Guide: Waterproof ICS Security in Water Companies

  • Water companies are next victims of cyber attacks
  • Germany propagates Defense-in-Depth with industry standard B3S Water/Wastewater
  • Rhebo Guideline explains how network monitoring with anomaly detection supports waterproof ICS security

Leipzig, Sep 03, 2019 - Rhebo publishes a detailed guide to ICS security requirements in modern water companies since the industry is becoming increasingly threatened due to the effects of digitalisation. The leading technology consultancy Booz Allen Hamilton already warns that cyber criminals will expand their focus from energy supply companies to water companies. In particular, state-backed attacks for espionage, manipulation and sabotage will increase. The company advises the US government on cyber risk assessment and cites the use of IoT-enabled devices and WLAN as high risk factors for water supply and treatment.

Since August 2017, the German sector-specific security standard (B3S) Water/Wastewater has been the basic instrument for the water sector for implementing basic IT security requirements of the Federal Office for Information Security (BSI). The web-based IT security guide recommends over 540 steps to ensure industrial security. The challenge for those responsible in water companies is the wise selection, combination and implementation of suitable actions for their Industrial Control Systems (ICS). In essence, the more open, automated and interactive the ICS is controlled, the more stringent measures must become.

IoT and remote control threaten security of supply

»At the latest when water companies control their plants via remote access or an Internet connection, they should ensure that they are notified of any changes within their ICS,« notes Klaus Mochalski, CEO of Rhebo. »When interactive or automated data exchange is added between IoT components of remote facilities and the central control room, detailed real-time traffic analysis is required to ensure data integrity and authenticity. Classical firewalls and intrusion detection systems are reaching their limits here. Neither do they see what is going on within the ICS, nor do they have sufficient capabilities to analyze industry-specific communication down to the value level.«

In the newly published guide »B3S Water/Wastewater in Practice - The Role of Network Monitoring and Anomaly Detection in the Stable Operation of Industrial Control Systems«, Rhebo analyses the requirements arising from the German Water/Wastewater standard and explains how network monitoring with anomaly detection closes these security gaps. In particular, network transparency, asset inventory, risk analysis and the identification of unknown or new types of threats are discussed. These are fundamental aspects of an integrated security strategy based on Defense-in-Depth for the ICS in water companies.

The guide is available in German under:

About Rhebo

Rhebo is the only company providing cybersecurity as well as stability for industrial control systems (ICS) in industrial and critical infrastructure companies. The German company’s solutions monitor all communication within the ICS, and reliably report attacks, vulnerabilities as well as technical error states. Thus, Rhebo supports operators of ICS to increase cybersecurity, productivity and availability of their systems and plants, and to safeguard the digital transformation of their processes. 

In this role, the company is actively involved in the Alliance for Cyber Security of the Federal Office for Information Security (BSI), the Teletrust - Bundesverband IT-Sicherheit e.V. and the Bitkom Security Management Working Group to develop standards and technical guidance. 

Contact Rhebo
Jens Pacholsky
Public Relations Rhebo GmbH
Tel. +49-341-393-790-180