The company carried out the first ICS/SCADA network monitoring installation in 2012, making it an outstanding front-runner among critical infrastructure organizations worldwide.
Implement a solution to achieve continuous situational awareness, validate network and operational changes, and detect known and unknown cyberattacks before they impact the national gas infrastructure.
The project involves both legacy OT systems and technology, and traditional IT networks and protocols. Therefore, the desired solution must: • Identify ICS devices and understand proprietary ICS protocols, as well as custom extensions of standard ones. • Analyze in full depth IT protocols to detect both known and zero-day attacks. • Define a baseline of normal operations for both ICS networks and dynamic back office networks. • Validate network and operational changes and alert in real-time for undesired network activity.
SilentDefense detected the operational scenarios and cyber attacks simulated during the on-site proof of concept, and was chosen to monitor both the HMI network of gas storage sites and the gas distribution pipeline. Currently, SilentDefense monitors more than 400 IT systems and servers and thousands of RTUs scattered across the country.
Among the daily operational insights provided by SilentDefense to the company’s operators, it identified two critical network and device misconfigurations which had a direct impact on the process and the company’s disaster recovery procedures: • Inconsistencies between production and acceptance network blueprints. Seeing as the acceptance network blueprint was to be used for recovery in the case of network failures, the result would have been an incorrect and possibly unpredictable operation of the gas infrastructure. • RTUs not configured correctly by the vendor and reporting invalid values for customized fields of a standard SCADA protocol. As a result of the invalid values, the SCADA server could not guarantee accurate calculations and forecasting.Click below to share this article