Porvoon Sähköverkko Oy: optimisation of OT network security

Porvoon Sähköverkko is a key player in electricity distribution in eastern Uusimaa. The company's OT-network is responsible for supporting key operational technology functions, which ensures reliable and continuous electricity supply. Approximately 37 500 customers are connected to the company's electricity network, which is 3 700 km long.

 

Challenges and objectives

It is very important to Porvoo Electricity Network Ltd that their customers have electricity in their homes in all situations, which is why the company is constantly working to improve the security of electricity supply. They are well known for the fact that in case of problems, the operating staff is always ready to respond quickly and maintain good reliability in the electricity networks. Due to the nature of the OT network, security and continuity of service are of paramount importance. System updates must be up-to-date and management must be accurate. In addition, improvements in hardware duplication were desired. The aim of the cooperation was to improve overall data security and to improve preparedness for hardware failures.

Save LAN solution

Save LAN Oy provided a comprehensive solution to the challenges of Porvoo's electricity network. The key elements of the solution were:

  • A Fortinet double-layer firewall, providing an extra layer of security.
  • Segmentation of the network into SCADA, DMZ and WAN sections to keep network traffic controlled and isolated.
  • NFEs for fibre and LTE connections.
  • Fortinet's security services, which ensure up-to-date protection against new threats.

Project implementation

The cooperation with Save LAN Oy started with a maintenance agreement in 2019, which will continue. Through this contract, the following services have been provided to Porvoo Electricity Network:

Maintenance and monitoring of equipment on the process network from 2019

Monitoring the hardware on the OT network is essential to identify potential security problems, such as vulnerabilities or suspicious activity, and to drill down into hardware issues. With a process network connected to many different devices and services, finding and fixing a single weak link can prevent a wider security problem from occurring. Hardware maintenance also has an impact on availability. Regular updates and patches can improve the user experience, reduce disruption and ensure that equipment remains operational. This is particularly important in business-critical applications where even a short outage can cause significant disruption.

Doubling process network connectivity with LTE and fibre in 2020

One of the main reasons for duplicating the process network is to ensure business continuity in case of failures. Duplication solutions usually mean that important systems and services are duplicated on two or more separate physical or virtual devices. This ensures that if one part of the network or server fails, the other can immediately take over. In this way, the organisation can reduce the risk of downtime and ensure that business can continue uninterrupted.

Increasing overall data security through segmentation and Fortinet firewalls 2021 - continued

OT network segmentation was designed to reduce the number of attack interfaces, making the network less vulnerable to attacks. When each segment is isolated from the others, attackers have less opportunity to move around the network. This makes large-scale attacks more difficult to carry out and increases the overall security of the network. With Fortinet firewalls, segmentation also provides the ability to set different security rules and policies for each segment. This allows security levels to be tailored to meet the specific needs of the segment. For example, critical systems may be subject to stricter controls than less critical parts of the network.

Renewal of VPN connections in 2020, 2022, 2023 and new VPN service in 2022

The OT network's communication links have been upgraded over several years due to ageing equipment and security concerns. Old connections have been upgraded to a secure VPN connection and the risk of wireless networks was reduced by sharing some of the remote stations to their own service.

"Save LAN Oy has done good work on our Scada system, among other things. The maintenance contract has created security for a functioning system. I can definitely recommend Laur and the services of Save LAN Oy."

Mikael Hämäläinen
Operations Manager, Porvoon Sähköverkko Oy

Project results

The solution enabled Porvoo Electricity Network to have access to:

  • Up-to-date updates to ensure the security of your system.
  • Dual connections and equipment for critical connections
  • Accurate management and logging, providing transparency and the ability to react quickly.
  • Top-class experts to support the use of the process network.

This case study demonstrates the importance of choosing the right partner for your security challenges. The cooperation between Porvoo Electricity Network and Save LAN Oy is an example of how collaboration can achieve top-class security and continuity in electricity supply.

Give Us a Call ->
Lauri Jurvanen Production Network Consultant Save LAN