- Water companies are increasingly becoming targets for sophisticated cyber attacks
- Rhebo showcases comprehensive ICS security with success story at Leipziger Wasserwerke (LWW)
- Rhebo Industry 4.0 Stability and Security Audit ensures vulnerability-free industrial control system at German water company
Leipzig, Germany, October 24, 2019 − Booz Allen Hamilton, a renowned US technology consultancy, recently reported that water companies will have to expect more professional hacker attacks in the future. According to the analysts, who also advise the US government on cyber security, the water industry will become the next target of state-sponsored hacker groups in particular.
German water companies, too, have long been aware of this danger. In 2018, Saxonian Leipziger Wasserwerke created a comprehensive network security concept. Among other things, this includes a strict separation (segmentation) between corporate IT and the industrial control system of water supply and sewage plant systems. This is intended to prevent critical plant control components from being accessed via Internet-capable applications. However, the existing connections between ICS and office IT are complex and not as easy to identify. In addition, there is a multitude of systems and devices whose security level is unknown or outdated. Vulnerabilities only become apparent during operation − often when it is already too late. Of course, for Leipzig Wasserwerke a disruption of supply is not an option. The company supplies 545,000 people with fresh drinking water from five utilities. In addition, 25 sewage plants treat 95,000 m³ of wastewater daily for reintroduction into natural waters.
For this reason, Leipziger Wasserwerke carried out a Rhebo Industry 4.0 Stability and Security Audit. Together with the IT security service provider Softline, Rhebo analyzed the entire infrastructure, its assets, connections and communication patterns in detail. The main objective was a complete inventory of all assets and systems in order to achieve complete transparency of all agents and connections. Furthermore, the detailed analysis made it possible to clearly verify whether and where there are still vulnerabilities in the ICS. With the audit and the network monitoring software Rhebo Industrial Protector, the Leipziger Wasserwerke were able to verify and ensure that the segmentation and new security mechanisms function without any vulnerabilities.
»The audit has given us a clearer picture of all processes in our complex industrial control system,« Falk Richter, team leader IT Systems and Applications at Leipziger Wasserwerke confirms. »This enabled us to analyze all communication traffic extensively and check the ICS specifically for vulnerabilities. We were impressed by the smooth process. The direct development of effective measures optimally prepared us for future cyber security risks.«
Rhebo is the only company providing cybersecurity as well as stability for industrial control systems (ICS) in industrial and critical infrastructure companies. The German company’s solutions monitor all communication within the ICS, and reliably report attacks, vulnerabilities as well as technical error states. Thus, Rhebo supports operators of ICS to increase cybersecurity, productivity and availability of their systems and plants, and to safeguard the digital transformation of their processes.
In this role, the company is actively involved in the Alliance for Cyber Security of the Federal Office for Information Security (BSI), the Teletrust - Bundesverband IT-Sicherheit e.V. and the Bitkom Security Management Working Group to develop standards and technical guidance.
Public Relations Rhebo GmbH