Cyber Attacks & Disruptions In Distributed Energy Resources
Distributed energy resources (DER) and in particular renewable energy resources (RES) are most at risk from attacks due to their remote location far from the control room. SCADA systems, IEDs and local PLCs can be hijacked by adversaries undisturbed and via the simplest methods.
In addition to the loss of power and profit, damage to equipment can result. In the event of fleet shutdowns, even grid stability is at stake.
How Vulnerable Are Distributed Energy Resources?
In 2017, Dr. Jason Staggs demonstrated the inevitable at DEFCON, the oldest and largest underground hacker conference. Using a common Rasperry Pi and publicly available software, he managed to take control of several wind turbines in a very short time. The hack was not detected by the existing security mechanisms. It would have been easy for him to damage the wind farm via repeated hard stops or to put it into ransom mode. In the latter case, he would have shut down the entire wind farm or threatened to damage it until a ransom was transferred by the owners.
Central Visibility Of All Local Activities
In order to immediately detect man-in-the-middle attacks, local manipulation and sabotage attempts, monitoring of all communication processes within DER's local operating networks and operational technology networks is required.
A modern intrusion detection system combines seamless OT monitoring with anomaly detection and threat detection – thus providing the critical visibility into your OT infrastructure required by most security regulations, NIST, IEC 62443 and ISO 27001. It enables you to detect changes in your distributed OT at an early stage and prevent disruptions to energy management in a timely manner.
Comprehensive Cybersecurity For DER
The Rhebo next generation intrusion detection system enables end-to-end monitoring of the distributed infrastructure. Rhebo Industrial Protector non-intrusively analyzes and visualizes all devices and the complete data traffic within the local operating networks and OT networks. Communication changes occurring in the plants, related to cyber attacks, tampering, scans and technical error conditions, are detected, assessed, documented and reported to the control room in real time.
Monitoring is implemented at the distributed sites via cost-effective software sensors on existing edge devices or as hardware. Rhebo Industrial Protector fully supports specific DER protocols such as OPC, IEC 60870-5-104, IEC 61850-8-1 and DNP3, amongst others.
Network security managers in energy companies can thus implement a holistic, end-to-end intrusion detection system (IDS) in accordance with international standards and national regulations.
-
Solution Brief Renewable Energy Resources
-
OT Risk & Maturity Assessment
-
Success Story BayWa r.e.
