AES Eletropaulo to adopt Cisco security technology
Atualizado: 27 de jun. de 2022
AES Eletropaulo, the largest energy distributer in Brazil and one of the largest in Latin America, has just adopted Cisco’s security technology. The company has implemented latest generation firewall, in addition to VPN (Virtual Private Network), switches and high capacity routers aiming to segregate different environments, mitigating attacks to energy systems and transformation and distribution substations.
The security project is part of a global AES Corporation program applied to all business units, being AES Eletropaulo the first to implement it completely. With budget around R$ 3,5 and R$ 5 million, the project is estimated to be concluded by the end of the year. The new architecture should also cover two generators (AES Tietê and AES Uruguaiana) and the group’s service company in Brazil, AES Ergos.
Implemented by Cisco’s partner, PromonLogicalis, the project has sought a topology that would provide scalability and meet AES Corporation's security requirements. The main concern was to isolate the operational perimeter (which includes meters, substations, and power distribution systems) from the corporate perimeter (which includes intranet and database), yet allowing secure web or ERPs (administrative systems) connection.
At the project’s base, Cisco ASA firewalls were used to provide protection against advanced threats and data traffic visibility, ensuring that substation environment access is only allowed to SCADA (supervisory, control, and data acquisition) systems. SCADA systems are used by COD (AES Eletropaulo’s Distribution Operation Center) in transmitting and monitoring power loads.
The project also includes Cisco’s ISR routers and VPN technology for third-party information confidentiality and connection, as well as Nexus switches (for private cloud connectivity) and 50X and 6500 family switches (for connecting servers and WAN networks). With the new architecture, AES Eletropaulo's communication is fully encrypted, passing through at least two layers of firewalls equipped with IPS (intrusion prevention mechanism).
"With the ever-increasing automation and technology integration, there is a risk that some of IT world's own threats could migrate to power sector systems, which are not born with applied security concepts", explains Vander dos Santos Dias, AES Brazil’s services coordinator. "It takes solutions, tools and processes that provide visibility, protection and rapid mitigation, so that this integration occurs safely", he says.
Simulated intrusion tests and managed services
Complementing the project, AES Eletropaulo has also implemented a process that includes simulated intrusion tests (also known as "pentests") and technical crisis rooms with the company board, so that the distributor’s top management is also capable to respond in certain cases.
"We have also mobilized a periodic audit team to verify if what was agreed is actually in place", said Marco Tulio, head of AES Eletropaulo’s information security area.
A managed services layer with 24/7 support is provided by PromonLogicalis, responsible for managing equipment policies and licenses, as well as incident analysis and overall project integration. "As AES Eletropaulo's networks were already Cisco's, integration was a great differential. And even solutions that interoperate with other vendors’ systems work very well, enabling PromonLogicalis to support the operation with robustness and flexibility”, said Felipe Jordão, PromonLogicalis’ security expert.
Investment and innovation protection: Smart Grid
The new security architecture will be crucial to consolidate and later expand AES Eletropaulo’s Smart Grid project. Launched in 2014 in Barueri, municipality in the Great Sao Paulo area, the project foresees the installation of 62.000 smart meters, directly impacting 250.000 people.
The technology will enable a new method of electric grid management by automating AES Eletropaulo’s operations and capacity planning.
"More than a necessary item resulting from digitalization, security, today, is an innovation enabler, allowing organizations to protect investments made in new solutions development", said Ghassan Dreibi, Cisco's business development manager for Latin America. "But, of course, the energy sector is especially sensitive to attacks: while traditional networks suffer financial losses, in automation they can impact an entire population", he says.
Due to Smart Grid project’s complexity and dynamics, AES Eletropaulo estimates a three-year period before security solutions upgrade is necessary – including growing demand for new power services.