Security
Executive Summary

Cybersecurity is more critical than ever, because of an increasing number of smart gadgets connected to the cyber world, and the Internet of Things (IoT) is becoming more extensive, so security for all these connected devices is essential. Taipower issued the “Information and Communication Security Promotes System” and “Directions for Operations of Information and Communication Security” since 2001 and obtained the ISO 27001/ BS7799 security certification in 2004 and the certification remains valid so far.

The Executive Yuan, R.O.C. issued “Cyber Security Management Act” in 2018, based on it, the participants of National Critical Infrastructure are required to submit “Cybersecurity Maintenance Plan” with its execution results every year, and to pass ISO 27001 information security standard verification. Taipower company is the critical infrastructure provider of power facilities and acquired ISO 27001 verification in 2005. Taipower company also follow the regulations “The cybersecurity protection baseline of Critical Infrastructure ICS (Industrial Control System) in Energy and Water area” issued by Ministry of Economic Affairs, which has become the standard of ICT (Information and Communication Technology) system cyber security guideline in Taipower company. According to it, Feb 2020 Taipower company issued “Cyber Security Maintenance Plan” and fulfill cyber security procedures which not only protect Taipower company’s core IT (Information Technology) system but also keep on focusing the cyber security defense mission of infrastructure in power line system and smart grid development.

“The cybersecurity protection baseline of Critical Infrastructure ICS in Energy and Water area” was edited by referencing international cyber security official document such as ISO 27001, ISO 27091, IEC 62443 and NIST SP 800-82. Taipower company followed the procedures required by government, issued “Cyber Security Maintenance Plan” for OT (Operational Technology) cyber security defense baseline, complied with international standards of OT cyber security as well. For complying with system protection by higher security level are required to establish industrial control network boundaries and according to the access control matrix of “The Cybersecurity Protection Baseline of Critical Infrastructure ICS (Industrial Control System) in the Energy and Water Area”, Taipower company completed the network protection of security framework, Internet connection control and isolation measures of firewall policy on the 6 power supply area operation offices, and established an industrial control information security monitoring mechanism to regularly inspect and report abnormal situations to the managers.

In the Smart Grid operation and management, reliability of information and real-time communication networks play a critical role. The threats of cybersecurity in the ICT also affect Smart Grid. Since there are more and more cyber attacks on CII (Critical Infrastructure Information), Taipower is developing the “Smart Grid Security Deployment Plan” by referencing to IEC62443, NIST SP 800 and “The Guideline of CII Cybersecurity Protection” issued by Executive Yuan. The project is ongoing and has been improved continuously.

As for the Advanced Meter Infrastructure (AMI) of smart grid, the risk of cybersecurity threat is getting higher because of its large number of devices, wide distribution in geometry, and its remote location. Therefore, we have to estimate the potential risk of whole AMI device. Based on the estimated result, we take the protection steps for the physical device, network, and applications.

Taipower Company sticks to the promise of customer’s privacy data protection. With the development of the smart grid, more data are generated as time goes by. Following laws and the commitments to the customer, Taipower Company implements various protection methods to ensure customer’s privacy data and information will not be leaked.

Cybersecurity information analysis and sharing are the core of the whole cybersecurity defense mechanism. Except for the enhancement of various cybersecurity strength, Taipower also acquires cybersecurity information rapidly in advance to increase the protection ability. Taipower Company establishes ISAC (Information Sharing and Analysis Center) to exchange the intelligence with the government energy ISAC platform. By sharing the cybersecurity information, we achieve the goal of joint defense and avoid potential security threats.

  • Enterprise-wide EDR (Endpoint Detection and Response) Deployment and Incorporated with SOC (Security Operation Center)

    As Cyber threats improve every day, Taipower has been setting up the EDR in 2020, besides the current antivirus protection. Also, the EDR has been incorporated with Taipower SOC. To defense APT (Advanced Persistent Threat) of hackers’ attacks on the industrial control field running, Taipower company deployed Endpoint-Protection software, by way of introducing AI(Artificial Intelligent) detection to respond to information security threats quickly, analyze internal information security risks, and improve the industrial control field to the office boundary for Information security protection capabilities, which shorten the response time of information security incidents to enhance the overall cyber security protection.
    EDR provides a number of features that improve the organization’s ability to manage Cyber security risk(for example, ransomware), such as: full improved visibility into the state of the network’s endpoints from a single console, rapidly gain context regarding a potential security incident and quickly take steps to get remediated as soon as possible for APT, remediate certain incidents and reduces load on security analysts immediately, and having threat hunters to identify and investigate potential contextualized signs of an existing infection to avoid the spread of amount increasing incrementally.

    Facing Advanced Persistent Threats(APT) of hackers’ attacks on the industrial control field running, Taipower deployed Endpoint-Protection software, by way of introducing AI intelligent detection to respond to information security threats quickly, analyze internal information security risks, and improve the industrial control field to the office boundary for Information security protection capabilities and shorten the response time of information security incidents to enhance the overall cyber security.

  • Newly A/B-level Units to Gain ISO27001 Certification for The Latest National CII Specified by Counseling and Advise

    ISO 27001:2013 (the current version of ISO 27001) provides a set of standardized requirements for an ISMS (Information Security Management System). This standard adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving Taipower’s ISMS. As the certification for ISMS, ISO 27001:2013 prescribes a set of rules on how organizations and/or enterprise should manage and handle information in a secure way to safeguard its integrity, confidentiality and availability. ISO 27001:2013 certificate is proof that Taipower has properly implemented processes and organizational structures to manage all risks related to information security, protect information assets, and achieve compliance with international best practices and legislation.
    According to the information security responsibility level approved in 2020, the ISMS should be introduced within 2 years after the approval and got the independent third-party certification within 3 years. Therefore, Taipower company had already handled the information security advisory committee in 2021, and completed the consulted 13 districts to get the ISO27001 certification in 2022.

  • Implementation of IDS (Intrusion Detection System) in OT Field

    Taipower had implemented IDS (Intrusion Detection System) in OT (Operational Technology) field and integrated IDS data with Taipower SOC since 2020. And Taipower company shows the capability to deploy an ICS network threat intrusion detection mechanism without affecting the network operation and equipment performance of industrial control equipment, and at the same time improve the visualizable security for monitoring the ICS network. In November 2022, Taipower company completed the construction of the smart grid intrusion detection system for 8 units of dispatching center to enhance the capability of information security protection for the industrial control system. The primary purpose of our IDS is to identify and log incidents for OT network. It does this by analyzing data packets, detecting suspicious activity, and logging such activity. The benefit of the IDS is that it allows security professionals to detect and understand exploits and attacks on a network to achieve 7x24 non-stop monitoring. The IDS also allows security professionals to establish a baseline of expected traffic and to obtain a record and notification when protocols and traffic patterns deviate from that baseline.

    ICSs (Industrial Control Systems), supervisory control and SCADA (Supervisory Control And Data Acquisition) networks are facing a growing number of threats, including malware of IoT based and Cyber attacks. As the power, automation, and industrial control industries transition from switched circuits to switched packet communications, SCADA and ICSs networks are becoming very popular targets of attacks.

The IDS monitors both inbound and outbound communications on OT network and among devices, and it records events such as unauthorized access attempts, port scans, probes, buffer overflows, OS (Operating System) fingerprinting, and other forms of attack.

An IDS of network has become a very important piece of the security framework in enterprise. It adds security controls not previously available and provides enhanced situational awareness within a single network segment. In addition to antivirus protection and firewalls on Taipower’s supervisory control and SCADA networks, a properly deployed, configured, and managed IDS adds the ability to detect if a network has been breached.

  • CDR (Content Disarm and Reconstruction) Deployment for Document Threat of Removable Storage Media in OT Field

    In Taipower’s physical isolation site (for example, a power plant), third-party vendors or suppliers are one of the possible people vulnerable to malicious content and/or partial programs in the process of maintenance or people updating by way of removable storage media.

    Taipower CDR(Content Disarm and Reconstruction) mechanism offers true zero-day prevention as soon as possible as the below 3 features, while delivering files to operational routine.

    • In the OT(Operational Technology) field of Taipower, data detection for isolated ICS (Industrial Control System) is ready to go for it now.
    • By adapting the CDR mechanism, the embedded malicious executable content of file can be removed from a removable media device.
    • The CDR technology reduces the risk of downloading ransomware or vulnerability attack isolated local OT field, to avoid the disaster of large-scale infections leading to the suspension of operations and improves efficiency of operation running continuously.

CDR, also known as ‘Threat Extraction’ or ‘File Sanitized’, proactively protects against known and unknown threats contained in documents by removing executable content.

Go To Top