As critical infrastructure, power utilities cannot afford to be at risk. However, even as utilities focus on keeping power grids up and running, they must also maintain compliance with regulatory requirements, particularly NERC-CIP (North American Electric Reliability Corporation-Critical Infrastructure Protection) and EU NIS (European Union Network and Information Security Directive). To achieve and maintain compliance, utilities need continuous visibility into assets and processes.

For many power utilities, much of the infrastructure operates in the dark and gaining visibility can be a significant challenge. Having grown over several decades, the infrastructure consists of a multitude of assets, some of which are very old and/or have been managed by third parties. It’s not unusual for substations to have transformers that are more than 40 years old that possess only rudimentary communication capabilities. Power utilities rarely have an up-to-date asset inventory and now, with a widely dispersed infrastructure, the prospect of obtaining visibility is daunting.

Modern industrial-grade networking hardware with embedded sensors can provide end-to-end visibility. Cisco IoT routers and switches with Cisco Cyber Vision sensors can see all the communication flows between devices. The software-based sensors capture asset inventory and operational insights, such as asset identification and location, that are needed to comply with NERC-CIP/EU NIS. Power utilities that are struggling to maintain compliance or are refreshing their substations should take the opportunity to deploy network equipment that provides visibility.

By activating anomaly detection features, Cisco Cyber Vision can also be leveraged in a cybersecurity project. Shutting power off in a city just takes a legitimate instruction to a breaker – IT security tools cannot detect that. Cisco IoT network devices with embedded Cyber Vision sensors can detect abnormal behaviors by decoding grid protocols such as DNP3/IP, IEC 104, IEC 61850 GOOSE and MMS. It’s the ideal companion to firewalls and IDS/IPS to detect zero-day/custom-made attacks that target power utilities.

Cisco Cyber Vision is fully integrated with the wider Cisco security solution for grid networks, all of which can be implemented with the help of the Cisco Grid Security CVD. The Cisco Validated Design (CVD) is a blueprint for an integrated security architecture designed to help reduce risk and minimize the burden of regulatory compliance. The CVD aims to simplify implementation and lower operating costs for utilities while providing comprehensive protection through defense in depth.

Cisco Cyber Vision draws an ideal journey to securing grid networks while making wise use of limited budgets: leverage the network to ensure regulatory compliance, and upgrade to security when you’re ready. To learn more, watch the Cisco webinar Building a Modern Grid Security Architecture and download the Cisco Grid Security CVD.


Sean Song Jiang

Lead, Distributed Automation Solutions

Cisco IoT Solutions Group