During a Rhebo Industrie 4.0 stability and security audit in the network of a customer whose company belongs to the Critical Infrastructures, it was noticed that several network participants tried unsuccessfully to establish connections. This mainly affected time-critical communication of the widely used IEC-60870-5-104 protocol.
Immediate notifications of connection attempts
Dies offenbarte sich, da Rhebo Industrial Protector diese Vorgänge umgehend meldete. Gemeldet wurden beispielsweise Verbindungsversuche, die abgelehnt wurden, Anfragen, die aktiv abgewiesen wurden sowie generell TCP-Verbindungen ohne jegliche Nutzdaten.
All clear: Malfunction
Using the visualization of the processes possible with Industrial Protector, it was quickly found that the cause was the malfunction of a network device. When there was no improvement even after resetting this device, it was replaced without further ado. After that, there were no more connection problems.
System Shutdown and Re-Setup
This type of problem can severely disrupt time-critical communication in particular, which is widespread in such networks, and thus represents a high potential risk to the security of supply. Rhebo Industrial Protector is able to visualize any type of network anomaly, ensuring the security and availability of the network.
The detected malfunction would have remained undetected without anomaly detection within the Critical Infrastructure Operator's network. Any drops in supply security could result in malfunctions. In this case, costly investigations of the network would have had to follow a shutdown. The costs would have been enormous.
Rhebo Industrial Protector provides comprehensive transparency of all operations and devices in the network. A first step towards comprehensive supply and cyber security is a Rhebo Industry 4.0 stability and security audit.