IT security for critical power generation systems: STEAG GmbH

Power generation is one of the most security-critical key industries in the world. When the Stuxnet malware was discovered in Iran in 2010, the sector was alarmed. Never before had hackers managed to sabotage control systems of industrial facilities with such a level of sophistication. The dangerous malware reached computers in the network of a number of nuclear facilities via a USB storage medium and caused notable disruptions to the Iranian nuclear program. Other companies in the energy sector also anticipate similar risks. Find out how PRESENSE PROVAIA provides comprehensive protection for process automation systems at a German power generation organization.

Typical starting position at a German energy provider

This client manages their energy plants using specialized systems for process automation. These systems are not able to detect malware on their own, as they don't sport any antivirus protection.

In addition, they aren't always up to date w.r.t. the patch level, which means that they may show vulnerabilities that can be exploited by attackers. As such, keeping malware at a safe distance from their systems and networks is of utmost importance for our client. The PROVAIA appliance by PRESENSE provides this vital protection for removable media in two ways: it improves both IT security and compliance.

Secure data pathways into the company

By implementing our PROVAIA solution, the company introduced clearly defined, mandatory entry points by which data on removable media can enter its internal networks. Each of these entry points always leads to the PROVAIA appliance, which means they can be precisely documented and reported.

In this context, our solution supports two critical workflows: Firstly, it scans the data in question, and secondly it copies it onto an internal flash drive or an internal, shared network drive — provided that the data was deemed safe. Here the user can choose whether to check specific data or entire storage media. PROVAIA combines a set of various protection mechanisms to reach a level of security that goes far beyond the level provided by standard antivirus software. With the help of PROVAIA, the energy provider has been able to significantly improve its protection against malware.

Security for all departments

Industrial companies often use separate office and production networks. While the first network deals with the protection of company secrets, the second focuses on production capacities. The prevailing trend favors the use of PROVAIA to protect all networks and systems, across all company departments. Our client started by deploying PROVAIA within its production networks and then extended its use to their office departments. The advantages speak for themselves: PROVAIA provides security and is easy to deploy.