Case study Solutions category: Cybersecurity

Cybersecurity at the Chvaletice Power Plant: OT and IT networks under close scrutiny of a security audit

Cybersecurity at the Chvaletice Power Plant: OT and IT networks under close scrutiny of a security audit

Cybersecurity has been a long-term priority for us. It plays a crucial role in ensuring the reliable and safe operation of our power plant. Thanks to Soitron’s professionality and technical solutions such as Soitron Security Sensor, we have improved our in-depth overview of our OT and IT networks even further. Solutions tailored to our specific needs help us minimise potential risks related to outages while strengthening the security of the energy system. 

Jiří Rokyta, Head of Instrumentation and Control Department  

Background

The Chvaletice Power Plant is acutely aware of the critical importance of the cybersecurity for its operational technology (OT) as it is the foundation of its critical infrastructure. They also put emphasis on information technology (IT) that supports its business and administrative processes. While the OT network is responsible for controlling and monitoring key power generation processes, the IT networks ensure the smooth functioning of the organisation as a whole. Targeted solutions for protecting both OT and IT systems allow the plant not only to guarantee uninterrupted and reliable operation, but also to demonstrate a responsible approach to meeting regulatory commitments. As part of its efforts to enhance cybersecurity across its networks, the power plant sought solutions to improve OT and IT systems protection. In this endeavour, we acted as their technological and consulting partner.

Project implementation process

deployed the Soitron Security Sensor—a security solution designed to analyse network traffic and file security. A single physical device integrates several security products tailored to detect advanced threats and provide network visibility. These products are always customised to the specific needs of the customer. In this case, we combined solutions suited for analysing both OT and IT networks: FlowMon, Nozomi Guardian, and Cisco ICS CyberVision.

The Security Sensor was physically installed on-site at the power plant. Once deployed, the solution monitored and analysed network traffic within both the OT and IT environments. Based on the collected data, our experts prepared a final report that included findings, recommendations, and further development opportunities. With the audit the customer learned how well it is protected against potential security incidents and what are the most suitable technologies for its OT and IT environments.

Results and benefits

comprehensive insight about OT and IT networks

reduced risks of OT and IT network outages

enhanced energy system security

compliance with legislative requirements

Customer Profile

The Chvaletice Power Plant is part of the Sev.en Česká Energie a.s. group. With its strategic location, it serves as the energy hub of Eastern Bohemia and is the only power plant in the region certified to stabilise the power system voltage fluctuations, restore power supply after a system collapse, and operate in island mode. The plant ensures a stable supply of electricity from local sources. Its four units generate electric power to cover both base-load (24 hrs) consumption and peak demand (12 hrs) with dynamic output ranging from 100 to 840 MW.

Technologies used

FlowMon, Nozomi Guardian, Cisco ICS CyberVision

Firewalls by Palo Alto Networks protect IT and OT networks in a manufacturing company

Firewalls by Palo Alto Networks protect IT and OT networks in a manufacturing company

Thanks to the expertise and experience of our technicians, the deployment of the new solution was carried out quickly and seamlessly, without affecting the normal 24/7 production operations. 

Soitron team 

Background

A Slovak manufacturing company with 1,500 employees, part of an international group, was looking for a suitable firewall solution. One of the essential requirements for the chosen solution was to meet a number of next-gen functionalities. The legacy solution was outdated and not compliant with the current requirements. The client requested application-level visibility and a higher level of security.

Project Progress

We proposed a new technological solution based on Palo Alto Networks firewalls. The solution we provided to the client was the current market-leader in terms of firewall security. One of the main requirements of the client was to have separate firewalls for IT and OT networks, i.e. to have a separate network environment for managing industrial production technology elements.

This made it possible to achieve an even higher level of security against potential cyber threats and to make the environment more resilient against outages. The challenge was not to disrupt production processes.

Results and Benefits

high level of security

greater application-level visibility

more resilient environment against potential cyber threats

replacement of traditional firewalls with next generation firewalls

Technologies Used

Firewall Palo Alto Networks

Logmanager simplifies the management of IT systems and enhances security at inventec

Logmanager simplifies the management of IT systems and enhances security at Inventec

Logmanager was the first product based on SIEM that we implemented in our company. Thanks to SOITRON, the implementation was easy and directly focused on each requirement. We were very satisfied. 

Jiří Tomaštík, IT Netwok Engineer Supervisor 

Background

Inventec was looking for a solution that would help them comply with the Cybersecurity Act (CSA). They have achieved that by deploying Logmanager – a product that helps obliged entities to meet their obligations under the CSA.

Project implementation

The project started with a consultation where we, together with the customer, specified the list of devices to collect logs from. In the next step, we classified these logs, and, for any device not natively supported by Logmanager, we created a parser (i.e. a code that extracts interesting parts of the log and stores them under a specific name in a database). With such normalized data, we generated views for interesting logs. For specific situations that could potentially arise, we created custom email alerts.

This platform enables much earlier detection and responses to any network problems or vulnerabilities. Notifications can alert the customer if someone unauthorized is trying to log into their key server.

We deployed Logmanager in the customer’s two datacentres. The project is continuing with the deployment of another Logmanager in the OT environment, where it will be used to collect production data.

Results and benefits

easier IT system management

comprehensive view of the status of all parts of the network

incident alerting and advanced reporting

an intuitive user interface

compliance with the legislative requirements of the CSA

Customer profile

Inventec (Czech) s.r.o. is a member of the Inventec Corporation, which is based in Taiwan. Inventec manufactures and develops electronics and information technology products. The company has manufacturing facilities and innovation centres in several countries. Their operations in the Czech Republic are dedicated to the production of computer servers.

Technologies used

Logmanager was developed as a centralized log management system, providing an easy way of viewing all machine-generated data in an organization. In the first step, Logmanager collects, unifies, and provides long-term storage of event logs and records from active network elements, security devices, operating systems, and application software. It then stores the collected data in near real-time in a well-defined and powerful database that IT security professionals can access through predefined dashboards and structured or full-text queries with results displayed in a graphic format. Logmanager also provides basic SIEM functions, such as alerts with limits and simple correlations.

With a SIEM system, critical infrastructure company has its cyber risks under control

With a SIEM system, critical infrastructure company has its cyber risks under control

The customer used to record logs in a technology infrastructure environment; however, the data was collected in multiple databases, and there was no analytical tool that would allow these basic reports to be put into context and thus allow for the identification of relevant security incidents. The company’s management therefore decided to deploy a technologically advanced and comprehensive Security Information and Event Management (SIEM) solution.
Case study was published 12.06.2023

background

  • The client is responding to the growing threat of cyberattacks, which in extreme casesmay result in a complete shutdown in power supply.
  • The company did not have a tool to collect logs important for evaluating security risksand operation issues.
  • They lacked the ability to correlate different events, analytics, and incidentinvestigation and audit trails.
  • Compliance with new legislative requirements imposed by the Cybersecurity Act washard to achieve.

solution

  • The QRadar system for recording, evaluating, and managing security incidents (SIEM).
  • An analysis and the integration of QRadar with the IT and OT infrastructure for comprehensive log collection.
  • The development and setup of dozens of different customer-specific security and operational scenarios for the SIEM system to respond to.
  • The implementation of the Watson artificial intelligence add-on to support the aggregated data correlations and analysis.

benefits

Increased protection against cyber risks and the elimination of operational issues that could result in service outages.

An easier job for administrators and security specialists.

Automated risk alerts derived from the infrastructure data and event analysis.

The secure storage of logs with the ability for retrospective evaluation, auditing, and reporting.

Read more

The managers of Bratislavská teplárenská gain a real overview of their sensitive corporate data

The managers of Bratislavská teplárenská gain a real overview of their sensitive corporate data

According to the Cyber Security Act passed in 2018, specific companies providing “essential” or “digital” services must ensure the enhanced security of their data. This includes Bratislavská teplárenská. There is a lot of data that BAT needs to protect, including the personal data of its own employees, customer information and consumption data, financial data etc. They chose the Safetica DLP package to prevent data leaks. Soitron is certified Gold Partner of Safetica Technologies. Our role was to ensure the smooth deployment of the technology.
Case study was published 23.03.2020

REQUIREMENTS

  • Deploy a Data Loss Prevention (DLP) solution from Safetica in the company
  • Ensure compliance of the company’s processes and technologies with the new legislative requirements (GDPR and the Cyber Security Act)
  • Use this opportunity to update existing sensitive data processing procedures to
    make them compliant with the legislation as well as with company management’s expectations

SOLUTION

  • Use the Safetica Auditor to map the ways and forms in which the data is processed, i.e., where the data comes from, how it is created and processed, and where it is transferred
  • Classify data by content, origin, and other metadata
  • Create policies for different groups of sensitive data
  • Provide training to the client’s IT team

Outcomes

Gaining an overview and control over corporate data.

New analyses and statistics of the company’s data flow

Preventing unauthorized processing of sensitive data

A notification system that reminds users to heighten their caution regarding the data they are currently working with

Read more

VÚB bank has enhanced its data security by implementing controlled network access

VÚB BANK HAS ENHANCED ITS DATA SECURITY BY IMPLEMENTING CONTROLLED NETWORK ACCESS

For VÚB Bank, a member of the Intesa Sanpaolo group, ensuring a highest level of security has been one of its key priorities for quite some time. This effort has resulted in the implementation of a set of security measures. This is why the bank has implemented a system for the controlled access of external contractors to its network environment through a virtual private network (VPN). In the second phase, Soitron, the bank’s traditional network technology provider, implemented controlled access over the wireless network as well. In the third phase, the company decided to modernize the controlled access to the bank’s network via a cable connection in the building.
Case study was published 25.02.2019

Requirements

  • Ensure the controlled access of computers and IP devices in the bank’s premises via a cable connection
  • Enhance network security and thus data and bank system security

Technologies used

  • Cisco ISE (Identity Services Engine) platform
  • Cisco authentication servers
  • IEEE 802.1X protocol for secured computer network access
  • Cisco Catalyst switches
  • Cisco Wireless LAN Controller

Outcomes and benefits

Controlled access to the bank’s network: an overview of who, when, and through which devices people connect to the network by a cable connection in the bank’s building

The option to set different levels of access to the network for different user types (guests, management, the technical department and other staff)

Read more

Soitron Security Sensor allowed ZKW Slovakia to see their IT security situation

SOITRON SECURITY SENSOR ALLOWED ZKW SLOVAKIA TO SEE THEIR IT SECURITY SITUATION

Industrial enterprises are usually not pioneers in deploying cyber security technologies, because their technology refresh cycles are multiple times slower and more costly than those in the IT sector.
However, ZKW Slovakia s.r.o., a leading supplier of lighting systems and electronics for the automotive industry, is one of the bright exceptions.
Case study was published 07.01.2019

Requirements

  • Get a continuous overview of the network security and corporate ICT resources.
  • Demonstrate cyber threat resilience and data protection capabilities to key contractors.
  • Enhance security of the technology infrastructure.

Solution

  • Penetration testing and deployment of the Soitron Security Sensor solution integrating multiple security technologies from various vendors such as
    Flowmon, Cisco and Fortinet.
  • An audit based on customer network monitoring and the gathered data.
  • Final report on the current state of IT security and recommendations for improvement.

Outcomes

Identification of deficiencies that the customer would not have been able to uncover without deploying the advanced technologies.

Strengthening of the IT security of ZKW Slovakia s.r.o.

Ability to test multiple high-end security technologies from various vendors in a single package.

Enhanced overview of the status and performance of their enterprise network, including alerts of any anomalies, which allows the company to identify potential threats and performance issues in a timely manner.

Read more