How PSG Global Bridged the Gap from Military Infrastructure Security to the Commercial Market

Project vision

When Jeremy Freeze-Skret, Vice President of Engineering at Prometheus Security Group Global (PSG), first approached Cedalo, he explained that their ‘Critical Infrastructure Protection’ solution included a suite of products geared towards infrastructure security.

“These are high-consequence, high-value assets like secure facilities, munitions, and aircrafts – and the protection levels and security requirements for the systems that protect these assets are very stringent.”

Jeremy Freeze-Skret

To ensure these demands were met, the PSG team needed a robust communication protocol engineered with redundancy and reliability.

After selecting MQTT as the core communication protocol, several of the top brokers on the market were considered during PSG’s evaluation process. Their team performed a comprehensive review that covered product-related aspects such as broker performance, security, and efficiency on one side and documentation, support, and pricing on the other. Additionally, they implemented a trial version of Pro Mosquitto and ran rigorous testing, which “showed Pro Mosquitto to be more compact and more efficient in terms of data transmissions,” according to Jeremy.

Along with the performance of the MQTT broker, the PSG team had to consider their customers’ extended sales cycles and deployment periods, which could last 10 to 20 years. So, they were searching for a reliable partner to support them for the long run. Mosquitto met this requirement as it has a proven track record with millions of global deployments since its initial release in 2015.

Moreover, Jeremy elaborated, “It was far easier to work with your team. You were very responsive and listened to our requirements – I felt I was heard. Unlike other vendors we spoke to, who wanted us to follow their standard approach, Cedalo was open to understanding and accommodating the customer’s needs.”

Based on the PSG team’s evaluation criteria, Pro Mosquitto emerged as the most suitable partner and is now a central component of their system architecture.

Solution

Prometheus primarily uses Pro Mosquitto to transport data for mission-critical security applications.

PSG’s system collects data from various sensors and access control devices and then transmits that data to monitoring facilities over a secure broker network. Additionally, the PSG solution facilitates the transmission of command and control signaling from sensors to monitoring facilities and back across the distributed network.

Architecture overview

In essence, PSG’s product is designed to operate in a campus-like environment where smaller facilities operate independently within a larger space. This environment includes numerous layered area control nodes and gateways responsible for specific security areas.

The solution’s architecture is designed with multiple layers to optimize speed and meet high-performance timing requirements to accommodate diverse use cases.

At the Edge layer of the system are the physical components, such as card readers and sensors. The major differentiator in the PSG solution is that the border of zero-trust cybersecurity, device authentication, and encryption is pushed to every single sensing and control node.

Data collected from these devices is then fed into PSG’s Universal Field Panel at the Acquisition & Control Layer, where a single-node Pro Mosquitto is integrated into the side of the gateway. It is a small broker that runs on a Docker container and transports data to the larger High Availability (HA) broker located on the higher level.

Moving up one level to the Facility Server layer is the area responsible for making decisions based on the aggregated data from the levels below. This layer houses Pro Mosquitto’s High Availability implementation, which is utilized by security applications, video surveillance, and security monitoring terminals site-wide. The High Availability version is deployed at this layer to achieve redundancy in the critical communications service. These nodes are geographically separated from one another so that there is no single point of failure in the system.

Another level up to the Enterprise (Cloud/ Hybrid Cloud) Layer is where the information can be pumped into regional operations centers and Physical Security Information Systems (PSIMs).

HA and single-node Pro Mosquitto implementation

The PSG team implemented a combination of multiple single-node Pro Mosquitto MQTT brokers and a three-node High Availability (HA) cluster in their system.

The single-node brokers are deployed in relatively small, self-contained sites, but when these are scaled up across the enterprise, they aggregate into a larger system. At these high data volumes, reliability and redundancy became critical factors and required an HA cluster to fit the architecture.

“What was very attractive about Pro Mosquito was the concept of appropriately sizing subscriptions depending on different factors such as data volume, number of connected MQTT clients, etc. As a result, Cedalo’s flexibility allows us to scale the solution to fit the applications.”

Jeremy Freeze-Skret

Results

PSG is a longstanding, reliable partner and technical leader for clients such as the US Department of Defense and the US Department of Energy. They have extensive expertise in navigating the complexities of this specialized market, particularly in rigorous product certification testing and acceptance processes.

Utilizing Mosquitto has resulted in remarkable achievements for PSG. The outcome is a highly secure and scalable solution ranging from high-availability fault-tolerant clusters in large campus-wide data centers, processing thousands of messages per second, to more granular node-level processing. This allows PSG to tailor solutions precisely for each end user, fostering the growth of their security investment over time.

Moreover, PSG’s partnership with Cedalo and the engineering efforts of their R&D team have culminated in a product they can introduce to the commercial market.

“The Pro Mosquitto broker is an essential component enabling our open architecture, zero-trust solutions to seamlessly integrate with other vendor solutions. This opens opportunities across broader vertical markets dependent on SCADA, IIoT, and Operational Technology (OT) systems such as fire protection, safety, building automation, and industrial control systems.”

Steven Brown, Vice President of Business Development at PSG