Middle River Power specializes in repositioning existing, safe, critical resources with co-located and hybrid renewable development projects. Founded in 2016 with just four employees, Middle River Power has rapidly scaled its business to include over 50 employees and 34 power plants. But with business growth comes new challenges, particularly for the security team responsible for remotely managing the information technology (IT) and operational technology (OT) for all Middle River Power facilities located throughout the US.

Lack of visibility across remote power plants

When Ahmed Ibrahim, Director of Operations for Middle River Power, first joined the organization, he found that they had very little visibility into the OT of their remote plants. “The red flags went up,” he said, having witnessed the real-world impact of a cyber attack on critical infrastructure. When a major fuel pipeline on the East Coast was forced to shut down for six days in the wake of a ransomware attack, it triggered widespread shortages, panic buying, and price spikes across the region. “That was a wake-up call—we needed to take action to gain complete visibility across our facilities to protect both our business and the communities that depend on us.”

Deploying to 34 networks – quickly and seamlessly

Middle River Power manages power plants across the United States, including California, Texas, Illinois,Pennsylvania, New Jersey, Virginia and West Virginia. So, in addition to increasing visibility, they needed a modern security system that could be deployed quickly and easily to all 34 power plants –  without causing disruption to plant operations.  

Middle River Power’s list of criteria for a new solution factored in the challenges of being a distributed business. Their solution needed to be:

• Fully automated and require as little analyst interaction as possible
• A seamless experience for plant operators that introduced no additional burden or resource requirements  
• Quick and easy to deploy across all 34 power plants without business disruption
• Easily managed remotely across all plants
• AI-powered but operating directly within the OT infrastructure – without the risks posed by a connection to external clouds

Ibrahim found compelling customer success stories and insights on the Darktrace website detailing the value of Darktrace for both IT and OT. Intrigued, he reached out to Darktrace for additional information. “They were able to explain everything in plain English and had an entire roadmap essentially already built out detailing the deployment process, required resources and timeframes.” While the company evaluated several other modern security solutions, they chose Darktrace / OT for threat detection and response based on several factors, including:

• Validation of Darktrace technology by global industry-leading customers  
• OT domain expertise
• Fully automated threat detection and autonomous response, powered by AI
• Complete visibility across all facilities through a single pane of glass

Purpose-built to meet OT compliance regulations

Darktrace / OT demonstrated success securing OT environments was an important factor in Middle River Power’s decision. “Because our OT environment is essentially off the grid, we needed a solution that didn't reach for any cloud application, especially with the NERC CIP the North American Electric Reliability Corporation Critical Infrastructure Protection) rules changing and the possible implications those could have,” said Ibrahim.

Intuitive interface

The sophisticated and intuitive Darktrace user interface “was a huge key factor in our decision to choose Darktrace,” said Ibrahim. Working in front ends that are complex and require navigation across numerous windows wasn’t a viable option for their business. “But the Darktrace interface is incredibly easy to read and navigate,” said Ibrahim. “I would equate Middle River Power to an F1 racer with no brakes. We have no time to stop. We need to identify and fix the problem and keep things moving. And that’s what Darktrace helps us do.”

Middle River Power initially deployed Darktrace / OT to one of its smaller power plants. “Darktrace responded as expected. There were no issues; nothing holding us back from deploying it throughout the rest of the fleet,” said Ibrahim.  

Easy and rapid deployment

For the first few Darktrace / OT deployments, Ibrahim’s team traveled to the individual power plants to install the appliances on site. “It’s an incredibly straightforward and quick process. One of the installs took me just 10 minutes,” he said. Eventually, they found it wasn’t necessary for their team to perform the deployments in person. “It is such an easy and seamless process that we now have Darktrace send the appliances directly to the facilities, and the power plant operators are able to complete the installs themselves.”

Fortified security with autonomous response

Darktrace’s Cyber AI Analyst is empowering the security team by autonomously investigateing alerts, streamlineing investigations and prioritizing incidents – freeing analysts to focus on higher priorities and proactive cybersecurity measures. Between September 19 and December 19 of 2024, Darktrace’s Cyber AI Analyst conducted 521 investigations on behalf of Ibrahim’s team. Of those investigations, only 20 contributed to an incident that warranted further investigation from a human analyst. With the organization’s threat detection and response fully automated 24x7, Ibrahim says they now have greater peace of mind. For example, if Darktrace detects a significant threat in the middle of the night, the solution will take measures to immediately stop the threat and alert Ibrahim’s team to further investigate. “Prior to Darktrace, it could have taken several hours before a threat was even detected, much less investigated and triaged. Using Darktrace the entire detection and response process happens within a matter of minutes, if not seconds,” said Ibrahim.

Reduced operational costs and insurance premiums

With Darktrace now managing most of the organization’s threat detection and response efforts, Middle River Power has significantly reduced operational costs. Within the first 19 days of December 2024 alone, Darktrace / OT averaged 23 minutes per investigation and saved Ibrahim’s team 94 investigation hours. “Darktrace has been a huge money and time saver for our organization,” said Ibrahim. Prior to Darktrace, skilled analysts were managing network threat detection and response manually. “Darktrace has taken that manual work off our plates so we can focus more on proactive cybersecurity measures.”  

Middle River Power’s fortified cybersecurity posture has received high praise from the organization’s insurance company. “They were especially impressed that Darktrace is a fully automated system that not only detects and eliminates threats but also remediates threats without requiring operator interaction,” said Ibrahim. “Our risk score decreased as a result, which lowered our insurance premiums.”

Full visibility across all power plants

Today, Middle River Power has complete network visibility across all 34 power plants, which has enabled the organization to identify points of vulnerability and uncover unexpected security and operational issues.

Misconfigured ISP impacted network performance: One of the biggest eye openers, said Ibrahim, was identifying an external issue that affected their master appliance. All Middle River Power appliances report to that master appliance, which then pushes the data out to the Darktrace service. Darktrace identified a significant volume of unidirectional traffic, which uncovered an issue with how their internet service provider (ISP) had configured their connections. “The ISP was limiting our bandwidth due to a simple error. If we didn’t connect Darktrace, we would never have uncovered the mistake. Once we rectified that issue, our network performance improved dramatically and we suddenly had no latency whatsoever,” said Ibrahim.

Errant remote desktop connections and assets: Darktrace / OT uncovered loopholes within the company’s network that enabled employees to remotely connect into machines they should not have had access to. In addition, the solution catalogs all assets it sees in the network and identified several devices within various power plants that should have been completely off network.  

Expanding cyber resilience with Darktrace

To further support their proactive cybersecurity capabilities, Middle River Power is exploring the possibility of using Darktrace / OT to automatically cut off connections between individual plants and the outside world in the event of a significant threat. Using AI-powered automation capabilities, “Darktrace could immediately detect and investigate the severity of a threat and automatically shut down necessary connections to isolate the threat and stop it from spreading, which would give us time to get to the site to investigate,” said Ibrahim.

Given the issues they experienced with their ISP, Middle River Power is considering the option of deploying a Darktrace cloud appliance within their OT environment to use as their master appliance. Additionally, Ibrahim says based on their success using Darktrace for OT,  their may be an opportunity to use Darktrace within their IT environment to further enhance their security posture. While their existing third-party security solutions are successfully detecting potential threats, it may take hours after an incident before the team receives the alert – possibly due to service degradation. “By augmenting our existing security solutions with Darktrace, we would receive those alerts instantly and have the ability to stop cyber threats in their tracks,” said Ibrahim.