Ampersand Hydro LLC and PowerHouse Systems, USA
Cyberoam provides Reliable and Efficient Protection to ICS and SCADA Networks
About Ampersand Hydro LLC and PowerHouse Systems, Energy
Ampersand Hydro LLC and PowerHouse Systems (AHPS) provide “Water to Wire” services. . In other words, they produce and provide services to plants producing sustainable green energy, predominantly in the form of hydroelectric power. They own and operate various hydroelectric plants in the northeast USA including states like Vermont, New Hampshire and Connecticut.
“The willingness of Cyberoam to work with us, provide an evaluation unit, provide deployment support, post-sales support, webinars and a great product has solidified their place in our business. Unlike other big network hardware companies we really feel like our business is important to Cyberoam”
Mr. Aaron Cloutier
Director of Technology
Ampersand Hydro LLC and PowerHouse Systemsn
Ampersand Hydro LLC and PowerHouse Systems maintain small hydro electric sites that are located in rural areas and do not require on-site staff at all times. Their primary requirement was secure remote access of power generation equipment dispersed at their various sites. “Since our processes involve remote access of non-manned machines and systems, security in the communications between these machines is our main priority”, said Mr. Aaron Cloutier, Director of Technology, Ampersand Hydro LLC and PowerHouse Systems Inc. Their requirement was:
Secure Remote Connectivity
They required a solution that could provide secure remote connectivity to their power generation equipment which managed to repel or protect against all possible intrusion attempts. They also wanted to make sure that there is a clean separation between the open/office network and the closed/control network so that casual surfing by non-technical people wouldn’t compromise the control network.
The Cyberoam Solution
After searching the market for a suitable solution that would fulfil their needs, AHPS zeroed in on Cyberoam. In fact, they chose Cyberoam over a Cisco solution due to its cost-effectiveness and efficiency. They bought Four (4) CR 15wiNG and deployed them in Gateway Mode at their sites in Gilman Hydro (Gilman, VT), Weston Dam (Groveton, NH), Quinabaug Dam (Danielson, CT) and Five-Mile Pond Dam (Danielson, CT). After Cyberoam deployment, they noticed the following benefits:
- Gateway Level Restriction on Network Access
“Cyberoam allows us to have a high level of control over what goes on in our networks. We are easily able to restrict access to and from the control network. The intrusion prevention tools are also excellent and provide a high level of security for our sites”, said Mr. Cloutier.
They have deployed custom policies for firewall to restrict network traffic flow between LAN, DMZ and WAN. In addition, they have applied strict, SCADA-centric IPS policies and Anti-Virus policies to “lock things down as strict as possible”, as Mr. Cloutier puts it.
- Securely Sealed Remote Connectivity
The SSL VPN is used at all their sites to provide restricted remote access to the various hydro electric sites. VPN access to the control network allows remote monitoring of the control systems, remote VNC to SCADA systems and remote programming of PLC and HMI systems. VPN users have access to the SCADA network, IP Security Cameras, PLC programming (at some sites) and SCADA programming (at some sites). Cyberoam’s Split Tunnel feature for SSL VPN keeps all unnecessary traffic out of the control network. “We feel that Cyberoam has allowed us to move our remote access onto high speed internet without compromising the safety of our plants”, said Mr. Cloutier.
- Identity-based Filtering of Network Traffic
AHPS have integrated their Cyberoam with their current RADIUS authentication system, i.e., Cloudessa’s Cloud-based RADIUS authentication system, to authenticate VPN users.
Praising the easy and efficient manner in which Cyberoam could be integrated with their existing RADIUS server, Mr. Cloutier said “The integration with the cloud-based RADIUS server has been excellent and we are using it now at all of our sites”.
- Built-In Support for SCADA protection
Cyberoam addresses security gaps in Industrial Control Systems (ICS) and SCADA networks offering a holistic approach that understands ICS / SCADA network communication, secures against various threat incidents, provides desired situational awareness and enables adequate control over user and network activities while ensuring business continuity through uninterrupted availability of key ICS processes.
“The tailor-made protection provided by Cyberoam to our SCADA Infrastructure is like an icing on the cake”, said Mr. Cloutier.
- To Conclude
“The willingness of Cyberoam to work with us, provide an evaluation unit, provide deployment support, post-sales support, webinars and a great product has solidified their place in our business. Unlike other big network hardware companies we really feel like our business is important to Cyberoam”, said Mr. Cloutier.