html{display:none} New Cybersecurity Enhancements and Expanded Portfolio Options | Schweitzer Engineering Laboratories
SDN News

New Cybersecurity Enhancements and Expanded Portfolio Options

SEL-5056 Flow Controller on Blueframe

The SEL-5056 Software-Defined Network Flow Controller is now available as a no-cost application for the SEL Blueframe platform.

This allows you to distribute your controllers to the field edge and have the flow controller operational in the same rugged environmental facilities in which the software-defined networking (SDN) switches are deployed, all without added concerns of NERC CIP compliance surrounding a general purpose operating system’s configuration and patch management.

Both Windows and Blueframe versions of the SEL-5056 Flow Controller offer the same functionality. No additional training is required with uniform user interfaces and work flows for network engineering. The SEL-5057 Flow Auditor works with both versions of the SEL-5056, allowing you to simplify network inventory management and NERC CIP-007 R1.1 ports and services preparation and stop the expense of active network scanning.

Blueframe offers a secure operating system and the opportunity to consolidate equipment when implementing an SEL SDN solution.

SEL Launches Converged Industrial Edge Solution With Juniper Networks and Dragos

In collaboration with industry leaders Juniper Networks and Dragos, SEL has release a new solution called the Converged Industrial Edge (CIE). A major portion of CIE is SEL’s operational technology (OT) SDN solution.

CIE is a network architecture developed as the best approach for improving, simplifying, and securing the IT and OT information exchange. This network architecture is our response to the ever-growing connectivity and cybersecurity demands placed on critical infrastructure.

With CIE, network operators get a cloud-native, programmable, zero-trust network architecture solution that allows new circuits to be created and implemented in minutes, reduces the potential for misconfigurations, increases system visibility, reduces maintenance and operational costs, and minimizes the cyber-attack surface.

Partnering with SEL, Juniper Networks, and Dragos is Bonneville Power Administration (BPA), who is constantly seeking new ideas and innovations for boosting cybersecurity. BPA said the technologies developed in this solution show great potential for advancing substation cybersecurity, reducing substation maintenance costs through increased workflow automation, and increasing real-time awareness of OT networks.

CIE provides technical, operational, and business benefits, including:

  • Complete end-to-end, Ethernet-based communications for data centers, WAN, and the edge.
  • A standardized digital infrastructure layer for frictionless information exchange between vendors, systems, devices, and domains.
  • Native cybersecurity through the combination of deny-by-default, zero-trust networking, and threat detection and prevention at every port, packet, and process.
  • An extensible design that allows flexible cloud-native technologies to automate repeatable tasks, reducing errors and the strain on human capital.
  • A modular and pluggable format that integrates with existing operations support systems (OSSs) and business support systems (BSSs), work order and ticketing systems, IP address management (IPAM), and certificate authorities.
  • Simplified cross-domain information exchange and trust management between domains.
  • Detection and tracking of known malicious behaviors and tactics as well as automatic response for fast-moving, east-west attacks—before compromise and exfiltration occur.

To learn more, visit the CIE solution page.

OT SDN Certified by Department of Defense

As of July 2021, SEL’s OT SDN solution is certified on the U.S. Department of Defense Information Network (DoDIN) Approved Products List (APL).

The DoDIN APL is a consolidated list of network communications products and applications that are approved for use in DoD information networks and control systems. When a product makes this list, it is the result of rigorous and extensive testing, validation, and certification to ensure that the solution meets the cybersecurity and interoperability standards for the Defense Information System Network and Federal Acquisition Regulation.

OT SDN includes a true deny-by-default networking switch and is purpose-built for OT environments. The technology removes decision-making control from the switch and puts it with the operator, which leads to improved cybersecurity, a significant advantage over traditional packet delivery, and better network situational awareness. This is because with OT SDN, the operator can now predefine all communications flows and specify exactly what types of traffic and devices are allowed on the network. Anything that doesn’t match these specifications—like a rogue packet, an adversary, or an unwanted device attempting to traverse the network—is identified, denied by default, and contained within the switch to prevent threats from infecting other parts of the system.

Additionally, instead of using spanning tree protocols on the underlay, this solution uses SDN on the underlay. This key difference means OT SDN eliminates vulnerable network technologies that can lead to spoofing, MAC flooding and table poisoning, ransomware attacks, and more.

To learn more about these benefits, visit the OT SDN webpage.