Secure SCADA Gateway
• Secure TCP to Serial Gateway
• With an integrated Bell 202T modem
• Modbus RTU/ASCII/ROC and DNP3 SCADA protocols are transparently supported
• AES Encrypted Packetized SCADA Data
Rear Panel: Redundant 10-30 VDC Option
Rack Mount and Power Supply Options
Black•Gate 202T
SECURE SCADA Gateway
Black•Gate 202T
SECURE SCADA Gateway
SIZE
9" (L) x 7.3” (W) x 1.50” (H)
Overview
SCADA Serial TCP Gateway with Integrated 202T Modem
The Black•Gate 202T is a secure TCP to Serial Gateway, with an integrated Bell 202T modem, that interconnects Ethernet TCP/IP SCADA Master Controllers to the serial SCADA interface of Remote Terminal Units that have 202T modems.
Pipeline operators and Utilities deploy the Black•Gate 202T to facilitate SCADA communications to PLC, RTU's, Flow Computers, or Gas Analyzers over IP/MPLS Ethernet based wired or wireless networks. Modbus RTU/ASCII/ROC and DNP3 SCADA protocols are transparently supported.
Telecommunication Service providers have announced their plans to discontinue the leasing of the 4-wire analog circuits that are employed by SCADA systems to provide connectivity to remote facilities. The imminent termination of Telco service coupled with their significant price increases is motivating the transition to IP packetized technology.
The Black•Gate utilizes industrial grade hardware components and state of the art secure software.
Black•Gate Security
The Black in Black•Gate is derived from the nomenclature used by the NSA to indicate that classified information is secure. SCADA connnections control the elements that make up Critical Infrastructures and their messages must be secured.
The Black•Gate boots up secure, configured to establish an IPSEC AES encrypted VPN connection to the SCADA Controller network. Public Key Certificates provide Authentication of the VPN.
Black•Gate Multi-Drop
Black•Gate NERC Redundancy
NERC -CIP mandates control center redundancy. RTUs must be accessible from, and be able to connect to, backup control centers.
Black•Gate continuously monitors connectivity to the active control center and automatically switches to the active backup control center.
- NERC mandates for control center redundancy
- Preserves investment in RTU & Central ⁻⁻ SCADA
- Control Center redundancy with IP flexibility
- Supports up to four redundant control centers
- Redundant and diverse connectivity
Black•Gate Management
Black•Gate management access is limited to encrypted sessions via TLS, SSH, or SNMPv3, that employ AES 256 bit keys and sophisticated NIST approved passwords. These sessions may be established after authentication via TACACS+ or Radius. Administration and User Logs are available with Syslog.
Secure Boot, a combination of hardware and firmware, is employed to ensure that the only code executing on the Black•Gate is trusted by Engage.Secure Boot, a combination of hardware and firmware, is employed to ensure that the only code executing on the Black•Gate is trusted by Engage.The signature of each piece of boot software, including firmware drivers, the operating system and applications is validated. Code Signing must be done for upgrades to be implemented.
NERC CIP Compliance
The Black•Gate installations achieve NERC CIP compliance with a combination of internal and external functions.
The Management interface has the sophistication to implement comprehensive policies and privileges for administrator and user accounts.
Administrator policy includes removal, disabling or renaming.Interoperability with external functions such as Syslog, Network Timing Protocol, TACACS+ and Radius with its support for RSA SecureID delivers trusted compliance.
Electronic Security Perimeter
The Black•Gate in combination with industry standard services meets the Electronic Security Perimeter's NERC CIP-005 specifications.
CIP-005 Requirement & IP•Tube CEP Solutions
R2.1 - Deny Access by Default
Solution: Accounts must be created to allow access
R2.2 - Enable only needed ports
Solution: Each Port may be enabled or disabled
R2.4 - Strong Technical Controls
Solution: RSA's SecureID two-factor Authentication
R3.2 - Unauthorized Access
Solution: Alert messages via Syslog or TACACS+
R5.3 - Access Logging
Solution: Syslog of Access and Command interactions
CIP-005 Requirement
IP•Tube CEP Solution
R2.1 - Deny Access by Default
Accounts must be created to allow access
R2.2 - Enable only needed ports
Each Port may be enabled or disabled
R2.4 - Strong Technical Controls
RSA's SecureID two-factor Authentication
R3.2 - Unauthorized Access
Alert messages via Syslog or TACACS+
R5.3 - Access Logging
Syslog of Access and Command interactions
System Security Management
Access control is Authenticated, Authorized and Accounted for with Radius or TACACS+.
Security Patches managed proactively.
CIP-007 Requirement
IP•Tube CEP Solution
R2.1-3 - Ports and Services
Unused Serial Ports and Services are disabled
R3 - Security Patch Management
Kernel and application upgrade alerts
R5.3 - Secure Passwords
Require minimum length, strength, frequencyRequire minimum length, strength, frequency
R6.4 - Security Status Logs
Syslog and AAA via TACACS+
CIP-007 Requirement & IP•Tube CEP Solutions
R2.1-3 - Ports and Services
Solution: Unused Serial Ports and Services are disabled
R3 - Security Patch Management
Solution: Kernel and application upgrade alerts
R5.3 - Secure Passwords
Solution: Require minimum length, strength, frequencyRequire minimum length, strength, frequency
R6.4 - Security Status Logs
Solution: Syslog and AAA via TACACS+
Specifications
LAN Network Interface
- Two 10/100BaseT Full/Half Ethernet
- Auto negotiation or Configurable Speed and Duplex
LAN Network Protocols Supported
- IP, TCP, UDP, ICMP, Telnet, DHCP, DDNS, SSH
- Network Time Protocol - NTP
202T Interfaces
- 1-4 Bell 202 T interface (Specify number of ports needed when ordering)
Interface Baud Rate
Asynchronous: 1.2 Kilobits persecond
Protocols Supported
- DNP3-TCP/IP, ModBus-TCP/IP; ASCII; ROC
ROCSCADA Encryption Algorithm
- AES 256-bit
- Fully Automatic key management
Quality of Service Support
- IP Type of Service (TOS) CLI configured
- 802.1p/q mac level prioritization
Regulatory
- CE
- Safety -IEC60950
- EMC - CFR 47 Part 15 Sub Part B:2002, EN55022: 1994 + A1 & A2, EN55024, ICES-003 1997, CISPR 22 Level A
- Telecom TBR12, TBR13
Management
- Secure Socket Shell - SSH
- Console Port for Out of Band Management
- SNMPv3 Public and Private MIB with configurable traps
- Syslog with NTP Time Stamping
- Authentication, Authorization & Accounting
- TACACS+, RADIUS, 2 Factor Authentication
Environmental
- 0° to 132° F (-10° to 50°C) operating
- 90% operating humidity (non-condensing)
- Optional Extended Temperature (-40°C to 70°C)
Dimensions
- Dimensions: 9" (L) x 7.3” (W) x 1.50” (H)
Environmental
- 0° to 132° F (-10° to 50°C ) operating temperature
- Up to 90% operating humidity (non-condensing)
- Optional Extended Temperature Range available
Rear Panel/Power
- 12-30 VDC, 1.0A.
- Screw Locking Connector
- 100/240 VAC 50/60 Hz International Adapter
- Optional -48V 0.25 Amp
- Hot Standby with 2nd Power Module and Redundant power Options
Ordering Information
Rack Mount & Power Supply Options:
Part No.
Description
GW-007-202T-0x*
BlackGate 202T, *Note: x = Specified Number of 202T Ports enabled (1 to 4)
Optional Features
Optional Features
EXT
Extended Temperature, -40C to 70C
RED
Redundancy Option, Redundant SCADA Controller
Power Supply Options
Power Supply Options
094-2418
90-220 VAC Universal International/Domestic Adapter
094-2418-R
DUAL REDUNDANT, 90-220 VAC Adapter
094-N48V
Internal Power Module, -48 VDC Screw Terminals
094-N48V-02
DUAL REDUNDANT, -48 VDC Screw Terminals
094-1500
WIREDC Option, +24 VDC Screw Terminals
094-WIREDC-R
DUAL REDUNDANT, +24VDC
Rack Mount Options
Rack Mount Option
095-1000
Rack Mount Kit - for single 7" products (Fits both 19" and 23" racks)
095-2000
2 unit 19" x 1RU Rack Mount Kit for 7" products
095-3000-RTANG
Right Angle Wall Mount Bracket Kit
