How Austria’s essential services can implement the BDEW-/ÖE-Whitepaper on ICS security

  • Whitepaper »Requirements for secure control and telecommunication systems« by Oesterreichs E-Wirtschaft (OE) and BDEW defines strict measures for essential services
  • Technical requirements include complete detection of manipulation attempts as well as continuous monitoring.
  • Rhebo guideline »BDEW /OE whitepaper in practice« explains tangible solutions for the implementation of measures

Leipzig, Germany, March 12, 2019 - Essential services such as energy, water management and oil/gas companies are called upon by the Austrian Programme for Critical Infrastructure Protection (APCIP) to ensure the reliable and secure operation of their control and telecommunications systems in a holistic, sustainable and verifiable manner. However, the programme leaves it largely open as to how secure operation is to be implemented in the essential services.

The paper »Anforderungen an sichere Steuerungs- und Telekommunikationssysteme« (Requirements for secure control and telecommunications systems) published by Austria's E-Wirtschaft (E-Economy) and the German Federal Association of Energy and Water Management (BDEW) therefore translates these provisions into technical requirements and defines detailed measures. Accordingly, complete network transparency and documentation, secure remote access, complete protection against malware and consistent segmentation are identified as core elements.

Christian Schöpf, Sales Director Rhebo for Austria and Switzerland explains:

»The operators of essential services are faced with the challenge of monitoring their control networks in detail and protecting them from any disruption without clear instructions. However, the Defense-In-Depth principle in particular represents a paradigm shift. Where perimeter protection has traditionally been established as the ultimate solution, the focus must now be on the inner workings of the industrial control systems. That means nothing less than establishing a state-of-the-art system that analyzes all processes in the network and reports conspicuous events in real-time. Advanced Persistent Threats as well as technical error states are usually not located at the network boundaries. In our guideline, we therefore explain how operators use industrial anomaly detection to achieve the necessary transparency about the assets and communication processes in their control systems in order to implement the complex requirements of the BDEW/OE whitepaper in the best possible way«.

The Chief Information Security Officers and IT/OT managers of essential services will gain the previously absent visibility in their networks, a proactive early warning system and create a sound basis for higher-level network condition monitoring and forensic data analysis. This enables them to effectively protect their industrial control systems and against malfunctions such as cyber attacks, manipulation and technical failures, and to guarantee security of supply.

The guideline »BDEW /OE Whitepaper in Practice« is available under:

About Rhebo

Rhebo is a German company that specializes in the reliability and resilience of industrial companies and critical infrastructure. With its solutions and services, Rhebo monitors and analyzes all data communication within industrial control systems, reports anomalies in real-time , thus increasing the cybersecurity and productivity of industrial control systems. Rhebo is one of the top 30 industrial security providers in Gartner's »Market Guide for Operational Technology Security 2017«. The company is also a member of Teletrust - Bundesverband IT-Sicherheit e.V. and Bitkom e.V.


Jens Pacholsky
Public Relations Rhebo GmbH
Tel. +49-341-393-790-180