- German Federal Office for Information Security (BSI) publishes recommendation »Monitoring and anomaly detection in production networks«
- Recommendation provides information on the risk factors and defines requirements for monitoring solutions
- Rhebo contributed audit information on typical anomalies as well as the core requirements for the systems to the white paper
Leipzig / Bonn, Germany, 7 March 2019 - The German Federal Office for Information Security’s (BSI) strongly recommends the use of anomaly detection in industrial control systems (ICS) in its new white paper named »Monitoring and anomaly detection in production networks«. Rhebo has made a significant contribution to this white paper, which was published at the end of February. Results from Rhebo’s own Industry 4.0 Stability and Security Audits and long-term monitoring projects formed the basis for the definition of system requirements.
The BSI positions monitoring systems with industrial anomaly detection as an integral part of the security strategy according to the standards ISO 27001 and IEC 62443.
The experts assess the anomaly detection as »a suitable method to detect operating conditions, to generate warnings and, if necessary, to enable more effective forensics. [...] it is not a static system that acts on the basis of fixed or known threat patterns (e.g. an indexed computer virus). Rather, the anomaly detection continuously re-evaluates the standard communication of the respective network. This allows a dynamic adaptation to changes of risk vectors and thus the detection of yet unknown behavior patterns in the network that are not yet recorded in any virus or error state list.«
On seven pages, the white paper analyses the functions of monitoring and industrial anomaly detection, further defining the functional and technical requirements for respective solutions.
Accordingly, an anomaly detection must be able to detect anomalies on three levels in addition to basic functions of ICS communication analysis and visualization:
- Extraordinary or unusual activities in the (ICS) network
- Extraordinary events in production-typical (ICS) protocols
- Extraordinary changes in process data (e.g. sensor data, control data).
Industry and critical infrastructures have started to recognize those challenges. At this year's Hannover Messe from 1 to 5 April, Rhebo will therefore present its industrial anomaly detection system Rhebo Industrial Protector not only at its booth in Hall 6/B30. The solution will also be on display at the booth of the drive and control technology manufacturer Bosch Rexroth (Hall 17/A40) as an integrated anomaly detection within a complex (I)IoT environment.
The whitepaper can be downloaded from the webpage of BSI’s Alliance for Cyber-Security: https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/downloads/BSI-CS/BSI-CS_134E.html?nn=6656412
Rhebo is a German company that specializes in the reliability and resilience of industrial companies and critical infrastructure. With its solutions and services, Rhebo monitors and analyzes all data communication within industrial control systems, reports anomalies in real-time, thus increasing the cybersecurity and productivity of industrial control systems. Rhebo is one of the top 30 industrial security providers in Gartner's »Market Guide for Operational Technology Security 2017«. The company is also a member of Teletrust - Bundesverband IT-Sicherheit e.V. and Bitkom e.V.