Cisco IoT Solutions For Energy Utilities v2

Cisco Utility Solutions
SEVERIANO LEÃO MACEDO JUNIOR

Slides from Dan Madey
January 2023
Grid Modernization Drivers
Increased Reliability
• Outage Management (FLISR, AMI, OMS)
• Situational Awareness (Distribution & Substation Automation, Real-
Time Monitoring & Control, ADMS)
• Refresh of Aging Infrastructure
Improved Efficiency & Reduced OpEx

• Grid Optimization (IVVC, Demand Forecast/Response, Data Modeling)
• Greater Digitization and Automation (Less Truck Rolls)
• Improved Lifecycle Maintenance of High Value Items (Predictive
Maintenance, Dynamic Asset Rating)
Managing Greater Operational Complexity

• Integration of Renewables, Energy Storage, and EVs (Decarbonization)
• Extreme Weather Events
• Cyber Attacks
• Tighter Integration with Customers’ Premises
• Regulatory Changes
Grid Modernization requires Network Modernization

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Grid Mod Network Requirements
Reliable Secure Heterogenous Scalable Automated
Flexible Transport Easily Scales to Automated

Zero/Minimal Impervious to
Options 1000s of Nodes Deployment and
Downtime Attack
Lifecycle Support
Cisco Utility Solutions – Best of Both Worlds
Best of IT Best of OT
Manageable by DNA Center or SDWAN Ease of use and Automation

Can use same management tools as enterprise Cisco Field Network Director, IoT Device Manager, SD
card swap
Cisco IOS or IOS® XE operating system

Next-generation secure enterprise OS
Utility Protocols and Ruggedization
IEEE 1613, IEC-61850-3, Environmental Extremes
Cisco Trust Solutions GOOSE, SSV, PRP, HSR, PTP, DNP3, Modbus, Serial to IP
Secure Development Lifecycle Translation
Supply Chain Security
Secure Boot & SW/HW Authentication
Trust Anchor Module & Runtime Defenses Utility Validated Designs
Grid Security
Cisco Security Solutions Distribution Automation
Quantum Resistant Cryptography Substation Automation
TrustSec & Scalable Group Tagging Utility WAN
MACsec 802.1AE Advanced Metering Infrastructure
Netflow
Una comparación entre la protección del Grid Eléctrico
y la seguridad de las redes de comunicaciones
DC / CORE MPLS Transport Local / Access Networks
RTU
IED
RTU IED
Gain visibility on your OT to build and enforce the right security policies
Generation Transmission Distribution

Heterogeneous Transport for Distribution Automation
Unified Management w/
Cisco Field Network Director
LTE
Public, Private, FirstNet, 5G Fiber
IR8100 Cisco IXM IR1101 IR1101 IR1800
Wi-SUN
Ethernet
Mesh IR510 LoRaWAN or Serial
Street Smart EV Street Distribution Circuit Fault Pole Distribution IED

Lights Meter Charging Lights Automation Indicator Sensor RTU
Distribution Automation
Distributed Energy
Resources
Field Network Director Control Center 1 Control Center 2

Outcome
• Modernization of distribution grid for less outages, lower
line losses, and renewable energy integration
ASR 1000 ASR 1000
On-Prem
Use Case
• Volt-Var control
On-Net Cellular Cellular • Fault isolation and service restoration

Network 1 Network 2
WAN
• Demand response
• Renewable energy integration
IR 8140
LTE
Solution
RF Mesh
• High performance mesh and cellular IoT networks
IR1101 • Industry-leading security
IE 3400
IR1101 Renewable Energy
• Easy deployment and management
IR 510 IR 510 IR 510
• Unified management for mesh, cellular, LoRaWAN
ISA 3000
Feeder Automation Secondary Substation

Secure Communications at Every Hop
§ SEL and Cisco partner to

support MACsec
§ MACsec solution works with the

following routers
MACsec
– Cisco IR510 WPAN Industrial Router
– Cisco Catalyst IR1101 Rugged

Series Router
Catalyst IR1101
Rugged Series Router
IEC-61850 GOOSE Pseudowire
IE3200
SCADA Serial-to-IP Migration
Cisco Industrial Routers w/ Raw Sockets and DNP Translation
IR1101
• One RS-232 Connection
SCADA FEP
Utility
WAN
• 9 Serial Connections
• 5 Serial Connections
Ethernet Ethernet
Cisco IR
Cisco IR Cisco IR
using Raw
using DNP using Raw Sockets
Sockets
Translation & DNP Translation
Translation
Serial Serial
RTUs using RTUs using IEDs using IEDs using

DNP-Serial DNP-Serial Modbus-Serial Modbus-Serial
Substation Automation Security Logging and Corporate Data Center
Monitoring
Control Center
IND Cyber ISE Stealth Splunk CUCM Directory WLC
EMS, DMS, OMS, etc. Vision Watch Service
WAN
IPSec
Cellular
IPSec
IPSec
Secure Substation DMZ
Electronic Security Perimeter (ESP) ISA 3000 Multi-service Zone Corporate Zone
IR8340
IE 5000 IE 5000
IE 5000 IE 5000
Parallel
Redundancy
Station LAN A Protocol (PRP) IE 4000 IE 4000 IE 4000
IE9310 / IE4010 LAN B IE9310 / IE4010
Bus
CGR 2010
(for AMI or DA)
Bay controllers, protection
relays, PDC, wide area IE 4000
IE 4000
control
Highly Available Seamless
Ring(HSR) Physical Security
Process Bus
DANH DANH SANH
IEDs, Merging Units, etc.

Cisco Catalyst IR8300 Router
Unleashing enterprise features at the industrial edge
IR8340
4 copper • 4 combo • 4 SFP • 2 combo WAN ports
4 expansion slots
5G • SD-WAN
Redundant power supplies
1G IPSec WAN Connection
Unrivaled Unprecedented Industry leading

performance at scale visibility of assets cyber security
• Single integrated platform for routing, • DNA-Center and SD-WAN • Security and visibility with Cyber Vision
switching and security • 8 core processor for dispersed workloads • Hardware based MACSec LAN and WAN
• Easier to manage: One control plane for • PoE, PoE+ and UPoE • IPSEC - DMVPN, FlexVPN, IKEv1, IKEv2
Layer 2 and Layer 3 • Backwards compatible with Serial • URL filtering, Cisco AMP, Snort (IPS/IDS)
• Full MPLS Layer 3 support • Only Cisco router that converts GNSS time to • Group based policy (TrustSec)
NTP, PTP, SyncE • Policy edge node support (DNA Center)
• Zone based firewall
* Encrypted throughput vs. previous generation
Introducing the Cisco Catalyst
IE3200, 3300, 3400 Rugged Switches
Gigabit modular system
Feature-packed modern
Fixed
software for scalable IoT deployments
system • Flexible, resilient, secure Cisco® IOS XE
operating system
• Simplified management, automation, and
visibility IND, Cisco DNA Center, Prime®, WebUI
• Rich IE features – PRP*, HSR*, MRP*, PTP, MACSEC*,
TSN*, CIP, Profinet*
• Flexible licensing options:
Expandable - Network Essentials comes as PIK-PAK
modular system - Cisco DNA Essentials*
- Network Advantage, and Cisco DNA Advantage (post-FCS)*
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ‘*’ – Post FCS 13
IE3x00 platforms at a glance
IE3200 IE3300 IE3400
fixed basic modular basic modular advanced
IE 3000 transition
Low port count, low power, High port count, Cisco DNA Advanced features, high port count
Positioning
Network Essentials features Essentials, or Cisco DNA High port count
Advantage features
• Layer 2 • Layer 2
• Layer 2
FCS • Fixed: 10 x 1GE ports • Modular – 26 x1GE ports
• Modular –26 x 1GE ports
features • PTP, REP, • PTP, REP
• PTP, REP
• PoE/PoE+ • PoE/PoE+
• Layer 3
• Layer 3
• Netflow
• Netflow
• Profinet, MRP, HSR, PRP, L2NAT
• Profinet, MRP • Profinet, MRP
Post-FCS • Macsec, SGT, SGACL
• Macsec • Macsec
features • Cisco DNA Essentials, Cisco DNA Advantage
• Cisco DNA Essentials • Cisco DNA Essentials, Cisco
• SDA Extended Node, SDA Fabric Edge
DNA Advantage
• TSN
• SDA Extended Node
• Cisco® IOx
Catalyst IE3x00 Rugged Series Switches & modules
Highly flexible architecture with a wide array of module choices
Fixed systems Expandable systems Expansion modules

IEM-3300-8T=
IE-3200-8T2S-E IE-3300-8T2S-E IE-3400-8T2S-E IEM-3300-8P= IEM-3300-16T=
IEM-3300-6T2S= IEM-3300-142S= IEM-3300-8S= IEM-3400-8S=*
IE-3200-8P2S-E IE-3300-8P2S-E IE-3400-8P2S-E* IEM-3400-8T= IEM-3300-16P=
IEM-3400-8P=*
Advanced
1 Copper fixed 1 Copper basic modular system 1 8p copper 5 6p copper 6 16p copper 8 14p copper + 2p 9 8p fiber 10
8p fiber
+ 2p fiber fiber mixed
8p PoE+ mixed
2 POE+ fixed 2 PoE+ basic modular system 2 7 16p PoE+
Advanced
3 8p copper
3 Copper Advanced modular system
4 PoE+ Advanced modular system 4 Advanced

8p PoE+
Cisco IE 4000 Series
GE Uplinks and Downlinks
§ Linerate L2/L3 hardware switching support § Advanced Industrial Protocol Support

§ Various combination of FE/GE speed and port § PRP and HSR support on 4 GE uplinks
density including copper and fiber § 1588v2 PTP c37.238(Power Profile)
§ Up to 20 GE ports § MacSec Data encryption
§ 8 PoE or 4 PoE+ § Modbus Memory Map support
§ REP § PROFINET and Ethernet/IP Support
§ Dual power input § Dimensions: 6”x 6” x 5”
Cisco IE 5000 Front Panel
Front or Rear Mount Capability Advanced Time Sync Console
§Redundant LED placements at front and • Analog and Digital IRIG §Console over USB
rear of router • GPS Receiver §Console over RS232
§System, Alarm and Port Status LEDs
Conductive Cooling
12 Copper Gigabit Ethernet Ports § No fans or moving parts
§10/100/1000M Fixed Copper POE+ § Increased Operating Temp
Swap Drive 12 SFP Gigabit Ethernet Ports Field Replaceable Power Supplies
4 Uplink SFP or SFP+ Ports
§SD Flash §100/1000M SFP §High Voltage PS: 85–265 VAC 88-300 VDC
§1G/10G (IE-5000-12S12P-10GE)
§1G(IE-5000-16S12P) §Low Voltage PS: 18-75 VDC
Substation Hardened All Ports IEEE 1588 v2/PTP Alarm Contacts
§Substation Compliant
§Power Profile c37.238, Default Profile §FOUR Alarm Inputs
IEC61850-3 and IEEE1613
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
§ONE Alarm Output 17
cisco.com/go/cus
Grid Security Architecture

GRID SECURITY
Cisco
Validated
Design
Tested Implemented Proven
A holistic security solution for utility industry Cisco Security Feature
• AAA identity services

• Network management
Operational
Field • Asset inventory
Control
Network Cyber ISE Monitoring • Anomaly detection
OMS Dispatch DMS SCADA Stealthwatch SecureX SOC
Operations Director Vision AAA Logging • Grid Wide services
Monitoring • Traffic enforcement Ops Centre to
& Control & Logging Industrial DMZ, north/south
• Access control lists (ACLs)

IT / OT • Intrusion detection systems (IDS) and
Segmentation & intrusion prevention systems (IPS)
DMZ Cisco NGFW with
Industrial DMZ • VPN services
IDS/ IPS solutions
• Portal and remote desktop services
• Application and data mirrors
Utility WAN Public Private

MPLS / CELL • Traffic Enforcement (Control to Subs
North-South)
Wide Area • QoS Prioritization
Cisco ISA-3000
NGFW with • VPN / Encryption
Substation DMZ IDS/ IPS & industrial • Netflow
ISA3000 protocol support
IPSEC
• Industrial deep packet inspection (DPI)
Industrial
• Stateful firewall and intrusion prevention
Substation Sensor Segmentation
IPSEC Sensor Distribution Grid (IPS)
(ISA3000)
Electronic Sensor
IPSEC • Hardware bypass
IE3400 IR1101 IR1101
Security #1 #2 IPSEC Sensor
Perimeter IR1101 • MacSec (IE3x00, IE4K, IE5K)
NERC CIP IE3400 #X • 802.1X
NIST Sensor • MAC Authentication Bypass (MAB)
SPAN Secure Edge
62443 RTU • Quality of Service marking
Transformer Services &
IE4000 Volt Reg IED
Segmentation • Netflow (IE3x00, IE4K, IE5K)
RTU IE2000U
Merging Unit • TrustSec tagging (IE3400, IE4K, IE5K)
• Edge compute (IE3400)
© 2021 Cisco Unit IE2000U
and/or its IED reserved. Cisco Confidential
affiliates. All rights
• IPSEC Encryption in hardware 18
Merging Transformer
Volt Reg
Cisco Cyber Vision Asset Visibility Communications Visibility
Cyber Vision Center

(Centralized analytics)
Application
Sensor Flow Threat Detection
Sensor
IR 1101 Router
Sensor
IR8140
IR 8340 Router Router
Sensor Sensor
Anomaly Detection & Tracking

IE 9300 Switch
Catalyst 9000
Series Switch
Sensor Sensor
Sensor
IE 3300 IE 3400 Deep Operational Insights

IE 3400
2x10G Switch Switch
Heavy Duty
Network-Sensors
(Built in Deep Packet Inspection)
Comprehensive Industrial IoT Security Architecture
New
SENSOR New Cyber Vision Center Cisco Stealthwatch
Network Flow Analysis
SENSOR Operational Insights Threat Detection
XT
TE
N
CO
IE 3400 Switch IR 1101 Gateway

VISIBILITY
New
SENSOR Cisco FirePower
Next Gen Firewall and IPS
CO
N
TE
XT
IC 3000 Switch
Cisco ISE
CISCO Industrial OT Portfolio Access Control
Cisco Security for Industrial IoT

Presentation 20
Cyber Vision scalable architecture
SPAN based solutions incur huge additional hidden-costs during
Other solutions Cyber Vision Center
deployment
• Visibility to access layer requires cost prohibitive cable drops
Sensor
• SPAN collection requires new expensive out-of-band
monitoring network
ICS
Purdue level 3 Sensor Network Sensor
Application-Flow
Massive Lightweight
increase in Sensor
IC3000 Metadata
traffic due to
SPAN
Purdue level 2
ICS
Sensor
Non-Cisco IE3400
Network Switches
Out-of-Band
SPAN collection
network
Purdue
level 0-1 Network-Sensors eliminate the need for SPAN
• The application-flow is streamed through existing network enabling lowest TCO
Expensive
SPAN • Hardware-sensor to support brownfield only requires one-hop SPAN
cabling
Cyber Vision Global Center
Gerencia Central / HQ SOC
Cyber Vision Global Center
Gerencia Regional
Cyber Vision Center
Cyber Vision Center Gerencia Regional
SE 1 SE 2 SE 3 SE 4 SE 5
SUDESTE SUL
UNILIN : https://www.cisco.com/c/en/us/solutions/collateral/internet-of-things/unilin-group-case-study.html
Albuquerque Water Authority : https://www.cisco.com/c/en/us/about/case-studies-customer-success-
stories/albuquerque-water-authority.html
Danone Group : 8 plants are deployed already around the world. +15 before the end of the year. One of the plant
deployed is one of largest plant for bottling water (20 000 OT devices) in Europe.
PMI (Philips Morris International ) : 25 plants around the world. 15 plants already running.
TESLA : 3 plants already running and new expansions/sites to come soon.
Airbus Helicopter : Cybervision Deployed in part of their main factory for asset discovery and network segmentation
support.
CELEC : Currently under National Deployment in Ecuador
DEWA (Dubai Electric Water Agency) : Under advanced process of deployment
Medtronic : Cybervision Deployed on their largest plant
PARCERIA CISCO + SENAI : Under operation in the IND4.0 plant of São Caetano do Sul. Expansion for other SENAI
units to come soon. Cisco Cybervision solution chosen for training Graduation and Post Graduation students on
IND4.0 courses of OT security.
CMPC : Project under final deployment faze on their Factory on south of Brazil
Suporte a protocolos OT
Smart Fleet Management Solution Overview
Audio and (OCR) License
Video Analytics Plate Recognition GPS
Telemetry
3G / 4G Backhaul
( Dual Chip )
Satelite Link
Printer for Back Up
Secured WiFi – 50
to 100m ratio
People and Asset Wireless IP
Management Phones
Spark and
Jabber
collaboration
Bar Code tools
Reader
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tablets 24
Main Architecture
GPS
3G/4G
Satelite Moden
Cisco Explorer Threme
IP Camera Dual WiFi Radio Bgan 326
Telemetry
IR829 with
Integrated
PoE+ LTE/AP/Firewall/L2TP/NAT
EN50155
B+B
Cisco Catalyst IR1800 Rugged Series Routers
The router for everywhere you go, and everything you connect
Built for mobile deployments

Transportation certified
Detect and stop threats with

built-in multi-layered Cisco security
High performance router with built-in

edge compute and Wi-Fi6
Edge
IOS-XE Wi-Fi 6 SD-WAN FirstNet*
Compute
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential * FirstNet certification pending 26
Definir una arquitectura de rede convergente y estandarizada
WAN Connectivity and Backhaul Approaches
Catalyst
IE9300 Cisco’s IOS-XE
Catalyst
IR1800
Industrial Routers &
IE Switches
Catalyst
IR1101 Supports same operating system
and architectural models as Cisco
Enterprise Switches and Routers
Catalyst
IR8140 Network Automation
Catalyst IR8300 Zero Trust Capabilities
Utility-Focused Features
Catalyst
IE3400
Modular LTE Modems for Operational Simplicity
5G NOW
Private LTE, FirstNet, Multi-Carrier for Cisco Industrial Routers
Cat-18 w/ Multicarrier, Private LTE,
& Public Safety with FirstNet B14
P-5GS6-GL
Cat 4 w/ Public Safety
FirstNet Band 14
P-LTEAP18-GL
IR1101
Cat 6 LTE w/Multicarrier
P-LTE-MNA
and Private LTE
IR1800
P-LTEA-EA
P-LTEA-LA
Cat 4 LTE w/
Single Carrier
IR8140
IR8340
P-LTE-GB
P-LTE-US
P-LTE-VZ
Private LTE Distribution SCADA
Utility Broadband Alliance (UBBA) Plugfest, October 2021
Control Center
Distribution SCADA Edge Private LTE Networks Applications
SCADA Devices DA Routers
ADMS
Anterix
CBRS IP/MPLS IP/MPLS OMS

Aggregation
Network LTE Core
LTE Radio Backbone IP
Network LTE Backhaul Network LTE Core Network
NOC
Public LTE Networks
MNO Network
Applications
© 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential FirstNet, ATT, US Cellular 31
Cisco DistribuTech DA Wall Display
Catalyst IR1101
Cisco Catalyst IR1101

IR8140H – LTE, pLTE, FirstNet, and 900MHz WiSUN
The only IoT Heavy Duty Outdoor Router
TrustSec, MACsec, Netflow, Modular LTE & 5G Ready (includes

Cyber Vision, ACT2 Anterix, CBRS, FirstNet)
Up to 3 Radio Interfaces for multi- Modular Battery backup and Power

service FAN applications Supply
Cisco IOS-XE unified image Modular CPU and LTE Interfaces

Autonomous IOS and SDWAN
Lower TCO Multi-service/Multi-Access Extended product life-time
IR8140H IP67 LTE MODULE(s)
UIM LTE Module

PIN LTE Module (Contains PIM LTE)
Mounted on UIM N-Connector
N-Connector (Diversity
(Main Antenna) Antenna)
Dual SIM Slots
N-Connector
(Main Antenna)
N-Connector
(Main Antenna)
IRMH-LTEAP18-GL IRMH-LTE-MNA
Cisco Ultrareliable Wireless Backhaul
Utility Field Area Network Connectivity
Ethernet
Substation and
SCADA Assets
FM3200 Base Ethernet

DER Sites
5GHz Unlicensed
Bands esh
un M
Wi S
Up to 10’s of miles
1 – 500 Mbps Ethernet AMI
Aggregator
WAN
Ethernet WiSun
Mesh
Ethernet
eNodeB pLTE RAN
FM Volo

Cisco IoT Solutions For Energy Utilities v2

Uploaded by

Copyright:

Available Formats

You might also like

Cisco IoT Solutions For Energy Utilities v2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco IoT Solutions For Energy Utilities v2

Uploaded by

Copyright:

Available Formats

Cisco Utility Solutions

SEVERIANO LEÃO MACEDO JUNIOR

Improved Efficiency & Reduced OpEx

Managing Greater Operational Complexity

Grid Modernization requires Network Modernization

Reliable Secure Heterogenous Scalable Automated

Flexible Transport Easily Scales to Automated

Manageable by DNA Center or SDWAN Ease of use and Automation

Cisco IOS or IOS® XE operating system

Generation Transmission Distribution

IR8100 Cisco IXM IR1101 IR1101 IR1800

Street Smart EV Street Distribution Circuit Fault Pole Distribution IED

Field Network Director Control Center 1 Control Center 2

On-Net Cellular Cellular • Fault isolation and service restoration

Feeder Automation Secondary Substation

§ SEL and Cisco partner to

§ MACsec solution works with the

– Cisco Catalyst IR1101 Rugged

RTUs using RTUs using IEDs using IEDs using

IEDs, Merging Units, etc.

Unrivaled Unprecedented Industry leading

Fixed systems Expandable systems Expansion modules

4 PoE+ Advanced modular system 4 Advanced

§ Linerate L2/L3 hardware switching support § Advanced Industrial Protocol Support

Grid Security Architecture

• AAA identity services

• Access control lists (ACLs)

Utility WAN Public Private

Cyber Vision Center

Anomaly Detection & Tracking

IE 3300 IE 3400 Deep Operational Insights

IE 3400 Switch IR 1101 Gateway

Cisco Security for Industrial IoT

Built for mobile deployments

Detect and stop threats with

High performance router with built-in

SCADA Devices DA Routers

CBRS IP/MPLS IP/MPLS OMS

Cisco Catalyst IR1101

TrustSec, MACsec, Netflow, Modular LTE & 5G Ready (includes

Up to 3 Radio Interfaces for multi- Modular Battery backup and Power

Cisco IOS-XE unified image Modular CPU and LTE Interfaces

UIM LTE Module

FM3200 Base Ethernet

You might also like