Security Nugget: Air Compressors Help Secure Generators

At large generators, per-unit air compressors and Unidirectional Gateways are reducing risk and reducing compliance costs.


The latest CIP V5 transition guidance explains how to assess the impact of segmented networks. Large generating sites are duplicating site-wide resources, such as pneumatic air compressors and control systems, for every generating unit. NERC CIP V5 states that if there is a strong security perimeter around each control system segment, and no segment can influence more than 1500 MW of generation, then the site has no Medium Impact cyber systems. This is a significant incentive; Low Impact systems cost much less to administer than Medium Impact systems.

Done properly, increased redundancy and segmentation can dramatically reduce compliance costs and the cost of risks. The right way to segment generating networks is with Unidirectional Security Gateways. Per-unit physical redundancy and per-unit network segmentation with Unidirectional Gateways turns one large, valuable target into many smaller, much harder targets. Unidirectional segmentation eliminates the single biggest risk to generating networks: the risk of remote attacks reaching through firewalls into control system networks. It does not matter how mundane or how sophisticated the attack, it does not matter whether the attack is from corporate insiders or the Internet, Unidirectional Security Gateways physically prevent all message from external networks that may put a control network at risk.

The bottom line: CIP-compliant segmentation substantially reduces compliance costs. Per-unit Unidirectional Security Gateways substantially reduce risks and costs. Investing a tiny fraction of compliance cost savings into risk reduction with Unidirectional Security Gateways is just good business.