Analysis of the Demilitarized Zone Implementation in Java Madura Bali Electrical Systems to Increase the Level of IT/OT Cyber Security With the Dual DMZ Firewall Architecture Method

Abstract

Information Technology (IT) and Operational Technology (OT) are important parts of the electricity utility. SCADA is an example of an OT that must be managed by a utility so that the electricity system runs properly. The electricity utility must guarantee the availability and reliability of the electricity supplied, including IT and OT systems. This system must be equipped with appropriate cyber security methods in order for IT and OT to remain reliable. Based on previous research, it is necessary to apply a method to separate IT, OT, and public area networks. One method that has been applied before is the Demilitarized Zone (DMZ) method, which aims to separate the OT network from the IT network. DMZ development can be in the form of a Dual Firewall DMZ, with the use of front-end and back-end firewalls. To improve this aspect of cyber security, Indonesian electricity utilities apply a more advanced method called Dual DMZ Firewall Architecture Method. Dual DMZ functions to separate between IT and OT networks and between IT and Wide Area Network (WAN). Based on the test results, the implementation of Dual DMZ can guarantee a more reliable level of IT and OT security that supports electricity systems in Indonesia. Implementation of dual DMZ can reduce high severity threats up to 99.98%, vulnerabilities up to 99,98% and spyware up to 100%. Dual DMZ implementation also reduces fraud and exploit kit threats up to 100% and code execution up to 99.98%.