As with all asset-intensive companies, energy firms worldwide are under pressure to increase the security of their operational technology (OT) networks and devices. Previously “air-gapped” OT systems are being connected to corporate data center and cloud services, where they are more exposed to cyber threats found on the internet. The increased connectivity of OT systems is in part being driven by information technology (IT) / OT convergence, where operational and enterprise systems are connected to enable data-driven insights and improved business outcomes.
In Brazil, regulators are paying close attention to the cybersecurity of companies in critical infrastructure sectors, such as energy—disruption to which would have serious social, economic, political, national, and/or international security implications. The country has therefore set the goal of securing critical national infrastructure by 2023, as outlined in its National Cybersecurity Strategy (‘E-Ciber’).
To meet regulatory oversight requirements from the Brazilian Electricity Regulatory Agency (ANEEL) and technical requirements from the national grid operator (ONS), one Brazilian energy company realized that it would need to overhaul OT security at its power plants ahead of the 2023 deadline. The company’s legacy technology was simply not up to the task.
Reacting to external obligations was only part of the reason for OT security modernization. The company also faced significant pressure from its shareholders to reduce its operating costs and increase revenues with new OT security measures.
Further strategic opportunities were apparent in its IT network. In particular, the utility identified that communications integration between its three data centers and main offices would help improve the quality of its service. At that time, the company experienced low communications service quality that especially affected remote operations. The organization’s CISO therefore decided to replace its legacy software-defined wide-area network (SD-WAN), which was approaching its license expiration date, with a high-performance alternative.
After a request for proposal (RFP) process and following several demo sessions and technical discussions between Fortinet, the client, and its technology implementation partner, it was clear that the Fortinet Security Fabric would deploy faster than the incumbent’s alternative solution, optimize the company’s internal technical and procurement processes, and exceed its security and performance requirements. The Fortinet Security Fabric comprises an extensive platform of networking and security technologies that share threat intelligence, correlate data, and automatically respond to security threats as one coordinated system.
Today, the utility has adopted solutions as part of the Fortinet Security Fabric to secure its OT systems and IT network. Fortinet Secure SD-WAN combines FortiGate Next-Generation Firewalls (NGFWs), FortiSwitches, and FortiAPs (access points) as well as FortiExtender devices for ultra-fast LTE and 5G wireless to connect and scale the SD-WAN edge.
The Security Fabric solution provides coverage across both the OT and IT networks, inclusive of endpoint/device protection, network operations, and network security. For the company’s OT environment, this includes coverage and support for the following OT protocols and software:
Fortinet’s Professional Services team helped the company during the migration journey, working hand-in-hand with the client’s technology partner to ensure a smooth implementation.
With the FortiGate Secure SD-WAN in place, the utility is experiencing a range of benefits. Most importantly, the Security Fabric solution enabled the company to meet its OT security compliance objectives by providing the necessary visibility, control, and analytics.
The company can now easily discover any device on its IT/OT network, determine the degree of trust, and continuously monitor behavior to maintain that trust, supported by multifactor authentication to ensure that only the appropriate people have the appropriate assigned permissions and access.
Through Fortinet’s solutions, the client has also been able to better integrate communication between its three data centers and improve the quality of service. At the same time, the solution has reduced operating costs for the company, which was a key consideration for the company’s shareholders.
Fortinet’s service model has been a major factor in the success of the project. Its Professional Services team worked collaboratively with the customer and its technology partner to ensure a fast and effective implementation. Rigorous and methodological customer qualification by Fortinet gave the team a good grasp of the utility’s business requirements, helping ensure it could tailor exactly the right solution to the client’s needs.
Finally, the utility benefits from a much easier and cost-effective approach to expanding into new locations with FortiGate Secure SD-WAN. In addition to the ease of management of the devices themselves, the client is impressed by a simple procurement process that allows them to specify and order new products rapidly when needed.
With Fortinet as its security partner, the energy company has been able to meet or exceed all of its objectives. Today it is flourishing with a solution that is driving faster time to revenue with proven scalability and less risk.
Learn how Fortinet secures the convergence of OT and IT. By designing security into complex infrastructure via the Fortinet Security Fabric, organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant.