1
SecuringCriticalInfrastructure whileEnabling
Innovation, Transformation,and Resiliency

2
From the Bottom of the Oceans… to the Depths of Space & Cyberspace
Over 80,000
employees
68 Countries
Global presence
1bn € Self-funded
R&D*
*Does not
include externally financed
R&D
Sales in 2019
19bn €
€
Digital Identity
and Security
Defence and
Security Aerospace
Space
z
Ground
Transportation
Thales
Global Business Areas
#1
Worldwide in data
protection
#1
Worldwide in air traffic
management
#2
Worldwide in civil
satellite systems
#2
Worldwide in rail
signaling
#2
Worldwide in inflight
entertainment
#3
Worldwide in
commercial avionics
#1
European provider of
advanced sensors
#1
Worldwide in safe &
smart airport solutions

3
World Leader in Data Protection
130+
PARTNERS
PARTNERSHIPS
WITH LEADING
PROVIDERS OF
CLOUD COMPUTING,
DIGITAL PAYMENTS
AND MORE
DATA
PROTECTION
FOR 21NATO
COUNTRIES
PROTECTION OF THE
WORLD’S BANKING
TRANSACTIONS 80%
SECURITY FOR 19OF THE
20 LARGEST BANKS
YEARS OF
SECURING THE
WORLD’S MOST
SENSTIVE DATA
DEEP EXPERTISE AND
TRACK RECORD IN
APPLIED
CRYPTOGRAPHY
40+
SECURITY FOR 4OF THE 5
LARGEST ENERGY COMPANIES
LONGSTANDING
HISTORY OF INDUSTRY
CERTIFICATIONS AND
VALIDATION

4 Thales Group Open
An Unrivalled Data Protection Portfolio for Encrypting Everything
The Market Leading Data Encryption Products
in Support of your Data Security Strategy
payShield HSM
Luna
Network HSM
Thales
Cloud HSM
On Demand
#1
#1
#1
Payment HSMs
General Purpose HSMs
Cloud HSMs
#1 Key Management
#1Data Encryption
Thales CN Series
High-Speed Network Encryptors
#1Network Encryption
Thales
CV1000 Virtual
Encryptor
CipherTrust Data Security Platform

5
The nextgenerationof critical infrastructure
relies on innovation
Technological innovation is driving the next generation of critical infrastructure, allowing enterprises to improve service,
optimize operations, and ultimately deliver better value to stakeholders
Analyze Optimize Deliver
Analyze data in big data repositories
and leverage artificial intelligence (AI)
to power better decision making.
Optimize operations by acting on
insights quickly using all digital
controls to manage distributed
infrastructure such as “Smart Grids”.
Deliver on commitments to
customers with digital customer
experience, better reliability, lower
cost, and adoption of renewables.
Gather Communicate Aggregate
Gather valuable information through
sensors, cameras, and drones
throughout the infrastructure
footprint.
Communicate data in real time
through IoT and other connected
systems.
Aggregate data in central
management consoles to automate
remote production or distribution
facilities.

6
Utilities and energy industries advance digital
transformation
Critical infrastructure sectors, such as utilities and energy, are adopting new
platforms and environments at a fast pace, transforming the capabilities of both
their Information Technology (IT) and Operational Technology (OT) platforms.
1: ReportLinker.com: IoT in Utilities Market by Component, Application, Region - Global Forecast to 2024
2: Power-Technology.com: Big data and modelling data: Encoord on data in energy
3: ReportLinker.com: Global Artificial Intelligence (AI) in Energy Market: Focus on Product Type, Industry Applications, Funding – Analysis and Forecast, 2019-2024
4: DailyEnergyInsiderr.com: Utilities increasingly turn to cloud software, despite security concerns
Spending on Internet
ofThings (IoT) Big Data analytics
Spending on Internet of Things (IoT) in the
utilities sector is set to grow by 85% in five
years, providing connectivity and a host of
new possibilities to a widely distributed
infrastructure.1
The Big Data analytics market in the energy
sector is expected to grow 70% by 2026,
allowing enterprises to gain insights faster for
better decision making and competitive
advantages.2
Artificial Intelligence
(AI) Cloudadoption
Artificial Intelligence (AI) usage in the energy
industry is expected to grow 22.5% a year in
the energy sector, helping increase efficiency
and automate decentralized power
generation.3
Cloud adoption by utilities has grown from
45% to 71% in just 3 years, helping advance
customer experience, and address the needs
of data management and processing.4
85%
Growth in spending
on IoT in 5 years
70%
Increase in Big Data
spending until 2026
22.5%
CAGR of AI in the
energy sector
71%
Adoption of
cloud by utilities

Ransomwareattacks
The averagecost
ofcyberattacks
Ransomware attacks hit 649 critical
infrastructure entities in US alone according
to the FBI, and 80% of critical infrastructure
organizations experienced a ransomware
attack in 2021.7
The average cost of cyber attacks in the
energy sector reached US$4.65M according
Ponemon Institute cost of data breach report.
The largest share of the cost is composed of
lost business and reputational damage.8
7
Hacker groups target weaknesses in critical global
infrastructure
The devastating cyberattack that derailed a pipeline operator for a week and
impacted 45% of the U.S. East Coast’s fuel supply in 2020 was an eye opener for
the broader public as to the vulnerability of the critical infrastructure sector.
5: World Economic Forum: Protecting critical infrastructure from a cyber pandemic
6: Skybox Security: Cybersecurity risk underestimated by operational technology organizations
7: FBI: Ransomware hit 649 critical infrastructure entities in 2021
8: IBM & Ponemon Institute: Cost of Data Breach Report
Cyberattacks OperationalTechnology(OT)
Cyber attacks on critical infrastructure
organizations in the US alone have increased
by 300% in 2021 according to the World
Economic Forum.5
Operational Technology (OT) proved a major
vulnerability for the critical infrastructure
sector, with 83% of organizations suffering OT
cybersecurity breaches in the last 36 months.6
300%
increase in cyber
attacks on critical US
infrastructure in 2021
83%
of critical infrastructure
organizations suffered OT
cybersecurity breaches
649
ransomware
attacks
in 2021 targeted
critical
infrastructure in the
US
$4.65m
was the average
cost of cyber attacks
in the energy
sector in 2021

8
Protectingtier 1
data across
Hybrid IT for global
energy provider
Protecting high value data on-premises
and in the cloud
Challenge
• A highly regulated global energy company with operations in multiple countries
needed to protect high-value data across multiple platforms.
• Even though the customer already had advanced security, it wanted the highest level of
security for its most sensitive “tier 1” data to protect against not only external attacks, but
also insider privilege abuse and government subpoenas.
• The customer also needed to ensure no downtime when protecting production data.
Solution
• Thales CipherTrust Transparent Encryption was deployed to protect a wide variety of
formats and data stores.
• Granular controls allowed only specific data to be decrypted when needed by authorized
users while keeping encrypted all other data, whether on-premises or in the cloud.
• CipherTrust Live Data Transformation allowed the energy company to protect
production data with minimum downtime.
Results
• Addressed Federal Energy Regulatory Commission (FERC) and GDPR regulatory
requirements as well as global and regional mandates and standards.
• Achieved protection in the cloud against subpoena or external and internal threats with
Bring Your Own Encryption (BYOE) platform for multiple cloud instances.
• Enabled the protection of live data without moving databases offline for critical
with large and essential datasets, such as SAP Hana on premises and in the cloud.
Case Study

9
Protect critical infrastructure
communicationsfor major energy
operator
End-to-end high-speed encryption for critical
data in motion during pandemic
Challenge
• A major UK energy operator needed to connect to other utilities via the National Grid
Network.
• Data within the network is of critical national importance and mandates stipulate that the
highest levels of security be deployed.
• High performance end-to-end encryption of data in motion was required to ensure data
was secure.
• Deployment had to be done remotely because of the start of the COVID 19 pandemic.
Solution
• Thales CN6010 High Speed Encryptors were deployed by the energy operator to
protect sensitive data in motion between the energy utility and the National Grid
Network.
• The FIPS 140-2 Level 3 and Common Criteria CN6010 provided high speed
communication with the highest levels of standards-based security.
Results
• Protected sensitive data communicated between the utility and the network and was
able to immediately detect manipulated data packets and shut down compromised
transmissions.
• Improved overall resilience of energy infrastructure by delivering large volumes of data
at high speed for analysis and action.
• Achieved quick deployment by remotely designing, delivering, and deploying the
solution within 3 months even with the COVID 19 pandemic in full swing.
Case Study

10
10
Business Challenges
Movement of Large Volumes
of Sensitive Data
Dedicated Layer 2 Network
infrastructure
Multi-site, hub and spoke
topology
Physical intrusion
safeguards
Prevent Data Corruption or
Injection
Compliance Obligation and
Business Continuity

11
Secure High Speed Communications
Ethernet Encryption Between Datacenters
Challenge:
• Securing the Smart Grid
• Safety, traceability &
Transparency is vital to business
• Risk factors identified include
wire tapping and data
manipulation
• Enable Data Security without
compromising performance and
data integrity

12
Thales High Speed Encryption
Thales High Speed Encryption (HSE) protect data in motion
across high-speed networks.
Dedicated encryption devices offering maximum security without
impacting on network or application performance.
Features
Efficiency
• Excellent TCO through a mix of network bandwidth
savings, ease of management and longevity
• FPGA technology for maximum operational flexibility,
including use of custom encryption and in-field
upgradability
Security
• Certified FIPS 140-2 L3, CC, NATO, UC APL
• True end-to-end, authenticated encryption
• State-of-the-art encryption key management
Performance
• Operating anywhere from 10 Mbps or 100 Gbps
• Zero/Low overhead
• Microsecond latency
Versatility
• Supports any network topology
• Flexible, centralized and remote management
• Support for flexible encryption at Layer 2,3 & 4
Data-in-Motion Security without Compromise

13
CV1000 CN4000 Series
CN6000 Series
• 100 Mbps-1 Gbps Ethernet Encryptor
• Certified, low-cost, high-performance
• Small form factor ideal for remote locations
• Hardened virtual encryption function
• Ideal for Software Defined Networks (SDN) and
Server-to-Server communications
• 1 to 10 Gbps Ethernet Encryptor
• Rack-mountable, fully redundant robust design
• Ideal for private networks and datacenter
interconnects
CN9000
Series
• Certified mulitpoint 100Gbps encryptors
• Designed for next gen datacenters and core
networks
HSE Products at a Glance

14
HSE for traditional networks
▌Data Center to Data Center
Lowest overhead – up to 100Gbps performance
Maximum security
▌SCADA/CCTV/Edge
Message Integrity
Micro-Second Latency
▌Core Networks
Supports full mesh and hub-and-spoke environments
All products interoperate

15
HSE for next generation networks
▌SD-WAN
vHSE supports uCPE and VNF environments
Concurrent L2/3/4 Support
▌5G
Max throughput and low latency
VLAN based encryption for network slicing
▌Cloud
VPC-to-VPC
East West Traffic

16
Transport Independent Mode by Thales High Speed Encryption
Allows to Enable Encryption at Different Network Layers. From
Layer 2 up to Layer 4
POLICY TOPOLOGY DESTINATION
Multi-layer
Encryption
Topology-based,
Max Load Encryption
Destination Defined
LAYER 2
Data Link
Layer
LAYER 3
Network
Layer
LAYER 4
Transport
Layer

17
17
Transport Independent Mode Benefits
Retain traffic visibility even
in the presence of
encryption
Simpler troubleshooting
with tunnel free encryption
Works on MPLS networks
with Carrier/ISP managed
CE routers.
The flexibility to encrypt
where it most makes sense

18
Crypto Agility – Control and future proof
▌User Control
User establishes security policy
Full control of keys; lifecycle management
Bring your own – Curves, Entropy, AES Modifications
Supports Zero Trust architecture
▌Field programmable
Field updates w/o performance degradation
Post-Quantum Crypto (PQC) Support
▌Separation of Duties
Outperforms legacy solutions (i.e. IPSec and MACsec)
Extends life of encryption solution and other network elements (routers/switches)
Quantum Resistant
Algorithms
Choice of
algorithms
Support for customer
curves and entropy
Quantum-ready
(compatible with
QKD)
Upgradable
Ciphers
Quantum
Entropy
sources
Hybrid
Quantum/Cl
assical
Certificates
In-field programmable
FPGA encryption
engine

19
Live Testing – HSE hardware vs. IPsec hardware
Measured Throughput (1427 Frame)
Toronto to Quebec City through wired ENCQR 5G Transport Core

20
Packet Comparisons – IPsec vs. Thales HSE
Thales AES-256 Encryption Over IP +28 Bytes
IP Packet in Ethernet Frame
IPsec ESP-AES-256 ESP-SHHA-HMAC +76 Bytes
ORIGINAL UNSECURED PACKET
ORIGINAL PACKET WITH IPSEC
ORIGINAL PACKET with Thales HSE Encryption
Difference between Original Packet and IPsec
Diff between
orig. &
Thales
DA SA
S-
tag
E-
Ty
pe
IP-Header
UDP
Header
RTP
Header
UNENCRYPTED
PAYLOAD
FCS
GCM AUTH
DA SA
S-
tag
E-
Ty
pe
IP-Header
UDP
Header
RTP
Header
ENCRYPTED
PAYLOAD
FCS
SHIM
Encrypted
PAYLOAD
DA SA
S-
tag
E-
Ty
pe
IP Tunnel
Header
ESP
Header
IP GRE Header IP-Header
UDP
Header
RTP
Header
ENCRYPTED
PAYLOAD
FCS
ESP Pad and
Timer
ICV
ESP-AES IV
Improved Performance
&
Better Security
Common Transport Overhead
Additional Security Overhead
Data Payload

21
The Thales HSE Difference – Better Security, Better Performance
IPSEC Thales HSE
Data Rate through 1Gbps Link 255 Mbps 983 Mbps
Average Network Efficiency 45% 93%
Average Latency 4.0 MILLI seconds 40 MICRO seconds
Average Jitter 15 Microseconds 0
FIPS Certification YES YES
Common Criteria Certified YES YES
AES 256 Algorithms YES YES
Control over Key Material NO YES
Quantum Safe NO YES
Better
Performance
Better
Security

22
22
Key Thales HSE Benefits
Maximum
Security
Zero Impact on
Network Performance
Prevents Injection of
Rogue Data
Physical Intrusion
Safeguards – Tamper
Resistant Hardware
Scalable and
Interoperable
Ease of Deployment
and Management
Versatile, in-field
Encryption
Low Total Cost of
Ownership