60870-5-104).
  • Encryption of normalized IEC-104 packages, storing them locally and putting into the outgoing queue.
  • Transmission of queue contents via encrypted session with central TSO datacenter.
  • Extended synchronization capabilities to ensure consistent delivery.

We've deployed Acra cluster in central TSO datacenter, enabling:

  • Central aggregation of all encrypted blobs that come from each peripheral station.
  • Providing convenient SQL access to the encrypted blobs for all analytical queries.
  • Emitting data over IEC-104 to central SCADA systems where needed while providing end-to-end confidentiality, access control, enforcement of SQL filtering policy and data leakage prevention functions.

Products and services involved

Acra, a database security suite

Acra, a database security suite

Acra's cryptographic design allows to separate encryption and decryption to different parts of the system while storing data in encrypted format and providing easy-to-maintain key managements procedures.

Read moreAcra, a database security suite
Themis, a cross-platform crypto library

Themis, a cross-platform crypto library

We used cryptographic library Themis as a building block for transport layer encryption on application level, relying on its interoperability among required platforms and OSs.

Read moreThemis, a cross-platform crypto library
Security advisory and security engineering

Security advisory and security engineering

We've designed telemetry data protection system, assisted with its integration and support.

Read moreSecurity advisory and security engineering

Results and outcomes

Our solution fulfilled the expectation of building robust data aggregation system, along with improving general security of data stored, preventing insider risks and enabling easy integration between various legacy systems. It has made telemetry data instantly available for dispatch requirements and securely stored for further analysis.

Working along with classic power grid management software, our solution provided efficient security on problematic segment, extended availability of previously unreachable data under strict security policy.

Integrating data protection into legacy system

Updating legacy systems to comply with data security regulations is a laborious process. We already worked with state-owned TSOs, ICS/SCADA systems, and can help you too.

Other customer stories

Building ironclad data security for VDR SaaS
Building ironclad data security for VDR SaaS M&A solution

SaaS

Building ironclad data security for VDR SaaS

Building state-of-the-art security for Virtual Data Room — online document storage and collaboration platform. Integrating mobile-specific security measures seamlessly into mobile apps and aligning security with backend infrastructure.

Read story
All customer stories

Contact us

Get whitepaper

Apply for the position

Our team will review your resume and provide feedback
within 5 business days

Thank you!
We’ve received your request and will respond soon.
Your resume has been sent!
Our team will review your resume and provide feedback
within 5 business days