Smart Grid Field Area Network Solutions
Increasing Situational Awareness
For many years, utilities have been deploying “smart” devices in their communications, transmission, and distribution networks and substations to quickly detect anomalies and failures and to automate responses to improve reliability and overall quality of service. This distributed intelligence requires secure and reliable Field Area Network (FAN) communications, which necessitates rethinking of existing utility operations technology security including new methods and tools to gain greater situational awareness to exploit opportunities.
Applied Communication Sciences has conducted in-depth network, software, and low-level hardware security analysis on FAN two-way communications and control systems that employ advanced technologies, such as spread spectrum, ad-hoc networking, public key infrastructure, and secure broadcast protocols. Our experts are currently assisting utilities in managing the cascading changes that Advanced Metering Infrastructure (AMI), Distribution Automation (DA) and Home Area Networks (HAN) are creating in utilities’ operations, engineering, maintenance, theft deterrence, system monitoring, incident management, and service assurance functions. As utilities accelerate their deployment of Smart Grid technology our teams are already working on extracting full value from data analytics and process re-engineering in operations to help utilities integrate Smart Grid capabilities across a broad spectrum of business functions.
Our scientists and engineers have developed unique multi-layered FAN assessment methodologies and tools to address the multiple management, control and end-user planes of this problem space which requires a holistic approach to truly address these growing challenges.
We provide both innovative Smart Grid consulting services and solution development offers; including:
- Field Area Network Security Consulting Services which cover Wireless Radio assessments, Network Security Assessments, Software/Firmware Security Assessments and Embedded Hardware Security Assessments.
- Distributed Operations Consulting Services to help utilities leverage the distributed nature of FAN devices to integrate Smart Grid into their operations environments and transition to fully integrated management critical to optimizing Smart Grid potential.
- Smart Meter Data Analytics Services which help utilities exploit the power of the FAN device data for demand forecasting, fraud detection and revenue assurance, proactive maintenance, trouble detection and Service Level Agreement (SLA) management and more.
Our teams also provide innovative core technologies which we use to build custom security and operations solutions for utilities to provide improved situational awareness into FANs, particularly AMI FANs. This work includes:
- SecureSmart™FAN Analyzer™ solution capabilities is a unique solution in the industry which provides visibility into FAN traffic flows and packet exchanges which utilities do not have today.
- SecureSmart™FAN Intrusion Detection System which builds upon our FAN Analyzer™ to best apply existing IDS to detect intrusions in the FAN particularly Smart Meters and DA devices.
- SecureSmart™ MeshView™ FAN Visualization Capabilities to help utilities discover, analyze and display the FAN topology, monitor its performance, connectivity and latency characteristics increasing situational awareness and exploiting the power of the FAN device data.
- SecureSmart™ Intrusion Prevention System monitors traffic for malicious activities and policy violations using custom processing rules, triggers and signatures. We offer an intrusion prevention solution for wide area Synchrophasor (C37.118) and Inter-Control Center Communications Protocol (ICCP) networks.
Our holistic approach to Smart Grid security and information assurance assessments often incorporates potential vulnerabilities other reviews miss. Leveraging our broad cross-sector experience, our teams can adapt best practices from different industries to help secure mission-critical fiber, voice, IP, wireless and enterprise networks, and information technology and operations technology environments.
Exceptional Tools for Exceptional Problems
The challenges of security assessment and risk mitigation for Advanced Metering Infrastructure (AMI) and Distribution Automation (DA) Smart Grid systems differ from traditional IP-based computer networks in both scope and technique. Field Area Network (FAN) infrastructures consist of a large number of embedded devices, typically in the form of dual-band wireless nodes, signal repeaters, smart meters, SCADA Remote Terminal Units (RTUs), line sensors, and various monitors. Many of these intelligent endpoints cannot be physically protected and are thus susceptible to both physical and cyber attacks. The combination of proprietary protocols and the embedded nature of today’s FANs render traditional IT security assessment methods and tools unusable.
Applied Communication Sciences experts have developed a proven security assessment methodology which combines traditional penetration testing techniques for networks, computer systems, and applications with a detailed embedded hardware security and radio communications analysis.
4-Quadrant™ Assessment Methodology
As a pioneer in Smart Grid security, Applied Communication Sciences provides in-depth security assessment services based on our unique methodology to validate device and system security features and assess vulnerabilities and risks. Our methodology ensures a comprehensive review of all Network, Software, Wireless and Hardware/Firmware.
SecureSmart™ FAN Analyzer™
Visibility into FAN traffic flows and packet exchanges among nodes is critical to understanding the potential security vulnerabilities in addition to network behavior. We have designed and built the industry’s first FAN protocol analyzer which consists of a custom probe configured for multi-channel packet capture and decode on popular AMI systems. Our custom packet dissectors permit decomposition of captured traffic through several protocol layers. Our FAN Analyzer™ can be used as a security tool to monitor and inspect packet contents, such as security exchanges, as well as provide value as a monitor to assess network health and a diagnostic tool for field technicians and remote maintenance regardless of the FAN devices’ encryption capabilities.
SecureSmart™ FAN Intrusion Detection System (IDS)
Designed as a scalable, probe-based system with policies and heuristics to detect signs of potential malicious traffic, our FAN IDS operates independent of FAN components and provides a security control for mitigation of supply chain cyber threats. It features a multi-channel operation with distributed intrusion detection intelligence and centralized capture storage when deployed in a FAN environment.
Our FAN protocol analyzer and intrusion detection capabilities will help augment a utility’s FAN security program and provide much needed visibility into FAN traffic flows. For more information, down load our SecureSmart ™ FAN Analyzer and SecureSmart™ FAN Intrusion Detection System brochures or contact us at firstname.lastname@example.org for a demonstration of our tools.
SecureSmart™ Intrusion Prevention Systems
Our agent-based intrusion prevention system monitors traffic for malicious activities and policy violations using custom processing rules, triggers and signatures. We offer an intrusion prevention solution for wide area Synchrophasor (C37.118) and Inter-Control Center Communications Protocol (ICCP) networks. For more information, download our brochure.
SecureSmart™ MeshView™ Visualization Tool
Today, utilities can typically detect connectivity issues when smart meter reading attempts or remote operations are unsuccessful. But, there are limited means available to diagnose the cause of the problem remotely and there is no way to gain an understanding of the topology of the FAN and evaluate it holistically. Applied Communication Sciences is at the forefront of developing tools to discover, analyze and display the topology of FANs, and monitor their performance, connectivity and latency characteristics.
Our ground breaking network visualization tool provides utilities with immediate situational awareness of their AMI FAN networks. It analyzes collected data and statistics from meters and access nodes and presents it in a variety of views. The MeshView™ visualization tool is able to send alerts to operations staff, other OT systems, asset managers and planners which significantly enhances troubleshooting and analysis. MeshView shows how the FAN is connected and how well it is performing. You can immediately see meters that use many hops to get to an access node. You can see which meters have lost connectivity. You can see which links are strong and which are weak. You can back up to a high-level view looking at an entire region and see which access nodes are having trouble reaching their meters. You can drill down and see the details about a specific meter or link. A picture is indeed worth a thousand meter readings. A problem at an access node affecting many meters will be readily identifiable and easier to diagnose. The network visualization tool at its core is intended for use by system operations and engineering groups as well as security organizations to understand and better manage AMI and DA networks and diagnose and resolve connectivity issues with devices. If the AMI and DA infrastructure management is outsourced, this allows the utility to monitor the hosted solution service and work cooperatively to improve efficiency and resolve problems.
Our experts are well equipped to advise utilities in the design, implementation, testing, and deployment of a network visualization tool customized to the utility’s AMI and DA deployments that best serves the needs of its operations, engineering, and business units. For more information, down load our brochure or contact us at email@example.com
Applied Communication Sciences’ IP Assure is an innovative and cost effective tool to efficiently verify IP device configurations throughout an IP network in a matter of hours. Without such an automated tool, it is virtually impossible to perform the manually intensive task of network error detection and remediation. IP Assure can systematically save utilities time and money as it helps secure their IP networks which now extend into all parts of their environments. IP Assure can also help prevent security breaches, network outages and audit failures. Thousands of parameters per device config file are extracted and analyzed by IP Assure in a matter of minutes with the results provided in standard and customized detailed reports for technicians and summaries for managers.
SecureSmart™ Managed Security Services:
As a cost effective solution for distribution and energy generation utilities, Applied Communication Sciences provides outsourcing of security monitoring for AMI and DA networks and other FAN environments.
Our teams will build, install, and operate an AMI and distribution automation remote field area network intrusion detection system as a custom managed service within your service area or facility’s network environment with a defined Service Level Agreement. We will build and install wireless signal monitoring probes of different hardware configurations that will operate in fixed and mobile environments. These probes will monitor over-the-air AMI and FAN device traffic and transport captured traffic and alerts to a data center located in our US based facilities. Our Cyber Threat Analysis Team operates an Intrusion Detection System, FAN Analyzer™, Capture Repository, MeshView™ Tool, Customer Portal and other applications needed to manage the system in our data center for your company. Our Intrusion Detection System applies a series of defined rules and behaviors to the incoming traffic streams and raise alerts when conditions you define are satisfied. Our team conducts traffic analysis and event correlation to investigate, qualify FAN IDS warnings and performs notification. Alerts are logged and trigger a response designed to meet your operations needs. All captured traffic is stored in a Capture Repository and provided to you via a portal to view the traffic traces, IDS alert logs, and system health and operational status. Data can also be fed into your SIEM or other management systems.
Our managed service offering delivers a full range of daily operations, including monitoring system health; sorting, processing, responding, and investigating alerts; examining packet captures associated with alerts; scanning packet captures for unidentified traffic; managing the customer portal and capture repository; and responding to utility requests. We prepare reports summarizing the system operation, alerts, incidents, and statistics. Our team would be pleased to discuss your specific FAN managed services needs with you. Please contact us at firstname.lastname@example.org.
A History of Building the Future
Applied Communication Sciences has over twenty five years of experience planning, designing and protecting critical infrastructure and large, complex networks. Drawing on our Bell Labs and Telcordia heritage, we are regarded as the chief architect of the U.S. telecommunications systems. As a leading global provider of network and operations engineering and security services, fixed, mobile, and broadband communications software, and cutting-edge research we serve a broad spectrum of communications-intensive markets. Working with a range of clients in energy, communications, government, finance, automotive, and entertainment, we bring unparalleled perspectives to current and future network security threats and best operations practices for the utility sector.
Applied Communication Sciences supported Telcordia’s preeminent role in architecting our nation’s communications infrastructure as a member and trusted advisor to the President’s National Security Telecommunications Advisory Committee (NSTAC). The NSTAC provides technical and policy advice to assist the U. S. President and other stakeholders who are responsible for our nation’s critical national security and emergency preparedness services.
As a pioneer in Smart Grid cyber security and trusted technical advisor to leading utilities, Applied Communication Sciences utility experts have conducted in-depth network, software, and low-level hardware security analysis on FAN two-way communications and control systems that employ advanced technologies, such as spread spectrum, ad-hoc networking, public key infrastructure, and secure broadcast protocols. As utilities accelerate deployment of Smart Grid technology, we are already working on extracting additional value from data analytics and process re-engineering in operations to help utilities integrate Smart Grid capabilities across their business functions.