The SIEGate Project

The objectives of the SIEGate (the Secure Information Exchange Gateway pronounced Psy-gate) project are (1) to improve the security posture and minimize the external cyber-attack surface of electric utility control centers, and (2) to reduce the cost of maintaining current control-room-to-control-room information exchange.

Funded by the the U.S. Department of Energy, the project team includes the Grid Protection Alliance (GPA) as the project prime and principal software developer, with the University of Illinois at Urbana-Champaign (Illinois) as a research, design, development, and testing partner; the Pacific Northwest National Laboratory (PNNL) as a design review, testing, and evaluation partner; PJM as a demonstration partner; and Alstom Grid as a demonstration and commercialization partner. Work on SIEGate began in 2010 and is expected on conclude in 2013.

Overview

As shown below, SIEGate provides a security isolation layer between critical internal infrastructure and external systems to protect reliability and market sensitive data. SIEGate reduces the cost of data exchange through ease-of-configuration.

SIEGate implements a true publish-subscribe architecture where the sending gateway owner authorizes data as available for subscription by specific consuming gateways. Once authorized, the consuming gateway automatically discovers the data that have been made available to it by other SIEGate nodes and allows the selective subscription to them. SIEGate data available for publication and subscription includes measurements, such as SCADA or synchrophasor data; files, such as SDX files; and higher-level notifications or alarms that are of significance for overall grid operation. These alarms may be configured to promulgate to all interconnected SIEGate nodes so that global alarms can be raised.

Two Parallel Development Tracks

SIEGate is being built upon the Grid Protection Alliance's Grid Solutions Framework (GSF) and in this process the GSF framework has been extensively improved and extended throughout the SIEGate project. The SIEGate project also has benefited from foundational work on "gateways" that was conducted by GPA during it's development of the open phasor gateway, or openPG. This development approach of extension of existing production-grade software has resulted in a parallel development process for SIEGate.

Development Track 1 - The SIEGate Advanced Core. The SIEGate advanced core implements advanced principles of internal system isolation to preclude exploitation of one function to gain access to or disrupt functionality of another. The advanced core leverages the Disruptor high-performance inter-thread messaging library to manage the processing and isolation of information within SIEGate while minimizing latency and maximizing throughput.

Development Track 2 - Other SIEGate Functionality. In addition to the advanced core, SIEGate includes data delivery, data performance and security features. Development track 2 forms the kernel of the "SIEGate Beta". Through this extension of tested, production grade software, it is believed SIEGate can be deployed within production environments while the Advanced Core undergoes rigorous testing and refinement to assure that it is production worthy.

Currently, source code for both development tracks is available on this site. These tracks are expected to come together as the SIEGate Version 1.0 Release Candidate in the summer of 2013.

Hardware Requirements

SIEGate has been designed for implementation on standard, high-availability hardware systems to reduce barriers to commercialization and use. It is targeted for production use on the "minimal installation" of Server Core for Windows Server 2008-R2 which eliminates all non-essential OS features and services.

Last edited Jun 26, 2013 at 9:21 PM by ritchiecarroll, version 24