Physical Isolation for Power Grid and Utility SCADA
Utility networks bridge physical infrastructure and digital control. When those control paths are compromised, the consequences extend far beyond data loss to affect millions of people who depend on essential services.
Utilities
When utility control systems are reachable from corporate networks or the internet, every software vulnerability becomes a potential service disruption affecting millions of people.
100%
SCADA path isolation from corporate IT
Zero
Persistent remote access to control systems
6
Control modules deployed per utility zone
Full
NIS2 and NERC CIP compliance evidence
Utility control systems face converging threats.
IT/OT Convergence
Smart grid modernisation creates network paths between corporate IT and operational technology that attackers traverse to reach control systems.
Legacy SCADA Systems
Decades-old SCADA and RTU equipment lacks modern security capabilities and cannot be patched without risking operational disruption.
Smart Meter Attack Surface
Advanced metering infrastructure creates millions of network endpoints that expand the attack surface into previously isolated distribution networks.
The Scenario
Scenario: Smart Grid Supply Chain Attack
Attackers compromise a firmware update server for smart meter head-end systems. The malicious update propagates to distribution management systems through the AMI network, eventually reaching SCADA workstations via shared network segments. Operators lose visibility into distribution grid status across an entire region. Restoration takes nine days because backup SCADA configurations were stored on network-attached infrastructure that was also compromised. With Firevault Control, the AMI network is physically separated from SCADA systems. Backup configurations reside in air-gapped storage requiring multi-party authorisation. The compromised firmware cannot traverse into control systems because the network path does not exist.
"Our penetration test showed that from a compromised smart meter head-end, there were only three hops to the SCADA master. Three hops between a meter and the ability to open breakers across the distribution network."
Physical governance for utility control systems.
Utility operators gain physical control over every network path between IT, OT, and AMI systems. Smart grid modernisation proceeds without creating the converged attack surfaces that threaten operational continuity. Recovery from even the most sophisticated attacks is guaranteed through air-gapped configuration archives.
- Physical separation between IT, OT, and AMI network zones
- Multi-party authorisation for all cross-zone operations
- Emergency severance capability for active threat containment
- Out-of-band management independent of utility communications
- Continuous compliance evidence for NIS2 and NERC CIP
- Air-gapped disaster recovery for total compromise restoration
Fracture, Emergency Grid Severance
Module 1 of 4Physically disconnects grid segments during active threats or cascading failures. When a compromise is detected in one zone, Fracture severs the network paths to prevent lateral movement into adjacent control systems or substations.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Sovereign Grid Data
All utility control data remains within the agreed jurisdiction in NATO-approved Firevault Bunkers, ensuring sovereign control over national energy infrastructure data.
Multi-Party Control
Critical operations require authorisation from both control room operators and security teams, preventing unilateral access to grid control systems.
Regulatory Evidence
Automated compliance logging generates continuous evidence for NIS2, NERC CIP, and Ofgem security requirements.
Cellular Failover
Out-of-band management ensures control plane access even when primary utility communications networks are compromised.
Tamper-Proof Logging
Every access, configuration change, and control command is recorded in immutable logs on physically separate infrastructure.
Air-Gapped Recovery
Physically disconnected backup copies of all grid configurations ensure restoration capability during total compromise scenarios.
Demo to Live
Adoption Guide
Utility Network Assessment
Map all network paths between corporate IT, SCADA, AMI, and distribution management systems to identify convergence points and persistent connections.
Zone Architecture Design
Design physically separated zones aligned to your utility operations with appropriate Control modules at each boundary.
Non-Production Pilot
Deploy in a test environment mirroring your SCADA architecture with full zone separation, multi-party authorisation, and compliance logging.
Operational Deployment
Full deployment across utility infrastructure with air-gapped recovery, continuous compliance evidence, and 24/7 out-of-band management.
Utility Network Assessment
Map all network paths between corporate IT, SCADA, AMI, and distribution management systems to identify convergence points and persistent connections.
Zone Architecture Design
Design physically separated zones aligned to your utility operations with appropriate Control modules at each boundary.
Non-Production Pilot
Deploy in a test environment mirroring your SCADA architecture with full zone separation, multi-party authorisation, and compliance logging.
Operational Deployment
Full deployment across utility infrastructure with air-gapped recovery, continuous compliance evidence, and 24/7 out-of-band management.
Win Business, Earn Trust, and Build Reputation with Butterfly
Butterfly is an operational model that helps organisations structure sensitive data to close deals faster, strengthen client relationships, and demonstrate the governance maturity that wins enterprise contracts.
Built on the VPPP framework (Vault, Policy, Permissions, Purpose), Butterfly maps your sensitive data and assigns dedicated Vaults by role, relationship, and purpose, turning data stewardship into a competitive advantage.
Deal Readiness
Governed materials ready to share with confidence
Client Trust
Demonstrate stewardship that earns loyalty
Board Confidence
Clear governance that inspires stakeholders
Enterprise Scale
Structure data governance across your organisation
Who Uses Butterfly?
-
Sales Teams
Secure client proposals, pricing, and commercial intelligence
-
Service Providers
Exchange sensitive documents with clients through governed Vaults
-
Businesses
Protect strategic plans, IP, and competitive intelligence
-
Family Offices
Structure data governance across principals, staff, and advisors
Explore More
Control for Critical Infrastructure
National-grade security for essential services.
Learn more about Control for Critical InfrastructureIT/OT Convergence Threat
Physically separate IT from operational technology.
Learn more about IT/OT Convergence ThreatControl for Water
Treatment plant and distribution SCADA path control.
Learn more about Control for WaterQuestions
Frequently Asked
Ready to take the next step?
See how Control can govern your data paths with physical enforcement no software exploit can bypass.
Speak to the team to organise a PoC
Walk through your blueprint with the Firevault team and scope a proof of concept on your estate. 30 minutes, no sales pitch.