New Zealand energy and telecoms giant Trustpower has responded to that nation’s new Voluntary Cyber Security Standards for Industrial Control Systems (VCSS-OCS) by deploying Nozomi Networks Guardian across its network.
In addition to supplying gas, broadband and phone services across New Zealand, Trustpower is one of the largest electricity generators and retailers in the country with more than 230,000 customers, 30 hydro power stations across 19 hydroelectric power schemes, and 700 staff countrywide.
The company had already invested heavily in its security systems, focusing on areas such as prevention and firewalls, but this traditional approach offered limited visibility into what was really happening in the network.
“As we continued to expand, digitise and add to our operational environment, this lack of visibility presented a major challenge,” said Marty Rickard, Delivery Manager - Operational Technology, Trustpower. “We needed a new approach to cut through the noise, gain real insights into our network and ensure we were protected from cyberattacks.”
The company chose Guardian following a competitive bidding process. The monitoring solution protects control networks from cyberattacks and operational disruptions by providing complete industrial control system visibility and security in a single solution.
Guardian was put to the test in a lab environment where it was able to capture live traffic and see virtually all devices in the network and how they communicated. The system was tested with up to five times its node capacity and was still able to deliver results, providing never-before-seen insights into Trustpower’s network and a near-complete asset register in minutes.
Now deployed across Trustpower’s operational network, Guardian provides deep asset discovery, inventory and operational visibility; automatic real-time notification of industrial events of interest, including alerts triggered by custom-designed rules and constraints; and traffic analysis for current and future investigations.
Cybersecurity awareness and governance has gained new emphasis in New Zealand. The Government’s Communications Security Bureau (GCSB) recently launched a resource for company boards to help improve cybersecurity governance, following an assessment of cybersecurity resilience across 250 of New Zealand’s nationally significant organisations.
“Nozomi Networks has enabled us to meet New Zealand’s Voluntary Cyber Security Standards for Industrial Control Systems (VCSS-OCS),” said Matt van Deventer, Head of Technology, Trustpower. “Maintaining and exceeding these standards is a key priority for Trustpower and Nozomi Networks enables us to comfortably achieve that.”
Guardian also identified anomalies in Trustpower’s extensive third-party supplier network, a common threat point for large organisations. Improving mutual security has made the whole supply chain more secure and this has helped improve third-party relationships.
“Cyber security – like cybercrime and the threat landscape – needs to continually evolve,” said Andrea Carcano, Nozomi Networks cofounder and Chief Product Officer. “New Zealand businesses need visibility into their networks and awareness of who has access, and to what extent, to ensure they are protected. Advanced OT-IoT visibility and security technology is essential to achieve this. Trustpower recognises that and has now created a better operating environment for its business, customers and third-party suppliers.”
Nozomi Networks Australia
02 9239 3149