Electricity Energy Substation Cyber Security

OT & IIoT Security Compliance

Implement standard and legal requirements for intrusion detection & defense-in-depth in OT networks

Industrial security laws and standards increase compliance pressure

Comply to legal and international standards requirements

For many corporations compliance with national security laws and international standards has become a driving factor for implementing and operating a threat and intrusion detection systems.

With its hands-on solutions and focus on critical infrastructure, Rhebo has been helping companies comply with country- and industry-specific legislation, guidance and standards for many years – closing the gaps of a SIEM that focuses primarily on IT.

National OT & IIoT security compliance

Italy

Legislative decree 65/2018: implements the EU NIS Directive that requires countries to supervise its critical infrastructure and services.

NCSP (105/2019): imposes specific obligations on essential operators to secure networks, information systems and services pivotal to the life and function of the nation.

DPCM 81/2021: defines rules for reporting IT/OT security incidents, cybersecurity measures and obligation of evaluation of security measures after ICT assets changed.

Rhebo OT monitoring with anomaly detection forms the foundation for asset discovery, risk analysis, intrusion detection and incident reporting in operational technology networks.

Spain

CIP law (law 8/2011):implementing measures for the protection of critical infrastructure.

RD 43/2021: requirements for best risk management for network and information systems in critical sectors

Ámbitos de la Seguridad Nacional: Protección de Infraestructuras Críticas: special security obligations of public administration as well as operators of critical infrastructure.

Rhebo OT monitoring with anomaly detection forms the foundation for asset discovery, risk analysis, intrusion detection and incident reporting in operational technology networks.

Sweden

Lag om informationssäkerhet för samhällsviktiga och digitala tjänster: implements the EU NIS Directive in regards to information security for providers of critical infrastructure and digital services.

Säkerhetsskyddslag (SFS 2018:585): imposes specific obligations on security-sensitive entities and business to prevent information security incidents and damages.

Säkerhetsskyddsförordning (2021:955): defines specific security measures for critical infrastructures including risk analysis, incident reporting and threat detection.

Rhebo OT monitoring with anomaly detection forms the foundation for asset discovery, risk analysis, intrusion detection and incident reporting in operational technology networks.

Compliance with security standards

ISO/IEC 27000 ff.

The ISO/IEC 27000 family of standards is the basic international framework for an Information Security Management System (ISMS). It has become a cornerstone standard for corporations, companies and institutions worldwide, currently comprising 63 sub-standards under its umbrella.

Beside recommending management best practices, several standards within the family provide technical guidance on OT cybersecurity in the electrical sector (ISO 27019) as well as network security (ISO 27033) and application security (ISO 27034).

Rhebo OT monitoring with anomaly detection forms the foundation for end-to-end threat and anomaly detection in operational technology networks.

IEC 62443

The international standard IEC 62443 "Industrial communication networks - Network and system security" is the most important and widely used standard for establishing a cybersecurity system in operational technology networks.

The cornerstone of the standard is the concept of Defense-in-Depth, which includes a threat and intrusion detection that is effective even when attackers have gained access to a network.

Rhebo OT monitoring with anomaly detection forms the foundation for Defense-in-Depth operation including risk analysis, continuous monitoring and threat detection in OT networks.

>> DOWNLOAD IEC 62443 WHITE PAPER