Using SD-WAN for securing distributed renewable energy
Renewable energy is a rapidly growing segment of the energy industry. Technologies such as wind, solar, biomass, geothermal, and energy storage are now considered mainstream. However, all of these sites require secure connectivity to enable important remote monitoring and control.
Renewable energy companies must connect an array of renewable energy assets spread across wide geographic areas. Many renewable asset operators also use public and private cloud-based applications, including SCADA. They need a network architecture that is simple to deploy at scale across numerous distributed sites and yet highly secure to ensure cyber threats do not impact uptime.
SD-WAN is ready for prime time with distributed energy resources
Enterprises have widely deployed Software Defined WAN (SD-WAN) over the past 10 years to address similar requirements: connecting remote sites using whichever networking technology is available, simplifying management of the infrastructure, offering seamless access to applications wherever they are hosted, delivering assurance for applications especially for remote users, and offering a very high level of security throughout the network.
Most renewable energy companies today are used to building large networks utilizing technologies such as Internet Protocol Security (IPsec) and Dynamic Multipoint Virtual Private Network (DMVPN) to encrypt critical Supervisory Control and Data Acquisition (SCADA) communications. They’re using Multiprotocol Label Switching (MPLS) for the underlying transport network, and public or private cellular for remote sites with no other WAN connectivity.
SD-WAN brings these technologies together and enables automation to greatly simplify deployments and offer unmatched cybersecurity benefits out-of-the-box:
- Secure zero touch deployment of field gateways, meaning no field staff is required to configure a gateway.
- Simple provisioning of service VPNs to segregate traffic (SCADA, CCTV, IP telephony, etc.).
- Templated configurations making it easy to change configuration and push it to gateways while ensuring compliance of all field assets to authorized templates.
- Application of unified security policies across a diverse range of remote sites and equipment.
- Managing multiple backhaul connectivity options at the gateway including private MPLS for critical SCADA traffic and cellular for backup and even internet-based connections for non-critical traffic, where appropriate.
- Lifecycle management of gateways, such as firmware updates, alarm monitoring and statistics.
Simplifying connecting large, distributed infrastructures
Deploying an SD-WAN overlay also allows the renewable energy company to control the end-to-end IP addressing schemes and remove the need to engineer complex routing plans based on the underlying transport network, quite often provided by a third-party service provider. This divorces the underlying transport network from the overlay network. Hence, it simplifies operational tasks and provides a more secure overlay network for critical monitoring and control traffic.
Wouldn’t it be beneficial to have a single solution with a choice of industrial ruggedized gateways for different site types? We think so, and Cisco provides several industrial routers to suit all deployment sites and can be managed as part of the Cisco SD-WAN solution.
Cisco industrial routers such as the Catalyst IR8340 Rugged Series Routers for larger sites, Catalyst IR1100 Rugged Series Routers and Catalyst IR1800 Rugged Series Routers for smaller sites all operate as SD-WAN edge gateways alongside with the well-known Cisco enterprise routers (virtual and physical), which can be used for control centers, cloud locations and other operational sites to provide a single overlay network connecting to any site.
Unifying networking and cybersecurity
Cisco’s SD-WAN solution also provides a broad set of cybersecurity features, simplifying policy creation and deployment to the edge gateways. Advanced security capabilities such as:
- Firewall with application awareness (NGFW) to filter traffic in real time and provide granular control capable of detecting thousands of applications.
- Intrusion Detection and Prevention (IDS/IPS) with Talos® signatures to identify and block known threats and malicious activities such as vulnerability exploits.
- Advanced malware protection techniques, including signature-based and behavior-based analysis, to identify and block known and unknown malware threats.
- URL filtering to block or allow users to access URLs based on more than 80 web categories covering millions of domains and billions of webpages.
- Secure access to cloud and internet resources with Cisco Umbrella® which combines secure web gateway, DNS security, cloud-delivered firewall, cloud access security broker functionality, and threat intelligence to protect against internet threats.
Managing cyber risks to drive regulatory compliance
Further to securing the perimeter and connectivity to the renewable energy site, Cisco provides further security tools that can be leveraged ‘over the top’ to increase the security posture of the site:
- Cisco Cyber Vision gives asset owners full visibility into devices connected to their industrial networks, communication patterns, vulnerabilities, and application flows to help assess the OT security posture. Renewable energy companies now have precise information to understand their cyber risks, implement security best practices, and drive compliance with cybersecurity regulations such as NERC CIP or NIS2.
- Cisco Secure Equipment Access (SEA) helps secure remote access to grid assets giving you full control over which technician or contractor can remotely access assets for configuration, maintenance, or troubleshooting. It brings all the benefits of a zero-trust network access (ZTNA) architecture to distributed renewable energy sites, so users have access only to the devices you choose, using only the protocols you specify, and only on the day and time you allow.
Secure your distributed energy infrastructure with Cisco
In summary, the Cisco SD-WAN solution coupled with Cisco Catalyst Industrial Routers and OT security products is very relevant to renewable energy networks and can help simplify deployment at scale while offering advanced cybersecurity capabilities. Learn more about it in the solution overview we recently published. I’ve also discussed it in more details in a recent webinar, which you can now watch on-demand. We’ll be happy to help you build the secure SD-WAN infrastructure you’ve been waiting for.
Share: