Physical Isolation for Power Grid and Utility SCADA
Utility networks bridge physical infrastructure and digital control. When those control paths are compromised, the consequences extend far beyond data loss to affect millions of people who depend on essential services.
Utilities
When utility control systems are reachable from corporate networks or the internet, every software vulnerability becomes a potential service disruption affecting millions of people.
100%
SCADA path isolation from corporate IT
Zero
Persistent remote access to control systems
6
Control modules deployed per utility zone
Full
NIS2 and NERC CIP compliance evidence
Utility control systems face converging threats.
IT/OT Convergence
Smart grid modernisation creates network paths between corporate IT and operational technology that attackers traverse to reach control systems.
Legacy SCADA Systems
Decades-old SCADA and RTU equipment lacks modern security capabilities and cannot be patched without risking operational disruption.
Smart Meter Attack Surface
Advanced metering infrastructure creates millions of network endpoints that expand the attack surface into previously isolated distribution networks.
The Scenario
Scenario: Smart Grid Supply Chain Attack
Attackers compromise a firmware update server for smart meter head-end systems. The malicious update propagates to distribution management systems through the AMI network, eventually reaching SCADA workstations via shared network segments. Operators lose visibility into distribution grid status across an entire region. Restoration takes nine days because backup SCADA configurations were stored on network-attached infrastructure that was also compromised. With Firevault Control, the AMI network is physically separated from SCADA systems. Verified control-plane baselines are held on infrastructure that has no live network path to production and require multi-party authorisation to release. The compromised firmware cannot traverse into control systems because the network path does not exist.
"Our penetration test showed that from a compromised smart meter head-end, there were only three hops to the SCADA master. Three hops between a meter and the ability to open breakers across the distribution network."
Where each Control module is deployed across a utility network.
Utility estates run along the Purdue model: cloud and corporate at the top, an industrial DMZ in the middle, supervisory and basic control below it, and the physical plant at the bottom. Control puts a real boundary at every level so a problem on one side does not become a problem on the others.
Grounded in NIST SP 800-82 Rev. 3, IEC 62443-3-2, NERC CIP-005 and ENISA Smart Grid guidance.
Cloud / Internet DMZ
External
Public reach, untrusted by default.
Public reach, untrusted by default.
Public traffic terminates in the DMZ, not in the office.
Enterprise
IT
Office network and customer systems. Not part of operations.
Office network and customer systems. Not part of operations.
Office estate cannot reach the industrial DMZ on its own.
Industrial DMZ
DMZ · trust boundary
Brokered exchange between IT and OT. No straight-through paths.
Brokered exchange between IT and OT. No straight-through paths.
Data and commands cross the DMZ on scheduled, approved routes.
Operations systems
OT
Operational records and engineering tools.
Operational records and engineering tools.
Operations systems and SCADA sit on separate fabrics.
Supervisory control
OT
Control room view of the grid.
Control room view of the grid.
Control commands need approval before they reach substations.
Basic control
Field
Substations, breakers, feeders.
Substations, breakers, feeders.
Field devices ties to named engineers.
Physical
Field
Crown jewels
Off-network
Detail callout · A
Offline Secure Storage
Grid configurations, protection relay settings, network maps and the recovery sets you need to rebuild from a known-good state.
Offline by design · secure by defaultModules & symbols
Where each module is deployed, and what it does there.
One row per module. Placement on the network, then plain-English purpose at that point.
-
Isolate
At every Purdue boundary
Each level sits on its own physical fabric. A misconfigured rule on the corporate side cannot create a path into SCADA or the substations.
-
Firebreak
On the L5 to L4 link and the L4 to L3.5 link
Firebreak gives operations a hardware off switch on the public and office boundaries, so a compromise in enterprise cannot ride a live cable into the grid.
-
Validate
On the L5 to L4 link, and inside the L3.5 DMZ
Before any request crosses into the office or down into operations, Validate checks origin, integrity and authority. Unsigned or unexpected traffic does not progress.
-
Relay
Inside the L3.5 DMZ
Data flows from L4 into L3 inside scheduled, defined routes. Nothing streams unattended.
-
Execute
Inside the L3.5 DMZ and on the L2 to L1 link
Firmware, configuration and control actions hold until the right approval is in place. Single clicks do not move grid kit.
-
Lock
On the L3 to L2 link and the L1 to L0 link
The closer you get to the physical plant, the tighter the named access. Standing access into substations is the exception.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Sovereign Grid Data
All utility control data remains within the agreed jurisdiction in NATO-approved Firevault Bunkers, ensuring sovereign control over national energy infrastructure data.
Multi-Party Control
Critical operations require authorisation from both control room operators and security teams, preventing unilateral access to grid control systems.
Regulatory Evidence
Automated compliance logging generates continuous evidence for NIS2, NERC CIP, and Ofgem security requirements.
Cellular Failover
Out-of-band management ensures control plane access even when primary utility communications networks are compromised.
Tamper-Proof Logging
Every access, configuration change, and control command is recorded in immutable logs on physically separate infrastructure.
Verified Configuration Baselines
Verified baselines of all grid configuration enable restoration of control-plane state during total compromise scenarios.
Demo to Live
Adoption Guide
Utility Network Assessment
Map all network paths between corporate IT, SCADA, AMI, and distribution management systems to identify convergence points and persistent connections.
Zone Architecture Design
Design physically separated zones aligned to your utility operations with appropriate Control modules at each boundary.
Non-Production Pilot
Deploy in a test environment mirroring your SCADA architecture with full zone separation, multi-party authorisation, and compliance logging.
Operational Deployment
Full deployment across utility infrastructure with verified configuration baselines, continuous compliance evidence, and 24/7 out-of-band management.
Utility Network Assessment
Map all network paths between corporate IT, SCADA, AMI, and distribution management systems to identify convergence points and persistent connections.
Zone Architecture Design
Design physically separated zones aligned to your utility operations with appropriate Control modules at each boundary.
Non-Production Pilot
Deploy in a test environment mirroring your SCADA architecture with full zone separation, multi-party authorisation, and compliance logging.
Operational Deployment
Full deployment across utility infrastructure with verified configuration baselines, continuous compliance evidence, and 24/7 out-of-band management.
Explore More
Control for Energy
Transmission, distribution and substation control.
Learn more about Control for EnergyControl for Water (utilities)
Treatment, distribution and outstation telemetry.
Learn more about Control for Water (utilities)Control for Gas (utilities)
Gas SCADA, AGI and PRS control with safety on its own fabric.
Learn more about Control for Gas (utilities)Control for Renewables and BESS
Wind, solar and battery sites with strict OEM governance.
Learn more about Control for Renewables and BESSControl for Critical Infrastructure
National-grade security for essential services.
Learn more about Control for Critical InfrastructureIT/OT Convergence Threat
Physically separate IT from operational technology.
Learn more about IT/OT Convergence ThreatQuestions
Frequently Asked
Explore by utility
Sub-sectors under Utilities
Each sub-sector page carries a dedicated reference architecture and the Firevault Control modules that sit at every boundary in that estate.
Water and wastewater
Treatment SCADA, distribution telemetry and dosing safety with a real boundary between office, telemetry and plant.
ExploreGas
Transmission and distribution SCADA, AGI and PRS control with safety systems on their own fabric.
ExploreRenewables and BESS
Wind, solar and battery sites with strict OEM access governance and fleet-to-site separation.
ExploreEnergy (top-level sector)
Transmission, distribution and substation control across EMS, SCADA and IEC 61850.
ExploreSpeak to the team to organise a PoC
Walk through your blueprint with the Firevault team and scope a proof of concept on your estate. 30 minutes, no sales pitch.