Billion SG-Platform 340S Unified Threat Management System The SG-Platform 340S from Billion is a Unified Threat Management (UTM) appliance that provides a comprehensive suite of network security functionalities in an IEEE-1613 compliant 3U rack-mount form factor that has no moving parts and can withstand harsh environments. The SG-Platform 340S is the member of Billion s SG-Platform series of UTM appliances that is ideal for substation deployments. The SG-Platform 340S, based on the Schweitzer Engineering Laboratories SEL-1102 hardware platform with up to 6 Ethernet ports, facilitates securing environmentally challenging substations or other remote field sites from potential cyber security attacks. This appliance provides a comprehensive portfolio of network and security features that enable critical infrastructure organizations to implement strong security protection for critical control systems and networks, monitor those systems and networks for security vulnerabilities and potential intrusions, collect comprehensive log information about security-related actions and events, and generate security reports. Together with Billion s SG-Central monitoring and reporting appliance, the SG-Platform 340S can provide a strong foundation for NERC-CIP compliance and reporting. Firewall Router Site-to-Site VPN Remote-Access VPN Serial SCADA VPN Proxy Anti-virus SCADA IDS Port scanner Vulnerability scanner System & service monitor Network device control Logging and reporting NERC-CIP compliance reporting All easily managed from a user-friendly graphical user interface The features available in the SG-Platform 340S are configured via a user-friendly graphical user interface (GUI) or command-line interface (CLI).
Gateway Mode Gateway mode refers to implementing and protecting connections between networks. The connection between a substation and control center is a critical network interconnection that must be protected in order to defend both substation cyber assets and control center cyber assets. The SG-Platform 340S gateway functionalities include Routing, Firewall, Anti-Virus, Proxy Filter, Network Device Control, and VPN (including Site-to-Site, Remote-Access, and Serial SCADA). With these features organizations are able to create security zones to protect critical cyber assets and establish electronic security perimeters to control access to these zones. An important feature for field sites like substations is the ability to protect the transmission of data between legacy systems. Many legacy systems in substations communicate with the SCADA control center in clear text format over slow serial links. These communications can be easily tapped into by hackers, and consequently used to manipulate substation systems or even gain access to the SCADA control center. When these communications use slow serial connections, enterprise-grade VPN solutions add too much overhead to be used to protect them. The SG-Platform s SCADA VPN, based on the emerging IEEE P1711 standard, can encrypt and decrypt this data to ensure integrity and achieve high security standards during the transmission of data between the substations and SCADA control center. The combination of gateway security features that the SG-Platform 340S provides enables organizations to improve the protection of their critical infrastructure. Protecting the Control Network and Substation Networks from cyber security attacks using Router, Firewall, Proxy, Anti-Virus, Site-to-Site VPN, SCADA VPN, and Network Device Control features. Monitoring Mode Monitoring mode refers to monitoring network traffic and checking for any abnormalities that may cause instability of the interconnected infrastructure. The SG-Platform 340S enables organizations to protect their critical assets by monitoring their electronic security perimeters for any indicators of potential cyber security attacks. This is achieved by the combination of SCADA Intrusion Detection System (IDS), Vulnerability Scan, Port Scan, Availability monitor, and Performance Monitor. The 5,000+ IDS sensors in SG-Platform, including sensors designed for SCADA systems, scan network packets for intrusion signatures. When a match is found, an alert is sent via e-mail and/or e-pager for immediate action. Vulnerability and Port Scans are critical in protecting against cyber security attacks because they help the organization find open backdoors to the network. Availability and performance monitoring can reduce the burden for IT and Operations administrators in recognizing and troubleshooting network and systems performance problems. Monitoring the Substation for potential cyber security attacks using SCADA IDS, Vulnerability Scan, Port Scan, System and Service monitoring features. Other Features The SG-Platform 340S can be integrated with the organization s SCADA system to report security system status on a SCADA console. VPN access and administrative access can by controlled by LDAP and Microsoft Active Directory. The SG-Platform 340S can be used as a DNS server, DHCP server, and NTP servers. All features provide comprehensive logging capabilities to enable troubleshooting and address compliance reporting.
Front Panel View Rear Panel View Front Panel View Rear Panel View
Product Specifications TECHNICAL SPECIFICATIONS Model Schweitzer Engineering Laboratories SEL-1102 Processors Mobile Intel Pentium M Processor (1.1 GHz, 400 FSB) Cache Memory 1MB Level 2 cache Chipset Intel 855GME Chipset Memory 1GB ECC DDR Network Interface 1 Fast+ 10/100Mbps; Fiber Optic or Copper Network Interface 2 Fast+ 10/100Mbps; Fiber Optic Network Interfaces 3/4/5/6 Optional; Fast Ethernet 10/100Mbps; Copper Storage Controllers Intel ICH4-M, UDMA 33/66/100 Fixed Storage 8GB Compact Flash (Primary) + 8GB Compact Flash (Secondary) Interfaces PS2 Keyboard x 1, PS2 Mouse x1, DB15 Video x 1, USB x 4, EIA-232 x 1 Form Factor 19" Industrial Rack-mount or Panel-mount (3U) Power Supply CE Mark Compliant; 24/48 Vdc; 48/125 Vdc or 120 Vac; 125/250 Vdc or 120/240 Vac System Fans None Power Connection Industrial direct wire connection Rack Dimension (H x W x D) - 5.22 x 18.31 x 10.40 in (13.26 x 46.51 x 26.41 cm) Rack Weight 11 lb (5kg) Operating Temperature -40 to 75 C (-40 to 167 F) Operating Humidity 5 to 95% relative humidity (Rh) Hardware Warranty 10 Years Limited Worldwide HARDWARE OPTIONS SOFTWARE OPTIONS Network Interfaces Two (Port 1 & 2); Four (Port 1 to 4); Six (Port 1 to 6) Monitoring Option Pack SCADA Intrusion Detection, Port Scanner, Vulnerability Scanner, System & Service Monitors, Static Routing, Admin Firewall, NTP Server, SCADA Integration, Comprehensive Logging & Reporting, Email & Pager Alerting, LDAP & AD User Management Power Supply 24/48 Vdc; 48/125 Vdc or 120 Vac; 125/250 Vdc or 120/240 Vac Gateway Option Pack All Monitoring options plus Stateful Firewall with NAT, Site-to-Site IPSEC & SSL VPN, Remote Access IPSEC & PPTP VPN, Anti-virus, Proxy, DNS Server, DHCP Server; SCADA VPN in Q2 2009 Mounting Horizontal Rack Mount; Software Support Annual Maintenance Subscription Available in one (1), two (2), or three (3) years Horizontal Panel Mount Note: All the specifications are subject to change without prior notice. V.04132010 Billion Electric Co., Ltd. 8F, No.192, Sec.2, Chung Hsing Road, Hsin Tien City, Taipei County, Taiwan TEL: +886-2-2914-5665 FAX: +866-2-2918-6731,+886-2-2918-2895 E-mail: smartgrid@billion.com www.billion.com.tw www.smartgrid.com.tw