Vermont Electric Improves ICS Cybersecurity

The Customer: Vermont Electric Cooperative

Vermont Electric Cooperative is a member-owned electric distribution utility that provides safe, affordable, and reliable energy services to its members. Vermont Electric operates across 75 communities in eight counties.

How Does an Electric Utilities Company Enhance Their Security Profile While Increasing Operational Efficiency?

Electric industry information sharing and confidential briefings from industry and government agencies worry Kris Smith, Manager of Operations Engineering at Vermont Electric Cooperative. That’s because the responsibility for service interruptions to VEC’s members lands squarely on his shoulders. “As with any utility, service reliability is paramount. And a robust cybersecurity program with robust cybersecurity platforms are how we ensure that reliability.”

‍

In practice, promoting reliability means adopting the U.S. Office of Electricity Delivery and Energy Reliability’s (OE) mindset. Specifically, boosting VEC’s cybersecurity preparedness and incident response capabilities. Towards that end, Smith resolved to overcome several challenges that he faced. “[Prior to implementing the Nozomi Networks solution] we relied heavily on manual, time-consuming processes to administer our systems and mine data. Collating and analyzing large data sets in tabular format, from three different systems, was so resource intensive that it made applying a comprehensive cybersecurity approach difficult."

‍

To ensure he chose an effective solution, Smith established strict criteria. First among them was a solution with a proven industry track record. “We didn’t want to be beta testers for newcomers in our space.” Additionally, Smith wanted a solution that could automatically build an asset inventory, visualize assets and model their interactions, as well as systematically detect and provide alerts concerning anomalies and potential threats. He also wanted a solution that could scale and adapt for future development, growth and support.

‍

Moreover, the solution needed to be able to dramatically improve operational efficiency by replacing manual processes with automation features and capabilities, interface seamlessly with VEC’s existing systems and enable the consolidation of data from networks onto a single platform.

Nozomi Networks Proves Its Value in Proof of Concept

“We selected Nozomi Networks because their Guardian solution meets all of our requirements in terms of visualization, detection, response and administration, as well as being a platform for long-term development and support” says Smith.

‍

The final decision was based in part on the completion of a successful Proof of Concept (PoC) project at VEC. Smith uses the Guardian solution to consolidate ICS data for analysis, to visualize his assets and their relationships to one another and to automate alerts to address anomalies and potential threats.

‍

“It allows us to do a deep dive into the network protocols themselves, which supports both our cybersecurity and operational efficiency objectives” says Smith.

‍

Smith deployed a tried, tested and vetted solution so that he could focus on tuning, monitoring and maintaining his network to ensure its reliability and efficiency. He states, “Not only do they have major deployments around the world to their credit, but Nozomi Networks specialists demonstrated that Guardian delivers value in our environment. Most significantly, the solution has reinforced our cybersecurity program to help us advance our reliability goals.”

Improved Reliability, Cybersecurity and Productivity

“Today, I can visualize all of my network components and see how they interact together,” says Smith. “I’ve also added IOCs [indicators of compromise] as I get them through the cybersecurity community. So, in a matter of moments, I can identify, and promptly address, any issues.”

Smith likes the automated cybersecurity and operational monitoring feature he gets through Guardian. “When the system detects anomalies, I get email alerts in real time” he says.

Additionally, Smith notes that the Nozomi Networks solution’s comprehensive and integrated reports have “…enabled me to do more consistent reviews of my log data and system performance. And it allows me to respond more quickly and comprehensively to information that we get from our peers."

‍

As a result, Smith explains that “Vermont Electric Cooperative enjoys a greatly enhanced security posture that reduces our exposure. So much so that with Guardian in place, I have the peace of mind that lets me sleep at night.”

‍

Guardian gives Smith granular visibility into ICS operations. Specifically, the solution creates an asset inventory and automatically updates it. Furthermore, it visualizes VEC’s network and models the relationships between assets. Finally, artificial intelligence features allow Guardian to learn traffic behavior patterns, and issue alerts or warnings when anomalies are detected. “We’ve also used this data to tune protocols to be more efficient and to eliminate some communication errors as well,” adds Smith.

‍

These features combine to eliminate many of the time-intensive, manual tasks that Smith used to perform. “Previously, it took me two to three hours to go through dozens of pages of information from three systems,” he explains. “Today, some of the cybersecurity system reviews I do take me as little as 15 minutes. Overall, the Nozomi Networks solution has helped me gain back between 10-12 hours a week.”1

‍

The solution also helps Smith reduce time spent on troubleshooting and forensic activities. “Guardian allows us to drill down in protocols for new and existing equipment to efficiently diagnose issues. Consequently, we’ve improved our operational performance and, in some cases, can avoid costly truck rolls.”

‍

While VEC currently doesn’t have any NERC CIP jurisdictional assets, “We’re prepared for the possibility that regulators will bump the limit down so that our assets are included,” says Smith. “I like that Guardian positions us to be compliant if regulations become more stringent.” Overall, Smith explains that "Nozomi Networks Guardian helps us secure reliable, more efficient energy delivery to keep our cooperative members happy."

‍

*1 About 500 labor hours annually (assuming 10 hrs/week @ 50 weeks) - or 12.5 labor weeks per year