European Heating Supply Company Monitors Over 200 Sites with a Single Device

The Customer: European Heating Supply Company

This heating supply company, located in the Nordics region with over 400 employees, handles district heating supply, waste and recycling for over 300,000 customers.

How Does a Nordics Heating Company Identify OT & IoT Device Vulnerabilities?

The heating supply company’s OT Network Administrator is responsible for ensuring that heat continues to flow to the company’s 300,000+ customers in this Nordic country. While the Administrator had a good understanding of the quantity and types of devices on the infrastructure, he was concerned about potential cyber threats. He knew that the network contained a large number of programmable logic controllers (PLCs) known to be vulnerable to the Stuxnet virus. While Stuxnet enters via an IT network, it ultimately targets the supervisory control and data acquisition (SCADA) systems on the OT side.

‍

To prevent cross-infection, the Administrator maintained a gap between the organization’s OT and IT systems. However, because heating substation data flowed through a centralized SCADA service, every time a computer inside the network made a connection to the outside, it increased the organization’s vulnerability to malicious malware.

‍

To reduce the level of risk, the Administrator wanted to continually monitor his OT network for vulnerabilities that could disrupt heating operations in any way, and quickly remediate any issues found. The heating company’s Network Administrator was also looking for an efficient way to prepare for the security regulations he believed were coming to suppliers in the region.

‍

The Directive on Network and Information Systems (NIS Directive - EU) went into effect in 2018, and a new version, the NIS2 Directive, is on its way. The initiative is designed to ensure that operators of essential services (OES) are equipped to deal with increasing cyber threats. When applied consistently, NIS principles can help critical infrastructure providers achieve and maintain a high level of network and information system security.

‍

A second set of industry guidelines and standards, IEC 62443, provides a framework for addressing and mitigating security vulnerabilities in industrial automation and control systems. It outlines technical standards for the life cycle of cybersecurity in OT environments, including technical requirements and requirements for policies, procedures and components used in industrial control systems, including embedded devices like PLCs, as well as network assets and software.

‍

While this Nordic country has yet to mandate that heating companies comply with NIS Regulations or IEC 62443 Standards, the heating supplier wanted to understand what they entail and get in front of the compliance curve.

Taking a Proactive, Risk-based Approach to Cybersecurity

The OT Network Administrator was intrigued when he learned about the comprehensive capabilities of the Nozomi Networks OT and IoT visibility and security solution from a former colleague.

‍

It seemed to offer much of what he needed, starting with the ability to identify OT and IoT assets on his network. This would help him maintain the vital gap between OT and IT systems. The solution also provided much-needed insight into which PLCs and other assets were vulnerable to exploitation by cyber attackers.

‍

The OT Network Administrator worked with Nozomi Networks local system integration partner SecuriOT to spin up a security assessment Proof of Concept (PoC) at the core site of the organization. The OT cyber experts from SecuriOT were able to demonstrate the value of the solution almost immediately.

‍

Upon deployment, the Guardian appliance inventoried the OT and IoT assets on the site’s local network and identified all communicating devices. This included those used by third party suppliers connecting and interacting with the heating infrastructure. Guardian then conducted a vulnerability assessment and provided detailed information on PLCs that were open to cyber threats.

‍

The heating supplier’s executive team was excited by what they saw and quickly gave the Network Administrator approval to deploy the Nozomi Networks solution, including Smart Polling and Threat Intelligence services, across the organization’s entire 200-site infrastructure.

The comprehensive visibility, monitoring and risk identification capabilities of the Nozomi Networks solution support a structured approach to compliance with cybersecurity regulations and standards.

‍

For example, Guardian’s OT/IoT security and visibility functionality provides real-time network intelligence, monitoring and AI-powered threat detection. This allows the heating supplier to proactively manage security risk and protect itself against cyberattacks, as outlined in NIS objectives. The Nozomi Networks solution also provides real-time alerts for behavioral anomalies and threats it identifies within industrial control networks. All monitoring and assessment information is displayed in an intuitive interface that streamlines reporting and operational oversight.

Automated Network Monitoring and Rapid Identification of Vulnerabilities

Thanks to the Nozomi Networks solution, this European heating provider is proactively embedding cybersecurity into its operational processes and improving its cyber resiliency. The company is well on its way to developing a level of security maturity that demonstrates compliance with the NIS Directive.

‍

The heating supply company was able to cost-effectively deploy a mature OT visibility solution across its 200-site heating system infrastructure. Thanks to a single Guardian sensor and the extensive cybersecurity knowledge of the SecuriOT team, the organization can now automatically monitor its operational processes and identify vulnerabilities, all with an OT team of one.