Creating a Firewall Solution for the Energy Industry

Rohde & Schwarz has created a German-engineered next generation firewall solution with a single pass engine to help utilities secure their systems.
Published: Wed 02 Dec 2015

Brought to you by:

With highly distributed environments and operations, the critical infrastructure sector is a prime target for cyber attackers and hackers. Added to these challenges, laws and standards around IT security in Europe will create more awareness but without these, it will be almost impossible to move towards adopting state of the art IT security.

Firewall solution made for the energy industry

Utilities must adapt their systems to avoid the increase in complex threats. Industrial and SCADA networks are weak and vulnerable points of entry, always requiring renewed attention. The recent webinar Briefing: Cyber Security & Risk Management for Critical Infrastructure with gateprotect, a Rohde & Schwarz company, digs deeper into key factors that could lead to a major security incident in Europe if left unattended. The webinar goes into detail about specific vulnerabilities affecting the energy sector and smart grids in general.

In response to the increasing threat situation and in conjunction with rising government awareness and the ensuing regulatory and legal pressures, Rohde & Schwarz has developed a very targeted approach. This includes a next generation firewall for the energy industry. Next generation firewalls are network security systems that are able to detect and block sophisticated attacks at the application level. The firewall solution of Rohde & Schwarz is developed and engineered in Germany and provides the energy and utility market protection of specific protocols used in the sector.

The turnkey solution meets the utility sector’s network security requirements and boasts a multi-level defense strategy with no backdoors.

Felix Blank, Head of Product Management at gateprotect, describes the solution as a “second line of defence - a firewall placed in the backbone of the network which separates the subnets. It divides the machine and office worlds into different networks so that it can control everything in between. This leaves the existing firewall system in place and adds the Network Protector as a protection device with higher order and mechanisms specifically designed to protect the energy sector.”

Next generation firewall

The next generation firewall is ideal since it has a sophisticated protocol based inspection instead of port based. As an example, in the past the industrial market used SAP ports which were left open to allow the SAP server to communicate with machines. But the new next generation firewall doesn’t just check ports, it looks inside the data traffic and protocols.  

The integrated single pass engine allows multiple actions to be performed on the network traffic simultaneously while tracking each session’s context. With this mechanism Rohde & Schwarz has become the first European company that can read and decode specific protocols used in the energy industry. This has been achieved through the integration of the Application Control solution by the Rohde & Schwarz company ipoque as well as protocol decoding options.

The gateprotect-NP is using the firm’s unique full-validation whitelisting to ensure maximum network security. Its general operation can be compared to x-ray scanners used at airports. No single unknown item is allowed through the security checkpoint without being positively identified. In addition to protocol detection, the solution offers a decoding service and is carried out using ipoque’s IP classification service in the single pass engine. It is this that secures the border between the office and machine networks.

Industrial awareness of cybersecurity

Mr Blank says that the industrial market is falling behind the commercial sector as far as cybersecurity is concerned. The sector handles their security by VPN using routers instead of state of the art firewall technology. Many companies are lacking the awareness of the continuously increasing risks and consequences that could happen without effective security technology. A blackout or operating failure could be one of them.  

Secondly, German industrial companies prefer German technology as they prefer to keep their information from crossing borders. However, Rohde & Schwarz’s new firewall solution is completely engineered in Germany. The heart of the firewall and core of the IP classification is German so the company and the product is bound to German law and there are no back doors, explains Mr Blank.

More information on energy market security in various case studies and flyers, contact gateprotect.