- Low number of IT security messages from critical infrastructures to the German Federal Office for Information Security (BSI) suggests lack of diagnostic capabilities
- Common security solutions do not report long-term hacker campaigns or in-network failures
- New white paper on duty of incident reporting in critical infrastructure shows how to detect near-incidents, and assess events
Leipzig, Germany, 01/15/2019 - Rhebo publishes a white paper on the implementation of the duty of incident reporting in critical infrastructure and so-called essential services in Germany, Austria and Switzerland. The white paper specifically addresses those aspects of the duty that are difficult to implement for many operators responsible for the network control systems:
- Reporting of incidents that are not classified as malicious when they occur but can lead to impairments in the future;
- Assessment of the significance of incidents;
- Reporting of all details of an incident.
High threat risk, low visibility
Cyberattacks such as Industroyer and Dragonfly 2.0 have shown how sensitive infrastructure is, how professional and long-term attackers act and what effects they have on supply security.
Between June 2017 and May 2018, however, only 46 incidents were reported by German energy and water companies to the Federal Office for Information Security (BSI). On the other hand, there are currently over 800 million malware programs (with a growth rate of 400,000 per day) as well as countless unknown or unpatched security vulnerabilities active. In addition, there are multi-stage attack campaigns, which often remain undetected in corporate networks for months to years - like Industroyer and Dragonfly 2.0 have impressively proven. Results from Rhebo Industry 4.0 Stability and Security Audits of critical infrastructure network control systems confirm an obvious assumption: the majority of incidents in networks are not detected by common security solutions such as firewalls & Co. This applies in particular to incidents:
- which overcome or bypass firewalls;
- which arise within the network control system itself;
- which have a long-term effect and therefore do not appear relevant at first glance;
- for which it is not clear whether they can lead to a significant impairment of the infrastructure.
The white paper »Duty of Incident Reporting in Critical Infrastructures - Requirements and Implementation for Energy Producers, Utilities and Water/Wastewater Companies in the German-speaking Area (DACH)« addresses the detection and documentation of these incidents. Based on the requirements of laws, standards and guidelines, it explains how industrial anomaly detection creates transparency and can help closing the gaps.
Download link to the white paper: https://rhebo.com/de/meldepflicht/
Rhebo is a German company that specializes in the reliability and resilience of industrial companies and critical infrastructure. With its solutions and services, Rhebo monitors and analyzes all data communication within industrial control systems, reports anomalies in real-time, thus increasing the cybersecurity and productivity of industrial control systems. Rhebo is one of the top 30 industrial security providers in Gartner's »Market Guide for Operational Technology Security 2017«. The company is also a member of Teletrust - Bundesverband IT-Sicherheit e.V. and Bitkom e.V.
Public Relations Rhebo GmbH