Patagonia Security Platform

We are the Smart Grid Security Experts.

Power grids are part of critical infrastructure. Security is therefore an integral part of the Patagonia smart grid platform. 
The complete lifecycle of the system is designed with security at its core; from device manufacturing to device deployment, from operation to maintenance.

The Patagonia threat model includes state-sponsored adversaries, organized crime syndicates, and other highly skilled and highly focused attackers. Every layer of the Patagonia Platform is designed to prevent malicious intrusions and human mistakes while providing detection capabilities enabling timely and precise incident response.

In Patagonia, a utility does not need to compromise on security in order to meet performance goals. Security has been baked in from the beginning. In addition, the Patagonia hardware platform has the headroom required to easily take advantage of new and improved security technologies as they become ready for use in the future.

Patagonia’s extensive industry leading security features are designed to protect, detect and respond to current and future cybersecurity threats in an efficient and timely manner.

A proven record of security improvements

Utilities using the NES system have been able to see positive improvements in many aspects of their business, including financial, customer engagement, regulation and compliance.

Decrease revenue loss by limiting theft & business down time
Decrease revenue loss by limiting regulatory fines
Preserve reputation by Increased attention to security risks
Preserve reputation by increased protection of customer data
Decrease operational expenses with automatic attack prevention & detection
Reduce recovery time from attacks
Avert operational errors that could result in serious customer impacts, leakage of confidential information and efficiency problems

Harden and protect your smart grid AMI asset from cyber-attack and operational errors with the NES Patagonia Security

  • Gain better visibility of threat of attacks, including indicators of a potential attack and event information if there is an actual attack.
  • Recognize when an operational error has taken place, and recover from it more rapidly.
  • Empower your system with the ability to recognize these indicators from the wide sources of information available to you.
  • Prepare your staff to respond in pre-defined ways allowing them to have more time to develop specific mitigation plans.

Features of NES Patagonia Security Platform

Always On

Security is a cornerstone of Patagonia and cannot be removed. This is to minimize the risk of misconfiguration and to mitigate a whole class of attacks that aim to disable or subvert security mechanisms.

Efficient and Reliable

The hardware, software, and the network architecture that brings it all together have been carefully selected and optimized for even the most resource-constrained and unreliable networks and devices. As a result, Patagonia delivers exceptional performance and reliability while maintaining a secure system. 

Professional Security Audits and Research

Patagonia is regularly audited by professional third-party security experts to make sure our solution’s security guarantees are met in theory as well as in practice. NES is also engaged in academia to follow and help advance the state-of-the-art in grid security.

Best Practices

The design and implementation of Patagonia strictly follows modern and proven best practices and recommendations from security experts and renowned organizations such as NIST and ENISA. Key management, selection of cryptographic algorithms, key lengths, security protocols, audit logging, and intrusion detection are just some of the areas where Patagonia relies on decades of security research and proven methods.

Disaster Recovery

Unfortunately, there is no such thing as a perfect threat-prevention system for smart grids in practice. Patagonia is therefore designed to provide the information and tools needed so utilities can thrive in the face of cyberattacks and business crises.

Transparency

Patagonia does not, and will never, use or rely on proprietary protocols or algorithms. The Patagonia security system is secure even if everything about it, except the keys, is known.

End-to-End Security and Privacy

The Patagonia architecture enables efficient and scalable end-to-end protection (encrypted and authenticated) of customer data and meter management. This ensures that customer data originating from a meter is unreadable until it reaches the utility’s central system,and that only the central system is able to reconfigure the meters.

Compartmentalization

Smart meter deployments can contain millions of meters located in potentially hostile environments. In Patagonia, a meter compromise does not lead to the compromise of other meters or nodes in the grid. 
This minimizes the risk of attacks spreading from the millions of edges in a grid and reduces the impact of meter compromises in general.

Device Security

Patagonia meters and data concentrators (DCs) are fully equipped with modern software and hardware tamper-prevention and detection mechanisms. Meter HSMs, encrypted key stores, and physical tamper alarms are just some of the mechanism in place to prevent and detect physical tampering of a meter or a DC. 

Network Security

All network links in Patagonia provide confidentiality (encryption), integrity, mutual authentication, and replay protection. Denial of Service (DoS); and other availability-limiting scenarios, are mitigated as much as the underlying network infrastructure allows for.

Key Management

Keys are automatically updated/renewed on a regular basis with respect to a key life cycle configuration, and can also be revoked and updated manually. This reduces the overall risk of compromised keys.