Protecting network traffic from malicious attacks is a challenge for any network administrator. It's an even more daunting task for the IT security team working at the Independent Electric System Operator (IESO), which runs Ontario's wholesale power market.
With a staff of 500 employees, the IESO is responsible for keeping the lights on for more than 10 million customers.
The non-profit body connects all key players in the grid – generators that produce electricity, transmitters that send the current across the province, retailers that buy and sell energy, industries and businesses that use power in large quantities and local distribution companies that deliver electricity to people's homes.
IESO is also responsible for reporting network "events" to appropriate industry auditors to ensure it is in compliance with proper security procedures.
This is easier said than done. IESO's IT architecture includes more than 2,500 connected devices – an intricate mix of servers, firewalls, and other intrusion detection systems – that generate more than 6,000 events per second With such a complex, diversified architecture, producing these reports presents quite a challenge.
"It got to a point where creating the reports on top of our normal day-to-day tasks was nearly impossible," said Dave Lewis, information security team leader of IESO.
Lewis said four years ago IESO simply created a server to collect the data and extract appropriate events for the compliance reports. "We built a log server using Linux to do the job. It worked, but the task just got too tedious."
The five-person information security team devoted more than an hour each day to generate the reports.
The IESO's strategy for dealing with compliance requirements is not uncommon, according to Jim Melvin, executive vice-president of marketing at Network Intelligence Corp.
icon.
