Solutions

Cybersecurity

We understand, defend, and serve ICS and OT networks.

Cybersecurity is not one thing. It is never finished. Our mission is to provide services and solutions that defend and maintain the availability of industrial control system (ICS) and operational technology (OT) power systems.

Our Approach

We simplify cybersecurity with layered defenses that apply the right technologies in each layer. 
Learn why we're different 

Our Solutions

Cyber systems and solutions designed for critical infrastructure.
See how we solve the problem 

Our Services

Strengthen your defenses and streamline maintenance and compliance.
Partner with us to get it done 

Our Support

We strive to be not just a vendor, but a partner you can rely on.
See how we support our partners 

Our Approach

We believe in establishing a strong understanding of the system you are defending and that simpler products and systems are easier to defend. The layered defense model is most effective when the right technologies are applied at the appropriate layers and incorporated to support the specific purpose of each part of the system.    

Zero Trust for ICS and OT Cybersecurity 

The concept of zero trust for securing information networks is gaining in popularity. This is underscored by the executive order of May 12, 2021, to improve the nation’s cybersecurity, highlighting zero trust as a key component.

A zero-trust architecture is a powerful tool that helps security professionals determine optimal ways to design security controls for their networks. However, ICS and critical infrastructure networks have important differences from IT networks and require a modified approach—particularly regarding the decision of where to encrypt traffic and at what point end-to-end encryption hurts the availability of protection and control devices.

Furthermore, the notion that trust can be excluded from the calculus of network security is misguided. Trust underpins all security; therefore, when applying zero trust to a network, security professionals should continually evaluate these questions:

  • What do I trust?
  • Why do I trust it?
  • When should I no longer trust it?

From our knowledge base

Encryption and the CIA Triad

The core of cybersecurity is defined by three intertwining goals: confidentiality, integrity, and availability, commonly known as the CIA triad.

Confidentiality is the idea that information can be kept secret and known only to those people or systems who need that information to perform their duties. Integrity is the idea the information is valid and verifiably correct. Availability is the idea that a system or data are running or available when needed. Each of these core concepts are required when designing a secure ICS or OT network, but the priority of each shifts based on the security zone.

Generally, these security zones are broken up into levels based on the Purdue diagram for ICS security. SEL defines six levels: Perimeter (level 5), SCADA (level 4), Access (level 3), Automation (level 2), Control (level 1), and Physical (level 0). Protocols like Transport Layer Security (TLS) and IPsec are powerful encryption tools for Levels 4 and 5, which focus more on the confidentiality of data. But these off-the-shelf IT protocols are often misapplied in ICS/OT networks, making it more difficult to detect intrusions and to perform forensic investigations into cyber attacks.

Encryption at Levels 1 and 0 should be limited and specialized, like Media Access Control Security (MACsec) or Secure Shell (SSH), which don’t overload protection and control devices with unnecessary code.  

From our knowledge base

Attack Surface Reduction

Keeping up with ever-changing cybersecurity threats can seem daunting, but there are several practical steps that all owners of critical infrastructure systems can begin taking immediately to mitigate the risk of a damaging cyber attack.

These steps include knowing all the communications paths to your assets, using the appropriate encryption and authentication tools, practicing need-to-know policies, incorporating multiple layers of defense, developing an incident response plan, and using and managing strong passwords. 

These practical steps do not directly address regulatory requirements or any particular cybersecurity framework. For help meeting regulatory requirements and implementing risk mitigation solutions, please contact SEL Cyber Services.

From our knowledge base

Deny-by-Default Cybersecurity

Deny-by-default is the strongest approach to designing communications paths in an OT zero-trust network architecture. We achieve this through our OT software-defined networking (SDN) solution, which is part of the Department of Defense Information Network’s Approved Product List. Products in this list are tested, validated, and certified to the cybersecurity and interoperability standards of Defense Information Systems Networks.  

OT SDN takes the decision-making control out of the switch and puts it with the operator. The operator defines all the primary and backup flows, decides what is and isn’t allowed on the network, and determines what actions to take when a rogue packet is identified.

Anything that doesn’t match the predefined set of rules is identified, denied by default, and either dropped or sent to an intrusion detection system. This eliminates the network technologies that lead to spoofing, MAC flooding and table poisoning, Bridge Protocol Data Unit (BPDU) attacks, ransomware attacks, and more.  

From our knowledge base

Secure Supply Chain Management

Our supply chain is our customers’ supply chain. See how we keep it secure.  

Cybersecurity Resources

SEL security updates, best-practices information, and training resources.  

Awareness and Education

Use these awareness aids to help everyone make cybersecurity best practices part of their daily routine.  

Partnerships and Product Development

We work with partners in government and industry to bring new cybersecurity technology and products to market.

Our Solutions

Cybersecurity, and the protection of critical infrastructure, is a mission we serve every day and have done since the beginning of our company. We design cybersecure systems and solutions for all industries based on an in-depth understanding of OT performance requirements, customer needs, and critical infrastructure demands.

Layered Cybersecurity

SEL solutions incorporate layered cyber defenses to help keep your system secure.  

These defenses incorporate security features that support the specific purpose of each part of the system, such as: 

  • OT software-defined networking (SDN).
  • Role-based access controls.
  • Integration with multifactor authentication systems and one-time-password (OTP) solutions.
  • Encrypted external communications via VPN with IPsec. 
  • Hardened engineering access and HMI systems.

SEL networking solutions and automation controllers can also be integrated into security information and event management (SIEM) and intrusion detection systems (IDSs), which help detect and counter cyber attacks before they disrupt operations.

We thoroughly review and test every line of code in our products, which provides greater control over their quality, security, and functionality. 

We also follow secure supply chain management best practices and help our customers comply with applicable supply chain and cybersecurity standards (for instance, NERC CIP-013 for certain North American utilities). 

Secure OT Networking

The SEL software-defined networking (SDN) solution is purpose-built to improve cybersecurity and situational awareness in OT environments such as substation LANs, ICSs, and facility-related control systems (FRCS).

A true deny-by-default solution, OT SDN allows the operator to define all communication flows and specify exactly what type of traffic and devices are allowed on the network. Anything not matching those specifications is identified, denied by default, and dropped.

OT SDN helps you:

  • Easily see and understand what should be happening on your network.
  • Make intrusion detection system (IDS) integration simpler and more cost-effective.
  • Streamline NERC CIP data collection and reporting.
  • Meet the performance requirements of IEC 61850 systems with high-speed failover, efficient traffic handling, and high network availability.

Our OT SDN solution has been tested against several challenging OT requirements and is certified on the U.S. Department of Defense Information Network Approved Products List.

From our knowledge base

Perimeter Security and Secure Access Control

SEL secure communications products are specifically designed to create cybersecure OT networks that function seamlessly with the IEDs that protect your systems.

The robust cybersecurity features integrated into these products have been proven in substations and industrial plants around the world. We issue security patches, firmware upgrades, and technical bulletins for the entire service life of every product.

Secure your control system communications with SEL Ethernet security gateways, which function as routers, VPN endpoints, and firewalls with built-in malware protection. They also provide secure access control for serial- and Ethernet-based IEDs.

Enhance the security and resiliency of network communications between substations and the control center with OPNsense on SEL hardware. An advanced cybersecurity solution that embeds in the SEL-3355 Automation Controller, it features stateful firewall tracking, deep-packet inspection, adaptive routing, and hardware failover.

See SEL Products for Secure Communications

Secure OT Networking

OT SDN is a true deny-by-default networking solution with better security, control, and performance than traditional Ethernet technology.

Converged Industrial Edge

Improve and secure the information exchange between IT and OT network devices.

Perimeter Security and Secure Access

Protect against cyber threats with Ethernet security gateways and advanced firewall solutions designed for substation and industrial environments.

Our Services

From system assessment and baselining to cyber-defense solution development and ongoing system management, our full suite of security services can help strengthen your defenses and streamline the demands of maintenance and compliance.

Overview

SEL cybersecurity professionals will work with you directly to develop a secure solution that is tailored to your priorities and objectives.

We help with:

  • Services and solutions that ensure compliance with NERC CIP requirements.
  • Assessment services and risk remediation plans based on National Institute of Standards and Technology (NIST), NERC CIP, and IEC 62443 cybersecurity frameworks.
  • Design and implementation of secure communications networks, access management, and remote access solutions.
  • OT system baselining.
  • Threat management solutions, including logging and monitoring, visualization, reporting and alerting, incident response plans, and data backup and recovery.
  • Making a cybersecure transition from serial communications to Ethernet—and streamlining the maintenance and compliance requirements that follow.

SEL practices a defense-in-depth philosophy of cybersecurity. We design secure systems starting with the device closest to the critical asset and working out to the user, ensuring that authentication, authorization, and accountability are intact at each stage. We also ensure that security features don’t compromise the performance of critical protection and control systems.

From our knowledge base

NERC CIP Compliance

SEL provides services and solutions that streamline the demanding, potentially time-consuming tasks of maintaining compliance with NERC CIP cybersecurity standards and keeping your critical electric power infrastructure secure.

We can also test, design, and implement complete OT networking solutions that comply with any cybersecurity standards that may apply to you.

Cyber Attack Mitigation

We freely provide a broad set of best practices that you and your team can begin using immediately to improve the security of your systems and mitigate the risk of a damaging cyber attack. 

And if you need to meet regulatory requirements or need expert help implementing cybersecurity solutions, SEL Cyber Services professionals are ready to partner with you to get it done. 

Lifecycle Services

There is no one-size-fits-all approach to OT cybersecurity. Whether you want help managing the security of your SEL-designed and -commissioned OT system or want to maximize your cybersecurity effectiveness with sophisticated planning and response, we have a service package that meets your stage of the cybersecurity lifecycle. And with our experienced security staff carrying as much of the load as you need, your teams can be free to do what they do best: keep your systems up and running.

From our knowledge base

Engineering Services—Cybersecurity

Our cybersecurity professionals provide secure solutions tailored to your priorities and objectives. 

NERC CIP Compliance Services

We help electric utilities meet NERC CIP cybersecurity standards and streamline compliance processes. 

Cyber Attack Mitigation

Practical steps you can take right now to reduce cyber vulnerability—plus how SEL can help. 

Lifecycle Services

Dedicated cybersecurity support from experts in industrial control systems (ICSs) and operational technology (OT), tailored to your needs.

Our Support

We believe you should never have to worry about whether your protection and control systems will be working when you need them most. SEL products are designed and manufactured for the world’s most challenging environments, exceeding all industry standards for temperature, shock, and electric stress, which has led to one of the highest MTBF ratings in the industry.

However, sometimes the unexpected happens. That’s why you always have access to SEL engineers—and every device we manufacture comes with a ten-year warranty and no-cost technical support.

After your systems are commissioned, our application engineers provide technical support for SEL products at no cost.

As long as your SEL products remain in service, you have access to direct technical support from SEL engineers—not just a handful of customer-facing product engineers, but a large corps of application engineers who are intimately familiar with the way our devices are deployed and the functions they typically perform in the field.

No matter how often you need to call or how long your SEL products have been in service, our customer service and technical support professionals are ready to help.

Customer support staff and application engineers are stationed in regional offices across North America and around the world.

Find your local office 

SEL offers complete cybersecurity support for every solution, system, and product we provide.

We also practice secure supply chain management and help our customers comply with applicable supply chain and cybersecurity standards.

Security Bulletins and Updates

We thoroughly review and test the code in our products, which allows us greater control over their quality, security, and functionality. Security-related software and firmware updates are provided for the entire service life of every SEL device and are distributed directly to our customers via secure file transfer.

End users of SEL products can sign up to receive email notifications of security vulnerabilities, including information on how to mitigate their risks.

Cybersecurity Services and Support

From system assessment and baselining to cyber-defense solution development and ongoing system management, our full suite of cybersecurity services can help strengthen your defenses and streamline the demands of maintenance and compliance.

Cyber services support contracts can include incident response, audits, system hardening, patch/update management, and more.

Contact SEL Cyber Services 

SEL meets your workforce training and continuing-education needs through seminars, conference and tradeshow presentations, and SEL University courses.

SEL University courses and many of our seminars provide professional development hours (PDHs) for maintaining Professional Engineering (P.E.) licenses. Courses and seminars can be delivered in various formats, including in-person seminars, self-paced online learning, virtual classrooms, and live and recorded webinars.

We can also work with you to develop training that is customized to the specific needs of your workforce.

Training and education offerings:

Warranty and Technical Support

Read SEL product warranty information, see how to return a product, or contact technical support.

Security Notifications and Updates

Stay informed on cyber vulnerabilities and keep your SEL products up to date.

System and Product Certifications

SEL systems, processes, and products are certified to internationally recognized standards.

Cybersecurity Solutions

From assessment to cyber-defense solutions, our full suite of security services can help strengthen defenses and streamline maintenance and compliance.

SEL University

Training and education for power system engineers, technicians, and managers.

Customer Highlights

Belgium Integrates Offshore Wind Power into European Grid
Learn more 
Remote Engineering Access Solution Delivers Cybersecurity and Convenience
Learn more 

Related Content

Podcasts

Position Papers

Questions? Contact Us!

If you have any questions about SEL products, services, solutions, or support, please contact us. Our service and support professionals are ready to provide the answers you need.

Unbeatable Support

SEL support teams are stationed in regional offices around the world and staffed with application engineers who are experts in our products and in power system applications.

Technical support for SEL-manufactured devices is always free. No matter how often you need to call or how long your SEL products have been in service, you’ll reach an SEL expert who can provide the service and support you need.

Our cybersecurity team is always ready with the information and resources needed to keep your OT networks and critical systems secure and working effectively. Cyber services support contracts can include incident response, audits, system hardening, and more, depending on your anticipated needs.

More about SEL warranty and support