Like most industries, security has become the level of cybersecurity required today. a top priority for utilities. The exponential All Sensus solutions are designed and built increase of cyber threats over the past from the ground up to provide end-to-end decade is progressively disconcerting. protection. Sensus is prepared to help utilities embrace
AVAILABILITY
CIA Triad INTEGRITY
CONFIDENTIALITY
Sensus applies an industry standard process to mitigate Integrity of data risks during the design, development, testing, and Integrity (the precise transmission and storage of operation of solutions. This strategy encompasses data) is ensured by the proper use of encryption, the full spectrum of products: from the end points, authorization and authentication. Transactions cannot across the network, to the head-end system and the be changed or tampered with as they are protected data center, extending to the back office software. This with digital signatures (ECDSA). process is guided by three elements – the need to maintain confidentiality, integrity and availability - also Availability of services known as the CIA Triad. Service continuity is ensured through redundancy and resiliency provided by the Sensus FlexNet® Confidentiality of data communication network which securely transmits data Sensus products promote confidentiality through at over two times the power of competitive systems. mechanisms like tamper resistance, data encryption, Sensus is the only provider of a private, FCC protected, and role-specific access privileges. Sensus also enables licensed spectrum network. Our private network utilities to comply with law enforcement and regulatory means you’ll never have transmission interference or requirements by offering robust logging and auditing have to share frequencies. A private point-to-multipoint of data. network, by its nature, provides an unmatched standard of resilience and availability. SDLC – Secure Development Lifecycle
Sensus follows the SDLC model to ensure security is built into all stages of product development.
Continuous Ongoing Creating the Internal and 3rd testing vulnerability most secure All software party testing, Security is top and quality management is architecture and and hardware auditing and of mind in the assurance is provided through design is based engineers are certifications requirements practiced during bug fixes, patches, on balancing risk trained on secure are applied gathering phase development antivirus software and cost. Risk coding practices and earned of product to ensure and additional assessments and and regulatory to guarantee development. protection and measures to threat modeling compliance. additional levels catch threats up maintain security are conducted. of protection. front. after deployment.
Design Development, QA Reviews, audits, maintenance
Third Party Testing, Certifications, Sensus is the industry’s first security- Standards Compliance certified company. Sensus employs external experts to assess security in The Achilles Practice Certification from GE-Wurldtech both theory and in practice. This includes, but is not was awarded to Sensus for achieving compliance limited to: with industry standard security best practices, • IBM, NCC Group (formerly Matasano Security) - covering areas such as hardening, anti-malware, Architecture and code reviews patch management, network, and data security. The certification verifies the entire system lifecycle • Rapid7 — End-to-end penetration testing of the from organizational governance, through solution Sensus operations environment design and services development, testing, and • GE-Wurldtech, SAIC — End-to-end security commissioning, to maintenance and support. assessment and penetration testing of customer environments Sensus FlexNet communication network is the industry’s first security-certified AMI. Sensus monitors the following for standards/ regulatory compliance: The Achilles Communication Certification from GE- Wurldtech verified the network robustness and • NIST (IR 7628) • NERC-CIP end-to-end secure architecture, proving FlexNet’s • SGIP • ZigBee overall resilience against intrusion and other security • AMI-SEC • ICSJWG breaches. Security Architecture Advances in cyber technology End to end security layers include: Sensus is committed to staying on the forefront of • Enterprise DC - Firewalls, DMZ, VPNs the latest advancements in cybersecurity. One such advancement becoming more prevalent in every • OS/App hardening, patching, A/V industry, including utilities is Blockchain. Blockchain • Remote access, multi-factor authentication technology stores cryptographically protected • Role based access control information across a decentralized, distributed • Intrusion based detection/prevention, auditing/ network, making it difficult for a hacker to take logging, SEIM down an entire network. For example, Blockchain technology can help with secure certificate/key • Redundant communication channels, disaster distribution to millions of end points, as well as recovery peering and smart contracts. • Encryption, HSM, digital signatures, non- repudiation
SmartWater SEM/SIM System Utility FlexNet Users Sensus Key Database Gas FlexNet RNI IP Backhaul Utility Web MDM • Anti-Virus Applications Services Network • Host IDS/IPS Encrypted Interface AES-256 • Host FIrewall Encryption Key Store Sensus Key AES-256 Encryption DA Devices FlexNet FlexNet RTM II DMA FlexNet VPN Tunnel Firewall Firewall Network Base Syslog/SNMP Network Customer Automation Application Stations IDS/IPS Control Third Sensus Key Server Party IED Utility FlexNet Users Database HAN Distribution Electric Automation SCADA Apps DNP Zigbee Cert. (OMS, DMS, etc.) Interface Encrypted Key Store Sensus Key Zigbee™
Security Architecture
Learn more at sensus.com/cybersecurity The FlexNet™ Communication Sensus Analytics Network Sensus Analytics makes your utility data clear, simple and actionable. A functionable and customizable suite of FlexNet is a point-to-multipoint and fixed-base applications with user-friendly dashboards enables you communication network from Sensus that utilizes a to make informed decisions quickly and confidently. Our private, FCC-licensed spectrum. As a fundamental part powerful data management tools aggregate information of an overall smart utility solution, FlexNet supplies the from your AMI, AMR and other sources, securely delivering reliable two-way communication network needed to insights through intuitive apps right to your desktop, tablet deliver data from meters and other infrastructure to or smartphone. Role-based access allows service providers utilities, deriving meaningful and actionable insights. to share tailored information across the organization for improved productivity, visibility and decision-making. FlexNet is resilient, secure and future-proof. • Reliable data • Fast transmission • Prepare and execute billing on meters. • Remote management • Support for scalability • Maintain and manage meter performance and data. • Improved efficiencies • Low cost of ownership
Regional Network Interface™ Customer Portal Regional Network Interface (RNI) is a tool that comes with Customers want to be engaged and in control—and that FlexNet to read, collect and deliver real data, providing a means they want to be smart when it comes to utility usage. window into the field. Communicating with end points, RNI The Sensus Customer Portal works in conjunction with Sensus continuously gathers and processes network data, providing Analytics to improve customer service, enhance customer utility status updates and storing or sending data to CIS and engagement and promote sustainability. This web-based, billing systems. Priority alarms are delivered immediately interactive application creates easy-to-read usage charts, for fast response, and onboard diagnostic tools optimize graphs, billing estimates, tips and more, providing virtually performance by monitoring and managing network health. everything a customer needs to correct current issues and make better-informed decisions about future usage. RNI is the nerve center of FlexNet, made up of • Customizable interface with 24/7 access. • Improves operational efficiency. • Greater customer control for reduced call volumes. • Monitors system performance. • Customer target-setting to manage bills and • Manages network security. save resources. • Configures end points over the air. • Email or text alerts on important account information. • Enables reliable service, accurate billing and faster response.
SSB-10002-01
© 2018 Sensus 1-800-638-3748 sensus.com