Remote access security made easy and effective

Utilities worldwide are bolstering cyber security measures like never before. For some companies, government regulations such as the NERC/FERC CIP policies in the US, are the impetus for change. Utilities in other parts of the world are enhancing their security not out of regulatory obligation but prudent business responsibility.

Authorized personnel only

One of the key issues is controlling remote access to the meters, relays and other intelligent electronic devices (IEDs) installed at substations. The goal for security-minded utility companies is to ensure that only authorized personnel have remote access privileges and that the authorized personnel list be updated within 24 hours of any change.

For any major utility this is a sizable and complex challenge involving several thousand IEDs from scores of different vendors. Just as many IED manufacturers implemented both their own vendor specific communication protocols, they also implemented vendor specific methods for managing user login access to these IEDs.

Most IED login schemes are quite rudimentary and only provide a very simplistic level of security. Typically, each IED access authorization was controlled by a basic username and password. In many cases these schemes were designed to distinguish between read-only and configuration-authorized users, but were never intended to effectively manage remote access.

As a result most IED vendors did not provide any tools to centrally administer and manage the IED security schemes.

This means that every time employees with remote access privileges leave a company, in order to maintain security, the passwords on every IED that they accessed must be manually changed and all other authorized employees must be notified of the changes.

For utilities with thousands of IEDs, the logistics of changing all these passwords are simply too onerous. Any attempt to solve the remote access problem at the IED level is unrealistic. Fortunately there is a simple, proven solution that comes by addressing the challenge at a higher level.

Proven solution

Information technology companies have been tackling similar security issues for more than 20 years. In the IT environment, network administrators manage user-access control rights to computers, applications and databases containing sensitive corporate information. Such practices are commonplace. Authorization is handled not at the computer or application level, but at the network level with Single Sign On and multi-factor authentication technologies that manage each individual’s user and group profiles.

When an employee departs, his user name and password can be simply deactivated in less than a minute and with just a few keystrokes by a network administrator. Security is managed and maintained. The individual can no longer access private company information. There is no impact on any other users and no requirement to reset any of the devices.

Utility companies can now achieve this same level of control and convenience in managing IED security. Moving remote access management to the network level provides them with unprecedented control over all their IEDs and gives them the protection of the most advanced cyber security measures in the IT industry.

Intelligent network software also provides new access log functionality, including time stamped audit trail reports, which are required under NERC / FERC CIP. The software is the central interface for all users to access IEDs. All changes related to a substation or an individual IED are entered in the software, eliminating unnecessary hassles for users.

Beyond improving security, many utilities are finding that these security investments also enable various future smart grid initiatives. This is because these solutions provide a foundation to securely access the large amounts of IED data previously stranded in these devices. As a result, automated event file collection and condition-based maintenance solutions can be realized more directly.

The cyber security demands being placed on utility companies are considerable, but as long as they are addressed at a network level, are quite manageable. Proven network technologies are elevating utilities not just to a new level of security, but also to a new level of effectiveness.

Ameen Hamdon is President and Founder of SUBNET Solutions Inc. He began his career in the electric utility industry working in SCADA Engineering. Over 15 years, he`s grown SUBNET into an industry leader providing solutions that securely connect live electric utility field information with utility business systems to enable smart grid solutions.