新型數字變電站 - 更高效、更安全為要求苛刻的現代電網應用做好準備.pdf

1、#CiscoLive#CiscoLivePaul Didier,IoT BE Solution ManagerMarcus Smith,IoT BE Solution ManagerBRKIOT-2015More efficient,more secure and ready for demanding modern Grid applicationsThe New Digital Substation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal n

2、otes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated

3、 by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKIOT-20153#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaUtility&Substation Operations ChallengesDigital Substation Automation SolutionSecuring the Sub

4、station Automated deployment and managementMore capability,smaller footprintConclusionBRKIOT-20154 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveComplimentary Cisco Live sessions applicable to this sessionSession IDSession IDTitleTitleBRKIOT-1203Connecting and Securing R

5、enewable Energy -Enabling Green Technologies with Cisco IoTBRKIOT-2356Cisco solutions for mission critical mobile infrastructure in Industrial IoT environmentsBRKIOT-2882Implementing Segmentation in Industrial NetworksBRKIOTBRKIOT-20152015The New Digital Substation The New Digital Substation more ef

6、ficient,more secure and ready for demanding modern more efficient,more secure and ready for demanding modern Grid applicationsGrid applicationsBRKIOT-2875Industrial Redundancy:PRP and HSR Best PracticesBRKIOT-2585Deployment of Cisco Catalyst Industrial Routers in Public and Private cellular infrastr

7、ucturesBRKIOT-20155 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntegrate new energy sourcesGrid resiliencyMeet security and compliance regulationsImprove grid efficiency and safety Substations face unique challengesThe need for agility is accelerating their digitizati

8、onBRKIOT-20156 2022 Cisco and/or its affiliates.All rights reserved.Cisco ConfidentialBut digitization isnt easyNew demands on the networkSubstations becoming more digitized and automatedPhysical and cyber security threatsHigh degree of timing synchronization requiredIncreased bandwidth requirements

9、Need future proof technologies to keep up with evolving requirementsNeed for simplicity and efficiency7 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKIOT-2015Recent Innovations to Help You DigitizeInnovating to fullfill demandsUtility networks becoming more digitized and automa

10、tedPhysical and cyber security threatsDigitization Increasing BandwidthFuture-proofSimplicity and Efficiency Cyber Vision on IR8340 and IE9300 in Substation IPS/IDS on IR8340 coming July“Last foot”security coming for Distribution Automation CVD for DNAC&SDWAN in Utilities for automating router&switc

11、h deployments New IR8340 multiples higher thruput and performance New IE9300 with higher thruput,copper or fiber ports,stacking IR1101s modularity for public or private 4G or 5G,LORAWAN,We are listening on compact,low power router IR8340 consolidates 4 boxes into 1 in the Substation 8 2023 Cisco and

12、/or its affiliates.All rights reserved.Cisco PublicBRKIOT-2015 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIEC61850 defines Digital SubstationsThe IEC 61850 standard has paved the way digital substations to achieve grid modernizationProtection and control systems based

13、 on IEC 61850 can be built faster,more efficiently,and more repeatably with digital communicationsThis places stringent requirements on the substation LAN networkBRKIOT-20159The New Digital SubstationSubstation Automation Cisco Validated Design 2023 Cisco and/or its affiliates.All rights reserved.Ci

14、sco Public#CiscoLiveSubstation AutomationNew Digital Substation Reference ArchitectureBRKIOT-201511 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSubstation AutomationThe new Digital SubstationProven to work with:Solution Support SCADA applications Resilient substation n

15、etwork topologies and loss-less protocols LAN and WAN network management Assist NERC/CIP complianceBusiness Needs Improve Grid efficiency,safety and reliability Meet Security and Compliance regulationsTechnical Needs Connect more devices with more bandwidth Reduce footprint Zero-touch deployment and

16、 management at scale Resilient networks Support new and legacy communication protocols&devices Cybersecurity visibility and segmentation of servicesBRKIOT-201512 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDigital Substation Architecture enables new capabilities,while

17、being simpler to manage,more redundant and secureBeforeBeforeComplex Redundant WAN designSeparate boxes for:WAN connectionsRedbox Layer for PRP to WANPTP Grandmaster(IE5K or 3rdParty)FirewallsLimited BW/Thruput:Very limited WAN throughput(50Mbps)Limited MPLS support-CE only recommendedLimited WAN co

18、nnections WAN Port count limitedLack of Fiber SFP portsNo stacking possible(port count)FE Downlink ports(e.g.CGS)No network consolidated network managementStandalone CV sensors with SPAN portsChallenging to deploy TrustSecAfterSimple redundant WAN design4 box consolidation:WAN,PRP/HSR SAN Redbox,PTP

19、 GM and ZBFW Firewall(IDS/IPS with UTD),Reduced footprint/power/heatDramatically higher BW/Thruput:Higher WAN(950 Mbps LAN-WAN L3 IMIX)&switch throughput(950 Mbps LAN-LAN L2 IMIX)MPLS CE and P/PE with TE,L3VPNHigh bandwidth and fiber-density SFP and stacking to increase port countCommon Network mana

20、gement with DNA Center and SD-WAN vManage for AutomationIntegrated CV sensorsMore secure infrastructure(TrustSec,Trust Features,MACsec)Blog:https:/ PromoUp to 80%DiscountBRKIOT-201513 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhats new in the SA Validated DesignCatal

21、yst IR8300 RuggedSeries RouterCatalyst IE9300 RuggedSeries SwitchNEWNEWNEWSubstation Automation CVDCisco DNA Center&ISEvManagevBondvAnalyticsvSmart ControllersNEWCisco SD-WANBlogs:Blogs:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSecure turnkey communications f

22、or Digital SubstationsIOIEDMURelayBayControllerStation BusProcess BusESPHigh performance substation 5G routerIntegrated switching,routing,and securityPTP Grandmaster with GPS InputZone-based firewall for Electronic Security PerimeterCyber Vision sensor for endpoint visibility&security postureSecure

23、VPN transport from substation to control centerIOx edge compute to run applications at the edge RoutingSecuritySwitchingHigh performance substation LAN switch8x switch stacking for high port density and reliabilityHigh precision PTP with 50ns accuracyMACsec 256 for point-to-point Ethernet link encry

24、ptionCyber Vision sensor for endpoint visibility&security postureHSR,PRP redundancy for lossless convergence IOx edge compute to run applications at the edge*Ethernet/Fiber,P*Ethernet/Fiber,P-LTE,5G,FirstNet,SDLTE,5G,FirstNet,SD-WAN WAN RTURTU with Serial WANWAN*NEW!IE9300CV SensorNEW!IR8300Firewall

25、PoE to cameraCV SensorTiming GPS InputTimingPTP TCCV SensorCV SensorTimingPTP TCCisco UADP ASICCisco IOS-XE OSCisco DNA Center/SD-WANTimingPTP TCBRKIOT-201515 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe Value Prop of Cisco Software in Substation AutomationNEWCisco

26、DNA Center&ISEvManagevBondvAnalyticsvSmart ControllersNEWCisco SD-WANDeploy network devices faster with provisioning and configuration automation(Routers,Switches,and Wireless)Proactively scale network with deep insights into capacity and performanceReduce downtime with AI-assisted diagnostics and r

27、emediationStreamline IT processes and improve operational efficiencies with Cisco and third-party ecosystemReplace end-of-sale and 3rd party management(Prime and Solarwinds)Flexible architecture(routers only)separate to the underlying transport networks(e.g.MPLS,Cellular)Integrated security with sup

28、port for ZBFW,IDS/IPS and TrustsecPowerful insights.Advanced insights and end-to-end visibility into application,internet,cloud,and SaaS environments.A wide range of IoT and Enterprise,physical and virtual platforms that deliver high availability and throughput,multigigabit port options,5G cellular

29、links,with powerful encryption capabilitiesProtecting the Substation operations 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOT Security GuidelinesBuild a Security Build a Security FoundationFoundation1 1Develop an Incident Develop an Incident Investigation&Response Inv

30、estigation&Response planplan4 4Gain Visibility&Device Gain Visibility&Device PosturePosture2 2Segment network into Segment network into smaller trust zonessmaller trust zones3 3Cisco Cyber VisionCisco Identity Services EngineITSensorZONE 1ZONE 2SensorSensorDefine the IT/OT Boundary with Cisco Secure

31、 FirewallNetwork as a Sensor with Cisco Cyber VisionNetwork as an Enforcer with Cisco ISEInvestigate threats&orchestrate response with Cisco SecureXIDMZCisco SecureXBRKIOT-201518 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDeep Packet Inspection&Active Discoverybuilt i

32、nto your network infrastructureApplication Flow MetadataCyber Vision CenterCyber Vision SensorVisibilityVisibilityAsset inventoryCommunication patternsSecurity PostureSecurity PostureDevice vulnerabilitiesRisk scoringOperational InsightsOperational InsightsTrack process/device modificationsRecord co

33、ntrol system eventsCisco substation LAN switches and WAN routers see everything see everything that attaches to them so you can gain visibility at scalevisibility at scaleBRKIOT-201519 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCyber Vision understands GRID protocols

34、you useGOOSEDNP3MMSModbusIEC 60870-5-104IEC 61850IEC 60870-5-101SVTASE.2DLMS/COSEMC37.118Ciscos Deep Packet Inspection understands process information even when using proprietary protocolsBRKIOT-201520 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGain Operational Insigh

35、tsOperational InsightsCyber Vision CenterCyber Vision Center(Centralized analytics)NetworkNetwork-SensorsSensors(Built in Deep Packet Inspection)Comprehensive asset inventoryDynamic communication mapTrack variable changesDetect changes in the control system ApplicationFlowVulnerability DetectionRisk

36、 Scores21 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDNA-C Enables Visualization of Security PolicyDiscover endpoints and visualize application relationships in Cyber Vision Cyber Vision to help create TrustSec group-based segmentation policies in DNADNA-C Access Cont

37、rol C Access Control ApplicationApplicationEndpoint grouping in Cyber Vision triggers pxGrid updates and results in dynamic assignment of SGTs in ISEISEVisualize group-based network behavior using NetFlow traffic in DNADNA-C Policy C Policy AnalyticsAnalyticsDeploy segmentation policy with confidenc

38、e using DNADNA-C DayC Day-n templates n templates once you are comfortable with the observed network behaviorProcess bus accessStation Bus networkPolicyPolicyCisco DNA Center&ISECyber Vision CenterSensorSensorSensorTraffic from endpoints like RTU,IED or HMI in substation is highly localized within t

39、he process/station bus networksSPANSensorSensorSensorSensorSensorSubstation RouterWANBRKIOT-201522Automated deployment and management 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSW-Defined Network for The Digital SubstationCisco DNA CenterCisco DNA CenterImprove networ

40、k visibility and performancewith AI/ML and machine reasoningReduce DowntimeAutomation and workflows simplify,empower,and streamline network managementIncrease EfficiencySpend less time managing your operational networkTrack updates,ensure SW images comply,and remain aware of security updatesStayComp

41、liantPlatform built on intent-based networking principles and driven by advanced AI,insights and securityRedefine the experienceBRKIOT-201524 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePredictive Maintenance for your industrial network-proactively identify and mitigat

42、e connectivity issuesNetworkAssuranceBeforeAfterHours spent fixing network faultsResolve issues with a single module clickAutomatically detect and prioritize issuesAI/ML-driven remediation for quick resolutionImprove network performanceCisco DNA Center AssuranceConstant monitor of network and device

43、s for up-to-date visibilityAI/ML and machine reasoning for root cause analysis,to find anomalies instantlyCorrelated insights,with telemetry data to accurately pinpoint root causeGuided remediation allows for single-click resolution,allowing machine reasoning automation to close the loopBRKIOT-20152

44、5 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco DNA Center Network Automation to drive operational efficiency and streamline maintenanceBase AutomationCisco DNA Center Base AutomationBeforeAfterManual device configurationSimple automated workflowsWorkflows to do in

45、 seconds what used to take hours/daysLower cost of network operationsBridge the IT skill gap and save timeSoftware image management(SWIM)provides consistency for better network performanceZero-touch provisioning speeds and simplifies adding new devices(PNP,RMA)Machine reasoning (MR/ML)workflows auto

46、mate complex tasks into the simple push of a buttonBRKIOT-201526 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompliance Checks to ensure changes made to the network are consistent with your standardsNetworkComplianceBeforeAfterDiscrepancy between As-Built vs As-Is netw

47、orkInsights on deviations to ensure compliance Continuous monitoring for network changesAudit logging to track who(and what/when)made changesCisco Product Security Incident Response Team Alerts Cisco DNA Center ComplianceConfiguration DriftsCritical Security Advisories “Psirts”“Golden Image”confirma

48、tion for all network devicesBRKIOT-201527Automated deployment and management 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSingle integrated platform for routing,switching and securityEasier to manage:One control plane for Layer 2 and Layer 3Full MPLS Layer 3 supportDNA-

49、Center and SD-WAN8 core processor for dispersed workloadsPoE,PoE+and UPoEBackwards compatible with SerialOnly Cisco router that converts GNSS time to NTP,PTP,SyncESecurity and visibility with Cyber VisionHardware based MACSec LAN and*WANIPSEC-DMVPN,FlexVPN,IKEv1,IKEv2*URL filtering,Cisco AMP,Snort(I

50、PS/IDS)Group based policy(TrustSec)*Policy edge node support(DNA Center)Zone based firewallCisco Catalyst IR8300 RouterUnleashing enterprise features at the industrial edgeIR83404 copper 4 combo 4 SFP 2 combo WAN ports4 expansion slots5G SD-WANRedundant power supplies20 x increased encryption*Indust

51、ry leading cyber securityUnprecedented visibility of assetsUnrivaledperformance at scale*Coming soonBRKIOT-201529 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFeature Delta Between CGR-2010 and IR8340CapabilitiesCapabilitiesCGRCGR-20102010IR8340IR8340SecuritySecurityZBF

52、W(ZoneZBFW(Zone-based firewall)based firewall)ZBFW,IPS/IDS,Cisco Cyber VisionZBFW,IPS/IDS,Cisco Cyber VisionTimingTimingNTPNTPGNSS,1588,GNSS,1588,SyncESyncE,IRIG,IRIG-B,NTP,B,NTP,PTP over PRP(17.12)/PTP over PTP over PRP(17.12)/PTP over REP/HSR(TBA)REP/HSR(TBA)Number of PortsNumber of Ports2 212+212

53、+2Performance/Performance/ThroughputThroughput30Mbps30Mbps2Gbps2GbpsSDSD-WANWANN NY YEdge ComputeEdge ComputeN NY YHA ProtocolsHA Protocols-Y YManagementManagementCisco PrimeCisco PrimeDNADNA-C,(SDC,(SD-WAN)WAN)vManagevManage,Prime,PrimeBRKIOT-201530 2023 Cisco and/or its affiliates.All rights reser

54、ved.Cisco Public#CiscoLiveCatalyst IR8340 Timing Module GPS GLONASS BEIDOU GALILEO Clear sky 20ns Indoor 500 ns Stratum 3e More accurate hold-over in case of GNSS loss Constellation SupportTime Pulse AccuracyBuilt-in OscillatorEnabling Precision Timing for IEC61850 based ApplicationsNew IR8340 Timin

55、g Module GNSS IRIG-B TODBRKIOT-201531 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUp to 128 Gbps switching capacityHardware support for 8 x density with backplane stackingUnrivaled timing and synchronization:50ns per hop PTP accuracy Better throughput:5K TCAM entriesIE

56、-9310-26S2C26 SFP 2 Combo portsRedundant power suppliesIE-9320-26S2C26 SFP 2 Combo portsRedundant power suppliesBackplane stackingEndpoint and application visibilitywith Cyber Vision and NBAR2Better assurance:Full Flexible NetFlow and IOS-XE telemetryOperational vulnerability and security posture wi

57、th Cyber VisionMACsec 256SD-Access fabric Edge andgroup-based policy(TrustSec)Cisco Catalyst IE9300 SwitchUnleashing enterprise features at the industrial edgeIndustry leading cyber securityUnprecedented visibility of assetsUnrivaledperformance at scaleBRKIOT-201532Catalyst IE9300 Rugged SeriesThe n

58、ew Catalyst IE9300 Rugged Series portfolioAll-fiber and all-copper,high performance,ruggedized industrial rackmount switches26x 1GE SFP ports2x 1GE combo portsIEIE-93109310-26S2C26S2CIEIE-93209320-26S2C26S2C26x 1GE SFP ports2x 1GE combo portsStackableIEIE-93209320-24P4S24P4S24x 1GE with PoE/PoE+Up t

59、o 385W PoE budget4x 1GE SFP portsStackableIEIE-93209320-16P8U4X16P8U4X8x mGig with 90W 4-pair PoE16x 1GE with PoE/PoE+portsUp to 720W PoE budget 4x 10G SFP portsStackableIEIE-93209320-24P4X24P4X24x 1GE with PoE/PoE+4x 10G SFP portsUp to 720W PoE budgetStackableIEIE-93209320-24T4X24T4X24x 1GE ports4x

60、 10G SFP portsStackableIEIE-93209320-22S2C4X22S2C4X22x 1GE SFP,4x 10G SFP2x 1GE combo portsTiming inputConformal coatingStackablePWRPWR-RGDRGD-ACAC-DCDC-400400720W of PoE power with 2 PSUsThe most comprehensive industrial rackmount portfolio in the marketThe most comprehensive industrial rackmount p

61、ortfolio in the marketShippingShipping5 New Models5 New ModelsCisco Live Exclusive33 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKIOT-2015 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIE9320 StackingSingle virtual switch(Single Managemen

62、t and Control Plane)Hardware Capable 8 x IE9320 per stack,3 members supported since 17.8.1aStacking will be supported by Cisco DNA-Center release(2.3.6)Stack members must be homogenous(license and IOS-XE)StackWise-80-80Gbps(40Gbps full duplex per port)Mixed stacking not supported(only IE9320 members

63、)PTP over stacking support on roadmapFeatures not supported over stacking:Dying Gasp REP Fast PRP SD Card for zero touch replace.Not needed with stackingBRKIOT-201534Conclusion 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveKey Take AwaysCisco Validated Designs provide be

64、st practice design and implementation guidanceThe New Digital Substation products offer enhanced capabilities to help utilities migrate to IEC61850 based architectures The New Digital Substation is more efficient,more secure and ready for more demanding grid applicationsChoosing the best suited Mana

65、gement is based on the persona,use case and capabilities requiredGaining asset visibility is key to securing your grid applicationsInnovation is only possible through digitising your grid infrastructureBRKIOT-201536 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAlso Inve

66、sting in Utilities IoT CVD Solutions Distribution AutomationFeeder&Secondary Substations Renewable Energy New!Offshore Wind Farms SDWAN in Industry Routers New!SDWAN for DA Use Cases Substation Automation Updated!Grid Security Updates Coming!BRKIOT-201537 2023 Cisco and/or its affiliates.All rights

67、reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand

68、prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKIOT-201538 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the int

69、eractive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive41Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123441 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKIOT-2015#CiscoLive