Network Performance Monitoring in Critical Infrastructure

EG.D is one of the main critical infrastructure operators in the Czech Republic running an extensive data network for power distribution control that spans a third of the country. “The operational condition of our network has a direct impact on more than a million households and businesses in our territory,” says Martin Keprt, Head of Cyber and Physical Security Management. “Any potential mismanagement in power delivery could cause incalculable damage.”

In order to address these risks, the customer needed to improve visibility into the OT network and LANs at substations. It was therefore important that the monitoring solution would support the IEC 61850 and IEC 608-70-5-104 protocols used in OT networks and possess the ability to forward IPFIX data into a SIEM.

EG.D deployed a Flowmon solution that comprises around 90 Flowmon Probes gathering data at key points throughout the network, while existing routers provide additional network traffic statistics. All the data is then stored and analyzed at a central virtual Flowmon Collector.

“Immediately after deployment, the system helped us identify several misconfigured devices. Thanks to the insights the solution provides, we can see all of our traffic in one place and are immediately warned about any emergent or potential issues that may arise. It provides us with information on network usage, pinpoints potential bottlenecks, exposes network-borne threats, and reports on a variety of network traffic anomalies,” says Keprt.

With the system in place, EG.D benefits from pure, unambiguous insight into their entire power distribution control network, ensuring transparency and awareness of potential problems.