A TXOne Certified Partner, Mangan Inc. is a nationally recognized engineering firm that provides a range of services with a dedicated team specifically focused on utility and industrial power systems. The team works with a broad range of products for control and protection systems, including protective relays, data concentrators, substation controllers, and various SCADA systems. In addition to power, Mangan also focuses on control and automation systems for oil and gas, pharmaceutical, and other industries. Dave Purpura, their Director of Business Development, has a particular passion for servicing these needs.
“I am specifically focused on power and control systems, so that’s where I spend the vast majority of my time,” Dave said. “Within the power industry, we really like to help customers build or upgrade systems that are generally monitored and controlled from a remote location. For instance, we engineer substations that are connected to transmission operations systems for monitoring or remote switching operations, which provides the utility with the most efficient operation and management cost,” he added.
Mangan also upgrades existing power systems or infrastructure for clients who might still be working with legacy devices such as electromechanical relays, circuit breakers, to modern technology with digital relays, and other networked smart devices. As he explains, “We’re replacing legacy electromechanical devices and installing digital numerical devices that are network connected and able to receive and pass information to the data concentrators or substation automation controllers. These smart devices can now receive, send, and display critical data from the TOC (transmission operation center).”
Dave also works with customers outside the power industry, and lobbies for enhanced OT/ICS cybersecurity in manufacturing and other industries as well.
Why the TXOne Partnership Works for Mangan
Dave does not consider himself an OT cybersecurity expert. “My expertise is in understanding utility and industrial power systems and how OT cyber devices, such as the ones TXOne provides, fit into those systems,” he said. After a few initial conversations between TXOne and Dave, during which he learned about TXOne’s OT-specific background and appliance-based solutions, he saw the critical need to secure the installations Mangan worked on for its customers.
As he explained the reasoning behind the partnership, “I felt like the TXOne products could enhance our specialty engineering offering. The way they fit in is they offer cybersecurity appliances that can be implemented directly below Level 3 of the Purdue Model, the networking level. This specifically impacts the devices we’re trying to secure, so we can protect the customer and help the customer protect themselves from cyber threats,” he said.
As he further explained,
“Mangan can bring OT and cybersecurity expertise to the table from a manpower standpoint, and TXOne brings excellent devices that work very well, are easy to configure or manage, and, most importantly, have current cybersecurity threat detection on them.”
Deploying TXOne Technology
Dave finds TXOne’s Portable Inspector an especially important cybersecurity asset because it protects against a common vulnerability: technicians who often come to a facility from an outside firm to fix a specific problem, help with a small improvement, or install a necessary system upgrade. The technician unknowingly plugs in an infected laptop or storage device to the network, and there you go. “There’s a good chance that OT/IT senior management has no idea this person is connecting to the system, and the technician brought in to help, who has all the best intentions, has now infected, or opened up a vulnerability to your critical system. You are now unknowingly compromised and have no idea it even happened,” he said.
Stopping that sort of incident is especially difficult in a high-stress, production-oriented environment, “This sort of incident is a very critical one,” Dave said, although he’s confident Portable Inspector can help stop it. The challenge, he explains, is when equipment is down, power is not being produced, or production just wants the systems fixed and running. The technician is in a stressful situation, trying to fix the problem, and it’s easy to take shortcuts in that situation and might not have the PC properly checked by IT. But Portable Inspector is right there, and you can just plug it into the USB port. “It just makes it easy to scan and clean the laptop in a short period of time. Portable Inspector makes situations like this less likely to happen,” he said.
Dave also believes that cybersecurity is more effective when it’s built in from the initial design or scope of work, but TXOne devices make it easy to add security to legacy systems. “TXOne devices speak most protocols you encounter in production environments, so we can easily integrate into their systems.” While this can be done to existing production equipment, Dave prefers to see OT cybersecurity planned for and integrated into the initial design.
“I like to bring this up with customers at the beginning of the conversation. A lot of times, it starts with basic things, like discussing the inventory of their equipment assets and connected devices. They usually don’t have a good inventory, so they could really benefit from a vulnerability assessment, and we have technicians and engineers that do that,” Dave said. “Then, we can discuss ways to decrease their vulnerability, such as having our technicians install and deploy security devices on production ‘operational’ equipment. After the system improvements have been deployed, we follow up and discuss the possibility of an LTSA (long-term service agreement), making sure the systems are maintained from that point forward. It’s just good insurance and peace of mind for the company and its stakeholders.”
The same thinking applies to upgrades, such as when Mangan upgrades a customer’s SCADA (supervisory control and data acquisition) system. “If we’re going to touch that equipment, I want to talk to them or offer them TXOne security appliances and decrease the chance of someone with malicious intent taking control of their system. It’s not hard to install on their existing system,” Dave said.
Dave sees TXOne products playing an especially important role in the energy sector and critical manufacturing. “There are customers with very sophisticated and sensitive equipment in areas such as energy transfer, aerospace, military technologies, as well as oil pipeline / mid-stream production, and so forth. Often, IT will tell senior management not to worry, ‘We have a firewall protecting everything!’ I’m trying to educate them that OT cyber products are different and should be deployed below Level 3 in many instances”.
Keeping the Power On
Dave believes one of the most important places TXOne devices should be deployed is on SCADA controlled systems for power grids — he is well aware of what can happen should threat actors gain access through a network vulnerability.
“Imagine you have a critical power station located in a major metropolitan area. It’s network connected and controlled from a remote location, and a malicious attacker accesses the network. They could take control possibly opening a circuit breaker, shutting off power to facilities such as hospitals, banks, or data centers,” Dave advised. He also said there’s a possibility they could change protection settings designed to protect critical assets, and in the event of a real problem, damaging expensive, long lead-time equipment. It’s not only extremely expensive, he suggested, but there’s also the downtime. “Substations have equipment that could take over a year to replace in some circumstances,” he added.
Utilities are extremely concerned about these possibilities, about the havoc they would cause and the negative publicity that follows. “No one wants their company in the evening news,” he stated, and he has sometimes felt the need to make sure customers are aware of the dangers to encourage them to protect their assets. “I point to some of the attacks that have been in the media, where power grids or other critical infrastructure have been attacked and shut down,” Dave said.
Watching Attackers Grow More Persistent — and Creative
One of the things Dave finds most fascinating — and concerning — about OT technology is how persistent the attacks can be and how creative attackers are becoming. “It seems like whenever a company comes up with a fix, someone else finds a way around it,” he said, and the best response is vigilance. “Actually, vigilance plus technology,” he concluded.
Explore OT Cybersecurity Strategies
Learn more about Mangan Inc. and its implementation services for TXOne solutions at Mangan Inc.