Crucial To Deployment -- Security Today

Crucial To Deployment

Ethernet switch technology plays key role in NERC CIP perimeter security requirements

By Jim Krachenfels
Mar 01, 2012

Common sense—and the North American Electric Reliability Council’s cyber security standards (NERC CIP) for North America—suggests that security in power stations is of utmost importance. With the growth of IP-based network applications throughout the power industry, power plants have increased their ability to control and monitor both central utility operations and remote installations. NERC identifies security concerns and lists out a set of requirements for minimum security in the industry.

Physical security, as defined by NERC CIP, has an IP component to it. The standards-based flexibility of IP-compatible products provides the bestknown solution for the security and surveillance of power plants.

At one nuclear power plant, thermal imaging infrared cameras are installed around the physical perimeter of the facility to provide state-of-the-art threat detection and assessment capability. The plant is protected by a FLIR thermal fence, which provides a full-integrated perimeter alert system.

The perimeter protection solution incorporates both thermal security cameras and the FLIR sensors manager control and management software to create a full virtual fence solution, capable of protecting critical infrastructure sites.

Underlying Network Support

In order to connect the virtual fence with staff in the plant and at central operations, Ethernet switches that can operate reliably under the harsh conditions at the plant were required. Because the perimeter security is integrated with a single ring-based network within the facility, which is required to securely manage a variety of functions, the switches need a variety of port types to support various equipment requirements.

Externally located switches that connect to components of the thermal fence needed to be hardened to withstand harsh temperatures (-40 to 85 degrees C). In addition, they needed to be outfitted with sealed cases that would protect against rain, dirt and other contaminants. While some designers attempt to use commercial switches with elaborate protection schemes or dramatically reduced MTBF expectations, industrially hardened switches—in this case, Magnum 6K field switches—solve the problem with a sealed, convectioncooled model that features an advanced thermal design that allows the case to serve as a heat sink.

Magnum switches offer unique portconfiguration capabilities that provide the highest level of flexibility in specifying port types. The outdoor units are specified with a number of managed PoE ports that enable both data and power to run over a single cable to support the cameras.

Video Data Management

Managing a high volume of security data from the videos requires sophisticated data management capabilities, such as IGMP Snooping and IGMP-L2, because of the high bandwidth requirements of a video surveillance system. For efficiency, it is important to develop a way to selectively manage IP video multicast traffic. The common approach uses the standard Internet Group Management Protocol (IGMP), which requires routers in addition to switches. GarrettCom’s IGMP-L2 is a switchbased system that simplifies the network and eliminates wasted bandwidth consumption while still permitting large numbers of multicast data streams to be efficiently handled with video feeds delivered to suit each viewing user’s needs.

Ring Topology

The switches are organized into interlocking ring configurations that provide rapid fault recovery to meet the plant’s needs for highest reliability. The switches offer fast link recovery using RSTP-2004.

The network topology requires a full range of fiber and copper port options, as well as a variety of bandwidths. Switch capabilities range from server room switches with up to 32 ports and gigabit bandwidth support for fiber backbones to smaller field switches that can support connectivity to the security system components and intelligent electronic devices (IED) within the plant. VLANs are used to provide secure communication tunnels. Secure switch management software can provide an extra level of reliability including functionality, such as SSH and SSL access, Secure FTP connections for large file transfers, software downloads, configuration files, scripts, support for up to 256 VLANs, Modbus protocol support over TCP/IP, TACACS and RADIUS server authentication, and the ability to have external events (Syslog) put into the switch’s Event Log to correlate with local security events.

The use of IP for power utility perimeter security—and, in fact, for all utility networking—adds a new level of flexibility and bandwidth. Although there is concern among some in the industry that IP provides a new level of risk of cyber attack, it is clear that even NERC recognizes that the benefits of the increased functionality outweigh the concerns. Careful and insightful development of security infrastructure can provide security systems that are not only effective today but are futureproof and scalable to meet future needs.

This article originally appeared in the March 2012 issue of Security Today.

ZBeta Strengthens Its Advisory Bench with New Appointment
05/05/2025
Security Trends Reshaping Enterprise Resilience Into 2027
05/05/2025
Amerant Bank Selects Omnilert AI Technology for Enhanced Video Surveillance Security
05/02/2025
Minnesota County Is Still Reaping Huge Benefits from ASAP Service
05/01/2025
Winsted Unveils Pinnacle Collection with Sliding Worksurface
04/30/2025
Everon Awarded Sourcewell Cooperative Purchasing Contract
04/30/2025
Honeywell Signs Global Distribution Agreement With Milestone Systems
04/28/2025
DSI Security Services Announces Leadership Reorganization and Strategic Growth Initiatives
04/21/2025

Featured

Body-Worn Cameras on the Rise

On the evening of Oct. 29, 2024, the owner of 300 Guard based in Houston, was shot while on duty at a convenience store. He returned fire. He was wearing a plated vest and thankfully recovered in the hospital. Read Now
- Government
Fast-Forward from 1,000 B.C.E. to Today

The lock and key have been around since time immemorial. In fact, the locksmith profession is one of the oldest in the world when you consider the earliest wooden tumbler lock debuted three-plus millennia ago. Read Now
- Access Control
Brazil Port Enhances Surveillance and Supports Wildlife Conservation with Sustainable Technology

Ferroport, which operates the iron ore terminal at the Port of Açu in São João da Barra, Rio de Janeiro, Brazil, has deployed state-of-the-art video surveillance cameras from Axis Communications to enhance nighttime security and visibility, while decreasing environmental impact and prioritizing sustainability. With cutting-edge technology, the port now has precise surveillance cameras that capture high-quality nighttime images, while reducing the amount of artificial lighting that negatively impacts the surrounding ecosystem. Read Now
- Government
Verizon’s 2025 Data Breach Investigations Report Notes Alarming Cyberattack Surge Through Third Parties

Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally. Read Now
- Cybersecurity
Net2 Access Control Increases Reliability at Residential Complex

Encore Atlantic Shores is a residential complex of 240 luxurious townhomes for ages 55 and over in Eastport, New York. Completed in 2011, the site boasts an 11,800 square foot clubhouse, with amenities such as a fitness center, heated indoor pool, whirlpool spa, multi-purpose ballroom, cardroom and clubroom with billiards, tennis courts and an outdoor putting green. Read Now
- Access Control

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities
FEP GameChanger

Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.