Explore the differences between TCXO, OCXO, and Rubidium oscillators in precision timekeeping for telecommunications and industrial applications.
Continue readingSafran SecureSync: A Vital Tool for Ensuring Public Safety in a Connected World
In today’s interconnected world, public safety depends on reliable and secure communication, coordination, and operational precision. From emergency response teams to critical infrastructure operators, organizations must rely on systems that are both secure and accurate. Safran’s SecureSync is a powerful solution designed to meet these needs, offering a blend of precise time synchronization, reliable security, and unparalleled reliability. Here’s why the SecureSync GPS/GNSS -based Network Time Server is a vital tool for enhancing public safety.
The Importance of Time Synchronization
Accurate timing is crucial in various scenarios to maintain synchronization, improve decision-making, and enhance overall effectiveness. SecureSync’s precise timing capabilities ensure that all connected systems and devices operate in harmony, minimizing errors and enhancing situational awareness across public safety operations.
1. Emergency Response Coordination
During large-scale emergencies, first responders—including police, fire, and medical teams—must work in seamless coordination. Precise time-stamping of communications and data logs ensures synchronization across all parties, enabling faster and more effective decision-making during critical situations.
2. Critical Infrastructure Protection
Utilities such as power grids, water supplies, and transportation systems depend on synchronized operations to remain functional and resilient. Timing discrepancies can result in outages, inefficiencies, or vulnerabilities that jeopardize public safety.
3. Event Reconstruction
Following an incident, accurate time-stamped data plays a vital role in forensic analysis, determining the sequence of events, and implementing preventative measures to avoid future occurrences.
SecureSync’s precise timing capabilities ensure that all connected systems and devices operate in harmony, minimizing errors and enhancing situational awareness across public safety operations.
Regulatory Compliance
Many public safety organizations must meet strict timing and security standards. SecureSync is designed to ensure compliance and reliability, helping agencies avoid penalties, maintain operational integrity, and build public trust while supporting long-term system performance.
NERC CIP Standards
For power utilities, SecureSync supports compliance with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection standards, safeguarding the reliability of essential services.
Canadian Data Security Requirements
For organizations handling sensitive information, including law enforcement agencies, systems must align with applicable federal and provincial regulations, such as the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws. These requirements ensure the secure handling, storage, and access of sensitive information.
Alignment with Global Standards:
While Canadian-specific regulations apply, many organizations also align with global frameworks such as ISO/IEC 27001 (Information Security Management Systems) to ensure comprehensive security practices.
Enhancing Resilience
Resilience is key to public safety, ensuring critical operations stay functional under challenging conditions. SecureSync enhances system resilience, helping public safety organizations maintain reliability and deliver essential services during adversity.
Redundant Architectures
With redundant power supplies and timing sources, SecureSync ensures continuous operation, even during component failures.
High Availability
The system’s reliable design minimizes downtime, enabling uninterrupted operation during emergencies or disruptions.
SecureSync addresses the critical need for secure, accurate, and synchronized systems, helping organizations tackle public safety challenges. From real-time coordination during emergencies to protecting vital infrastructure and ensuring compliance, it showcases how innovation drives resilience and reliability.
Telnet Networks proudly supports organizations in achieving their security and synchronization goals with solutions like SecureSync. Contact us today for a consultation or a tailored quote to meet your specific operational needs.
Synchronizing Time in a System of Systems (SoS) in the Process Control Industry
The Complexity of System of Systems in Process Control
Reliable Time Synchronization for Coordination
Accurate time synchronization is fundamental to the coordination of system of systems in the process control industry. Precise and consistent time references facilitate efficient communication, data exchange, and coordinated decision-making across different subsystems. SecureSync offers highly accurate time synchronization, ensuring that all components within the system of systems operate on the same time scale, eliminating discrepancies, and enhancing overall performance.
Seamless Data Acquisition and Control
Critical Infrastructure Protection and Security
Compliance with Industry Standards
Scalability and Flexibility for System of Systems
Conclusion
Unparalleled Efficiency At Scale With SecureSync In Data Operations
Introduction
In the era of big data and distributed systems, achieving efficiency at scale is crucial for data operators. The Safran SecureSync emerges as a game-changing solution, providing unparalleled efficiency and reliability in time synchronization for data operations. We will explore the technical details behind the SecureSync and demonstrate how data operators can gain significant efficiencies at scale by leveraging its advanced features.
Exceptional Precision and Reliability
The SecureSync boasts exceptional precision and reliability, ensuring accurate time synchronization across distributed systems. Its innovative architecture combines precision timing components and advanced technologies, delivering ultra-low phase noise and frequency accuracy. With a holdover stability of <1 µs/day, the SecureSync guarantees uninterrupted synchronization, even in the event of temporary loss of reference signals.
High Scalability and Flexibility
Data operators often deal with expanding infrastructures and evolving requirements. The SecureSync is designed to address these scalability challenges. It supports a high number of simultaneous network clients, accommodating large-scale distributed systems effortlessly. Whether deployed in a small cluster or a global network, the SecureSync seamlessly integrates with existing infrastructure, providing precise time synchronization across all nodes.
Robust Timing Redundancy
The SecureSync ensures reliability in demanding operational environments through its timing redundancy capabilities. It incorporates dual-redundant power supplies and accepts multiple timing sources, minimizing the risk of single points of failure. Redundant timing sources and power supplies guarantee continuous synchronization and prevent disruptions that could impact data operations.
Advanced Network Time Protocol (NTP) and Precision Time Protocol (PTP) Support
SecureSync supports both NTP and PTP, enabling compatibility with a wide range of distributed systems. NTP provides accurate time synchronization for applications that require millisecond-level accuracy, while PTP offers sub-microsecond synchronization for applications with stringent timing requirements. The SecureSync’s ability to support both protocols ensures flexibility in integrating with various data operations, optimizing performance and efficiency.
Compliance and Traceability
Data operators often face stringent compliance requirements and the need for traceability in their operations. The SecureSync addresses these concerns by adhering to industry standards for time synchronization. It provides traceable and auditable event timestamps, facilitating compliance with regulatory frameworks and simplifying the audit process for data operations.
Comprehensive Management and Monitoring Capabilities
To efficiently manage and monitor distributed systems, the SecureSync offers advanced management and monitoring features. Its intuitive web-based interface allows for centralized control, configuration, and monitoring of multiple SecureSync units. The interface provides real-time status updates, performance metrics, and alerts, ensuring proactive management and facilitating rapid troubleshooting.
Conclusion
The SecureSync from Safran empowers data operators to achieve unparalleled efficiency at scale in their distributed systems. With exceptional precision, scalability, redundancy, protocol support, compliance adherence, and comprehensive management capabilities, the SecureSync proves to be a reliable and efficient solution for accurate time synchronization.
By leveraging the technical capabilities of the SecureSync, data operators can ensure seamless data operations, mitigate risks of inconsistencies, and optimize performance at scale. With its advanced features and robust design, the SecureSync emerges as a key enabler for data operators seeking efficiency, reliability, and compliance in their distributed data environments.
CYBERSECURITY: Hardening Security On Your SecureSync®/NetClock 9483
Sometimes they’re in search of specific practices for time servers and clients. Sometimes, because SecureSync®/9483 is part of critical infrastructure, they may not fully understand all the issues related to timing, such as GNSS jamming/spoofing, NTP vulnerability or the various types of network attacks.
Generally speaking, the correct answers are specific to each networking infrastructure and each customer’s policies. However, there are some general guidelines to follow to harden security on your SecureSync®/9483, and this document should help. It covers the following areas and explains how to use each to prevent cyberattacks:
- Authentication and authorization
- HTTPS and SSL
- SSH
- SCP
- SFTP with public/private support
This document also consolidate the recommendations from various product manuals into one handy location. They identify each security feature, shows default settings and offers recommendations about whether you should choose to enable it.
To make it easier, we’ve also provided links to the online manuals for each protocol — so configuration help is just a click away.
Supporting Material
TECH TIP: SECURESYNC 1200 SECURITY HARDENING RECOMMENDATIONS
Time Synchronization for Secure Networks Using Fiber
Government and military networks often utilize the concept of unclassified networks vs classified networks to manage levels of information security. Since a complete “air-gap” around a highly sensitive network is not practical, every data connection is evaluated as a security risk.
When it comes to accurate synchronization traceable to time standards on a classified network, we lose the ability to deploy a GPS receiver due to restrictions on wireless connections. The best choice for a “wired” connection is fiber optics since they do not emit nor receive electromagnetic energy. In its SecureSync synchronization platform, Orolia has deployed fiber optics for the transfer of any digital synchronization signal that can be utilized for synchronization of isolated networks.
A pair of SecureSyncs are deployed on opposites sides of a security boundary. The unit on the unclassified network is deployed with a GPS receiver and transmits highly accurate timing data to the unit on the classified network via IRIG time code. Then this “IRIG slave” operates as the master clock for all time-sensitive devices on the classified network. In this scheme, a single master can serve many isolated networks via multiple IRIG ports.
The IRIG connection is one-way. IRIG time code is not a communication protocol therefore, there are no requests nor hand-shaking. A time and date message is streamed point-to-point. The transmitter of IRIG data cannot receive any information and the receiver cannot transmit any information to comply with the practices of network isolation.
At the time of this writing, Orolia utilizes Avago Technologies’ fiber optic ports (transmitter P/N = HFBR-1414TZ; receiver P/N = HFBR-2416TZ). However, if further qualification is required contact us to verify the current configuration.
Accurate Time with Network Isolation
- Compatible with SIPRNET and NIPRNET
- No wireless connection (GPS receiver)
- One-way communication via IRIG timing protocol does not allow unauthorized access
- Fiber optic connections protect against unauthorized access
SecureSync as a Flexible Time and Frequency Reference
- GPS master deployed on unclassified network
- IRIG slave deployed on classified network
- IRIG signaling via 820 nm multi-mode ST fiber connectors)
- IRIG DCLS option with 4 outputs (model 1204-1E) on master
- IRIG DCLS option with 1 input and 2 outputs (model 1204-27) on slave
Cybersecurity: Hardening security on your SecureSync
Customers frequently seek information and recommendations from Orolia about hardening security, including general guidelines about available network security features, jamming and spoofing deterrence, bug fixes, and networking-related issues.
Sometimes they’re in search of specific practices for time servers and clients. Sometimes, because SecureSync® is part of critical infrastructure, they may not fully understand all the issues related to timing, such as GNSS jamming/spoofing, NTP vulnerability or the various types of network attacks.
Generally speaking, the correct answers are specific to each networking infrastructure and each customer’s policies. However, there are some general guidelines to follow to harden security on your SecureSync®, and this document should help. It covers the following areas and explains how to use each to prevent cyberattacks:
- Authentication and authorization
- HTTPS and SSL
- SSH
- SCP
- SFTP with public/private support
This document also consolidates the recommendations from various product manuals into one handy location. They identify each security feature, shows default settings and offers recommendations about whether you should choose to enable it.
To make it easier, we’ve also provided links to the online manuals for each protocol — so configuration help is just a click away.
Don’t hesitate to call upon us for help with your timing applications, and be sure to ask us about other ways to harden your timing chain with Resilient PNT (positioning, navigation and timing) solutions that provide signal protection in the event of an outage, interference/detection/mitigation, and GNSS simulation to identify issues before they affect your critical infrastructure.
Two problems need to be solved in any time-related application:
- Which clock is used as the reference for all other clocks
- How to transfer the time from the reference clock to all other clocks
The solution is to use a master clock as your reference. Master clock systems are used in a wide variety of applications and industries including aerospace and defence, broadcast, radio and telecom, network systems, financial services, emergency operations, call centers, and healthcare — essentially anywhere reliability of data and signals are paramount.
What is a master clock?
A core feature of all master clock systems is that they accept precise timing reference signals as input. It is a rare case for a master clock to be free-running and not continuously synchronized, or at least compared against an external reference. Orolia’s SecureSync modular time and frequency synchronization system can accept over 14 different signal types to discipline its local clock. This system can then generate a similar number of signal types to synchronize other devices. In case of loss of the external reference (or any redundant references), the local clock maintains timing accuracy using a local clock oscillator until the reference(s) can be restored. Several different clock oscillators are offered depending on the accuracy required during the “hold over” period.
Network master clocks can distribute their timing references over local or wide area networks. Master clocks with wireless transmitters enable synchronization of devices like display clocks without having to run wires between them for the synchronization signal. There are also highly accurate master clock solutions that utilize copper or fibre connections for precise analog and digital signal distribution, such as IRIG timecode signals.
Orolia offers a variety of master clock systems to meet the requirements for your application of accurate time. Learn more about flexible SecureSync Master Clocks
NTP Over Anycast. The Easy Way to Sync Clients and Servers
What Is NTP Over Anycast?
NTP (Network Time Protocol) over Anycast mode is a software technology that allows two (or more) NTP servers to sync clients via a single IP address.
NTP is a packet network-based synchronization protocol to sync a client clock to a network master clock.
Anycast is a networking methodology using standard routing protocols where messages are routed to one of a group of potential receivers via a single Anycast address, thus significantly simplifying the configuration management for the larger pool of clients.
NTP over Anycast, available in both SecureSync® and NetClock®, is a combination of the two concepts, allowing them to:
- Associate one of their network ports to an Anycast IP address
- Remove themselves as an available time source if the reference is lost or degraded, or vice versa
Though NTP clients typically need to be individually configured with the IP address(es) they are to sync with – even when using NTP over Anycast mode – this mode allows the clients to be configured with one address instead of multiple and lets the “nearest” available time server to respond to the request.
How It Works
- Configure an Anycast IP address to any Orolia network interface.
- NTP server responds to client requests as directed by the configured routing protocol so long as the time server is in sync.
- NTP server becomes “unavailable” if the time server goes out of sync or a problem with its reference is detected. Client requests are directed to the “next-nearest” server, which is also configured with the NTP over Anycast address.
- NTP server is automatically made available when synchronized.
When to Use NTP Over Anycast
Configuring NTP clients for mission-critical timing using NTP servers with static IP addresses can be problematic for large deployments across several network and geographic boundaries. Referencing an NTP server by hostname with existing DNS infrastructure can help, but still requires a lot of configuration.
For Anycast-enabled networks, the ability to route NTP requests to several potential servers via a single IP address, without any specific client configuration, offers the simplest, most reliable, most scalable approach.
Benefits to You
- Reduce latency, increase availability, improve scalability of NTP deployments.
- Simplify the management of a reliable wide-area NTP deployment with redundant stratum-1 servers.
- Leverage the ability of a “smart” NTP server for a simple NTP client implementation.
How to Get NTP Over Anycast
Contact Us for more information or, for currently fielded units, to receive the application software upgrade.