Comprehensive protection against cyberthreats for the segments of the SCADA system of RusHydro

Problem

RusHydro comprises multiple branches and runs numerous hydroelectric power plants, and the way cybersecurity is provided at all of them had to be centralized. Standardized cybersecurity optimizes maintenance costs and boosts efficiency both during operation and when general reports need to be generated across all the branches on the state of the cybersecurity of the company's SCADA system.

New regulations and legislative amendments governing the cybersecurity of industrial SCADA systems added a new set of requirements that apply to energy sector companies. 

STEP LOGIC's Objective

  • Provide cybersecurity for all segments of the SCADA system both at the level of the perimeter and at other levels of the system: top, medium, and shop floor level.
  • Adhere to the requirements of Order of the Federal Service for Technology and Exports Oversight of Russia No. 31 dated March 14, 2014, and create condition for the connection of the system to GosSOPKA.
  • Reduce technology and economic risks occurring during the processing and transmission of data in the production segments of the branch SCADA systems.

Features

  • SCADA cybersecurity.
  • Comprehensive analysis of security.
  • Reducing the risk of malicious impacts and unsanctioned access to the information resources of the production segments.
  • Automation of security processes of the SCADA system.
  • Use of Russian cybersecurity system to implement import substitution.
  • Bench tests to get compliance certificates for the equipment used in the SCADA system from the manufacturers of the SCADA system. 
  • Deployment of the data security system without disruption to the production process.
  • Reasonable combination of standard security solutions and security solutions specifically designed for the SCADA system.
  • Use of the defense in depth principle.
  • An audit of the resources of the customer's network, analysis of their criticality and vulnerabilities, development of a general concept for the cybersecurity of the branches of RusHydro, development of a security system based on the requirements of the Federal Service for Technology and Exports Oversight of Russia and relevant security threats.
  • Work performed on live equipment while adhering to all health and safety requirements (energy facilities) as well as internal requirements aimed at ensuring uninterrupted production and reliability of the data transmission systems of the SCADA system.