Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Utility Substation Network Design

We need help in designing our substation network and connecting it to our corporate LAN. The substation network consists of Ethernet radios connecting approximately 25 substations in a 30 mile radius. We have several different systems operating at each station such as SCADA and AMR. We need to segregate each of these networks and route them to different servers at headquarters. We would also like to have access to the corporate network for remote email and internet connections. At each substation the Ethernet radio will drop a TX connection to a hub, switch or router. We will connect the SCADA processor, AMR processor and maybe a computer to this device. Back at the office we bring the TX connection to either a layer3 switch or router to direct the traffic as needed. Our LAN is already protected via firewalls and such from the outside world so I don?t see a need in another firewall. My two major concerns are routing the traffic correctly and blocking users from plugging in a computer at a substation and accessing the LAN. Please give advice on what equipment is necessary to reach our goals and how to block any computer from plugging in at a station and having complete access (maybe we need to use a VPN or something)

Thanks in advance!


Re: Utility Substation Network Design

This is a tough one. Electric utilities are evaluating their security in and around routable protocols for control system networks to meet the requirements of NERC CIP. Your design should/must be based on the requirements that you fall under, based upon your NERC/FERC role.

Segregation is key. I have a utility network that is compliant and can offer you some help. Can you offer some insight as to the need to remote email and internet from the substation applications?


CreatePlease to create content