Regional Energy Company

Regional energy company chooses Lantronix solution to meet strict cyber security compliance requirements

Success Highlights

  • Centralized, out-of-band network management
  • Standardized control over end-user access to the network
  • Elevated security of entire network environment
  • Out-of-the-box compliance to new regulations
  • Reduced cost and complexity of network management

Case Study Overview

To meet cyber security compliance standards and provide elevated security of its entire network environment, this regional ISO chose Lantronix’s LM80 console servers and Control Center for out-of-the-box compliance. It also gained centralized, out-of-band network management and standardized control over end-user access to the network. 

Challenge: Meet Strict Cyber Security Compliance Requirements

The National Energy Reliability Council (NERC) introduced Cyber Security Standards for power companies to protect critical assets of the U.S. power grid.
For network infrastructure, the NERC standards call for:

  • Increased levels of remote access security to minimize the threat of cyber security attacks;
  • Tracking and auditing of all actions and changes made to the IT infrastructure; and
  • Secure network connections between each ISO and its customers — in this case, more than 70 companies nationwide.

We’re responsible for keeping the lights on in the region. With the Lantronix solution, we can completely control who has access to our IT infrastructure.”

– Regional ISO Network

Prior to implementing the Lantronix solution, the ISO’s system administrators were unable to ensure consistent and comprehensive network security for its network of over 70 energy and utility companies located across the United States.

The network was being accessed through both in-band and out-of-band connections, and administrators lacked a centralized and comprehensive view over who was accessing the network and what changes were being made. A solution was needed that could control user access and permissions, enforce management security standards and centralize auditing and reporting for compliance purposes.

SOLUTION: Lantronix LM80 Console Servers and Control Center

To meet NERC’s stringent network security and automation challenges, the ISO selected Lantronix LM80 Console Servers, which are managed by the Lantronix Control Center. Altogether, the solution manages more than 70 sites interconnected via the WAN at its market participants’ locations. The ISO is using the intelligence of Local Management to automate a number of network management procedures across its distributed WAN, including managing the networking equipment deployed in the various market participants’ locations to ensure network connectivity and communication to and from their customers.

By utilizing the built-in automated procedures for diagnosis, recovery and configuration management, the ISO provides better service at a lower cost to maintain and support the network. In addition, the ISO brought the Lantronix solution into its data center for LAN-based applications to replicate the automation capabilities that have been successful across the WAN environment.

“We needed to be able to securely access and control all points throughout our network to ensure the protection and reliability of the power grid. Lantronix provided that level of security with its out-of-the-box solution.”

– Regional ISO Network

RESULTS: Ensured Compliance While Reducing Costs

Lantronix’s solution proved to be ideal for this ISO’s distributed WAN and LAN environments as it monitors, measures and reports on all infrastructure changes made to the network, even when network connectivity is disrupted. Deploying the Lantronix solution across the ISO’s network has elevated the level of security of its environment and provided out-of-the-box compliance for the Cyber Security Standards requirements. The solution ensures that the four basic tenets of the Cyber Security Standards are met, including:

  1. Minimizing risk of security breaches
  2. Handling and reporting all incidents
  3. Securing the network’s perimeter
  4. Controlling user access