Cybersecurity and process stability in Energy (Case Study)

, Leipzig
Case Study Energy Rhebo
  • Rhebo releases case study for industrial anomaly detection in critical infrastructure
  • Energy provider gains complete visibility in his remote control system thanks to Rhebo Industrial Protector
  • The anomaly detection reported several incidents indicating network problems and cyber attacks

Leipzig, Germany, May 23, 2018 - Critical infrastructure are subject to increasing networking of facilities and processes. The effects of this development on cyber security were recently demonstrated by the hacker attack on the networks of the large German energy provider EnBW. A currently unknown hacker group had infiltrated the IT infrastructure of EnBW subsidiary Netcom BW. But operational process stability and continuity are also affected. Results from a continuous network monitoring project at an energy provider show that both potential threats are of importance.

In 2017, Rhebo Industrial Protector, an industrial anomaly detection system, was installed at a German energy provider for seamless monitoring of its remote control system. The energy company thus reacted to the growing threats to their Industrial Control Systems (ICS).

Several hundred individual components were found in the remote control system, which could potentially be attacked. In addition, with the solution the company met the requirements of the German IT Security Bill, the industry standard ISO 27002 and the recommendations of the BDEW. These require both a complete detection of any suspicious events in the information technology infrastructure and a detailed reporting of incidents that could impair supply security.

Complexity of ICS is increasing

Since the implementation of the network monitoring, several communication processes have been identified in real-time, which could lead to disruptions in supply security. These anomalies were not only security-relevant processes. Also, communication structures were found that pointed to hidden network problems and misconfigurations.

On the side of industrial security / cyber security, unencrypted SMB and NetBIOS protocols were found that allowed unwanted remote configuration and file sharing.

Furthermore, the transmission quality in the remote control system was jeopardized by various previously unknown network errors. These included checksum errors, retransmissions, missing packets in TCP handshakes and TCP traffic at the end of the connection.

Continuity, Compliance and Industrial Security

With Rhebo Industrial Protector, the energy supplier has achieved complete visibility into participants and communication relationships within its remote control systems. As an integral component of the ISMS, industrial anomaly detection thus also sustainably and efficiently supports the network operator in setting up industrial security in accordance with legal and normative requirements.

You can download the case study on

About Rhebo

Rhebo is a German technology company that is specialized in ensuring the operational reliability of industrial control systems by monitoring control communications. Rhebo provides hardware, software and services to secure networked industrial control systems and Critical Infrastructure as well as to increase productivity. Rhebo is listed as one of the 30 top providers for industrial security in Gartner’s »Market Guide for Operational Technology Security 2017«. The company is member of Teletrust – IT Security Association Germany.


Rhebo GmbH
Kristin Preßler (COO)
Spinnereistr. 7
04179 Leipzig

Phone: +49-341-393-790-180
Mobile: +49-162-1002085