Red Eléctrica has developed a project with the cybersecurity startup Radiflow leveraging the technology offered by its industrial threat detection and management platform iSID. This anomaly detection and OT (Operational Technology) visibility suite allows improving the security of industrial networks through a complete visualization of the network, threat detection and management of communication policies between devices. In this sense, Radiflow's proposal ensures proactive cybersecurity for critical infrastructures, detecting changes in their topology and behavior.
The objective of the project was data traffic monitoring in Red Eléctrica's environments, for which, during six months, the real traffic generated by the SCADA system has been evaluated. In this way, it has been possible to evaluate the Deep Packet Inspection (DPI) capabilities of OT communications protocols and the detection of cybernetic anomalies. It should be noted that these communication protocols are important for Red Eléctrica's activity for the following reasons:
- They are used in control and protection communication systems in electrical substations, being able to automate part of their elements.
- They allow remote monitoring and control of equipment and systems in the electrical network, improving operational efficiency and response capacity.
- They are used for real-time data collection and monitoring of critical infrastructures such as power grids.
In this regard, iSID offers specialized solutions for industrial and IT networks. This includes the modeling and detailed visibility of devices, protocols and established sessions, as well as threat detection, policy monitoring and validation of operational parameters. In addition, it facilitates rule-based maintenance management and efficient administration of networked devices.
It must be noted that the collaboration between Radiflow and Red Eléctrica was born thanks to the participation of the startup in Elewit’s IV Venture-Client program and that it has continuity due to the fact that the solution they propose contributes to Red Eléctrica's infrastructure. Some of the differential values of Radiflow's solution are the following:
- Automated generation of the basic topology and behavioral model of devices and connections in the network.
- Non-intrusive analysis by analyzing network traffic using DPI without interrupting normal operations.
- Deployment of the monitoring system at central or local location according to specific needs.
- Continuous monitoring of changes in the configuration and operation of devices such as PLCs.
- Identification of vulnerabilities caused by interoperability of networked devices.
- Preparation for centralized management of multiple system instances in an MSSP Operations Center.
- DPI monitoring capabilities over OT protocols used in power grids.
Throughout the project, in parallel, the same traffic was monitored using another intrusion detection solution (IDS) with OT (Operational Technology) capabilities. After analyzing the results of the project, it has been demonstrated that iSID technology has great analysis capabilities for industrial traffic, detecting anomalies with a much higher efficiency than the other solution evaluated.