Enel Secures their Global Power Generation Network

Enel, One of the World’s Leading Integrated Electricity and Gas Operators

Enel is global energy company operating in 30 countries across 4 continents. With more than 61 million users worldwide, Enel has the largest customer base among European competitors and figures among Europe’s leading power companies in terms of installed capacity and reported EBITDA.

‍

Enel manages a highly diverse network of power plants: hydroelectric, thermoelectric, nuclear, geothermal, wind, solar PV and other renewable sources. More than 47% of the electricity Enel produced in 2014 was free of carbon dioxide emissions, making it one of the world’s major producers of clean energy.

How Does a Global Energy Company Enhance their Security Profile While Increasing Operational Efficiency?

Electric energy operators around the world are working to increase the reliability and cyber resiliency of their systems. This includes Enel, a global power company that manages and monitors the Italian power grid. The grid is managed by and monitored by Enel 24/7/365 and is operated by Terna, the Italian Transmission System Operator (TSO). Serving 31 million customers, the grid has a net installed energy capacity exceeding 31 gigawatts and includes more than 500 power generation plants, including hydroelectric, thermoelectric, and wind.

‍

Enel is responsible for the availability of the grid’s underlying OT, IoT, and industrial networks. It also manages Regional Control Centers and Interconnection Centers which connect with the TSO. The TSO manages the flow of energy to the grid plus controls and remotely regulates the power generation of power plants, increasing and decreasing power production as required. The complex system of interaction and cooperation between Enel and the TSO has strong security implications as well as operational and business challenges.

‍

Initially Enel was using standard networking tools to manage, monitor and troubleshoot the ICS and the control network. However, operations were manual and time-consuming. Information was difficult to gather and required human knowledge to be understood and correlated. Enel wanted to improve efficiency as well as reliability and security with another approach. Plus, it required in-depth support of SCADA protocol IEC 60870-5- 104, used for power system monitoring and control and support for the security requirements of IEC 62351.

Nozomi Networks Proves its Value Throughout the Project Roll-Out

Working together, Enel and Nozomi Networks deployed Guardian™ at one Regional Control Centers first. Following extensive testing and fine-tuning the deployment proceeded to full-scale roll-out.

‍

As a first step, Guardian sensors were installed at all Regional Control Centers to monitor the Italian operational network. They were also installed at Interconnection Centers to monitor the connection between Enel and the TSO.

‍

Next, the Central Management Console™ was installed to operate, monitor, and update the sensors, with a single CMC monitoring over 10,000 assets. Finally, Guardian portable P500 sensors were introduced to monitor and analyze segments requiring investigation and troubleshooting.

Enel Improves Productivity, Availability and Cyber Resiliency

Post deployment Enel uses the Nozomi Networks solution to monitor, troubleshoot, and protect its industrial control network from a central location. Gathering information has become an automated process and one that delivers correlated and meaningful information. This has improved efficiency and allowed Enel’s staff to focus on protecting operations.

‍

With Nozomi Networks, Enel has been able to achieve full visibility and monitoring of their control network. This includes sites at remote, isolated locations as well as the connections between Enel and the TSO.

‍

They have also seen enhanced operational insights such as detecting misconfigurations, anomalous activities, critical states, and standard and advanced security attacks. Supervision utilizes in-depth understanding of Enel’s ICS and supported SCADA application-level protocols such as IEC 60870-5-104. Additionally, with Guardian’s unique features, Enel is able to get traffic analysis for current and future investigations. Lastly, Enel now has automatic, real-time notifications of industrial events of interest, including alerts triggered by custom-designed rules and constraints.