Hydro-electric facilities inherently are not secure against cyber attacks. Yet it is essential for cost-effective operation for system control parameter updates to arrive at the facility and for detailed status data to be reported regularly to the hydro-electric management authorities. Paying people to drive trucks to visit the Hydro-electric plants is not cost-effective.
Therefore, the Supervisory Control and Data Acquisition (SCADA) equipment typically is linked to the Internet either by a hard-wired Ethernet connection to a network Point of Presence (PoP) or exposed via wireless connection, whether by the popular WiFi® or by a custom wireless solution. Each of these approaches exposes the utility to malicious mischief that can be achieved by one or two hackers somewhere in Russia, Syria, Iran or you name it. Wireless enables drive- by collection of data, but a disgruntled (e.g. fired) employee can change parameters in ways that will not be reported. The authority may or may not discover the hack. A truly nasty hack could cause slow damage over months to years that are blamed on something else such as human error. You don’t have to be in a big city or high profile jurisdiction to suffer a disgruntled employee.
Protect the people of your community from such preventable damage by installing a Hackproof Web Machine ® Hydro-electric Web Shield between your SCADA local area network and the Internet connection, wired or wireless. The Hydro-electric Web Shield operates like the window between you and the bank teller at a drive up window, but instead of passing the physical check (analogous to IP packets) to the teller, you hold the check up to the window and the teller copies the numbers, takes a picture of the signature on the back and the funds are deposited. Since the check never physically enters the bank and it not touched by the teller, your germs (analogous to malware) cannot infect the teller or others inside the bank. Similarly, your Hydro-electric Web Shield does not allow any Internet packets into the SCADA local area network (LAN) and no LAN packets escape to the Internet. Instead the web shield copies the authorized water treatment information into a dedicated memory from which hardware cross-checking circuits validate that only authorized data is moving in our out, and then creates brand new pristine IP packets containing only authorized data and destined only for white-listed IP addresses.
What constitutes authorized information? Your list of data reported at the management level will include levels, flow rates, pump status, valve status, maintenance due dates and the like. This data is acquired from your current SCADA network by our Web Shield as if it were reporting directly to the Hydro-electric Authority. However since authorized data is copied but the rest of the packet is left inside the SCADA network, malware command and control bits cannot escape even if your system already is infected with what NIST terms APTs. Authorized controls will be specific to your facility’s SCADA equipment. If you do not know in detail what packets flow between a given plant and a networked control authority, Hackproof will analyze your flows and customize your Web Shield to your current data flows. We can do this remotely without disturbing plant operations. Once authorized controls are established, the Web Shield copies just the authorized data from the inbound Internet packets, throwing the rest of the Internet packets away via hardware. The web shield has no software, no operating system, no random access memory, but rather is hardwired to let authorized data flow in either direction. The result is what our patents term domain-specific symbolic hardwired learning machine.
Let Hackproof Secure your facility today by using Hackproof Web Machines unique Hardware Solution. Hackproof is currently offering Web Shields at cost with early adopter financing and volume discounts consistent with our corporate public interest charter of making the Internet a safer place sooner rather than later. Request Hydro-electric White Paper, email firstname.lastname@example.org today.