Global 24/7 Cybersecurity For Renewable Energy Resources

at
BayWa r.e. Data Services GmbH
The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access.

Network Intrusion Detection with Rhebo support

at
Stadtwerke Bochum Netz
Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times.

Verification of Network Segmentation at German Water Company

at
Waterworks Leipzig
The German water company Leipziger Wasserwerke (LWW) is a subsidiary of the Leipziger Gruppe. With 5 water plants, the company supplies 545,000 people in the Leipzig region with fresh and high-quality drinking water. It also treats 95,000 m³ of waste water per day in 25 sewage treatment plants.

Sabotage Investigation in Logistics Companies

at
Digital Forensics GmbH
Digital Forensics GmbH is a german company specializing in forensic analysis of large-volume network traffic in industry and insurance. The company evaluates cases of damage and analyses cyber attacks. Knowledge of industry-specific protocols such as Profinet, OPC, S7 or IEC61850 as well as their evaluation form a focal point of the work.

Secure Energy Supply For Over 1 Million People

at
Thüringer Energienetze GmbH & Co. KG
TEN Thüringer Energienetze is the largest distribution network operator in the German federal state of Thuringia. Its networks reliably supply more than 1.1 million people, the domestic economy and downstream distributors with energy. TEN provides all infrastructure services for the supply of electricity and natural gas, the connection of decentralized energy resources and, as part of its services, network operation for third parties.

Real-Time Security and Continuous Improvement Of Energy Supply

at
e-netz Südhessen AG
Anchored in Darmstadt, e-netz Südhessen AG, as a subsidiary of ENTEGA AG, takes care of the secure energy supply and the functioning infrastructure for around one million people in the region - from private households to municipal facilities, operators of solar systems and wind farms to industrial companies, scientific and research institutions.

Defense-in-Depth in the OT networks

at
MEGA, der Monheimer Elektrizitäts- und Gasversorgung GmbH
As a municipal energy supplier and innovative service provider, MEGA is as much a part of Monheim as the Rhine. Personally and locally, we create a warm, bright home for the people of Monheim with a fast digital window to the world. For over 100 years, we have been helping to make Monheim am Rhein a livable and attractive city - for families and companies.

Ensuring ICS Cybersecurity of Energy Providers

at
EWR Netz GmbH
In addition to its core business as a public network operator for electricity, gas and water, EWR Netz GmbH offers many different services with its qualified employees and extensive technical equipment. Regional network operators such as EWR Netz GmbH play an important role in the energy transition, as renewable energies and decentralized generation plants are feeding more and more electricity into the networks.

Intrusion Detection & Mitigation

at
sonnen GmbH
Since 2018, Sonnen GmbH has been the first and so far only provider in Germany to connect private home storage systems to form a virtual power plant. Sonnen GmbH is building an energy system that provides clean electricity at exactly the right time and where it is needed. A system that enables cost benefits for everyone while relieving the strain on the power grid. In addition, the sonnenVPP plays an important role in the energy transition. By stabilizing the energy grids on three continents, the company is ensuring that more and more renewable energies can be connected to the grid, thus accelerating the transition to clean energy.

Michael Freitag

Group Manager Datacenter
|
envia TEL GmbH
»Although the building automation isn't connected to the internet, Rhebo has helped us proactively find security vulnerabilities and anomalies in the control system. Rhebo Industrial Protector and regular support enable us to make these visible and eliminate them at an early stage.«
To story download

Details

Initial situation and challenge

As a wholly owned subsidiary of the enviaM Group, envia TEL is active in fiber rollout and data center operation and employs around 250 people. Since 2022, the company has been hosting the German internet exchange DE-CIX Leipzig at its data center campus in Leipzig, which connects the metropolitan region of Central Germany to the World Wide Web more closely than ever before. However, private customers and commercial enterprises can also use the data centers, which currently provide 3,000 mÇ of space (set to increase to 5,000 mÇ from 2025), to securely manage their data and host services. The data centers fall under the German Critical Infrastructure regulations and are subject to special security requirements for the early detection of cyberattacks and to avoid disruptions to critical infrastructure. This also includes the cybersecurity of the building automation systems. The building control system not only supplies the tens of thousands of servers with power and cooling, but also secures access to the data centers and ensures fire protection. As part of the necessary certifications according to ISO 27001, DIN EN 50600, and in accordance with the TÜViT criteria catalog, Rhebo’s OT monitoring with anomaly detection was deployed in October 2022.

Solution

RISK ANALYSIS AND VULNERABILITY ASSESSMENT

Rhebo Industrial Security Assessment

  • Analyze assets and communication structures
  • Identify vulnerabilities and security gaps
  • Define measures for system hardening

INTRUSION DETECTION SYSTEM FOR THE OT

Rhebo Industrial Protector

  • Continuously monitor building control system communication
  • Identify and analyze cyberattacks, security gaps, malware, and error conditions in real time

MANAGED OPERATION OF THE SECURITY SOLUTION

Rhebo Managed Protection

  • Conduct regular vulnerability assessments
  • Regularly evaluate reported anomalies with Rhebo experts
  • Get emergency support

Implementation and findings

In October 2022, Rhebo carried out its first Rhebo Industrial Security Assessment of data centers 1 and 2 of envia TEL. This created full visibility across all systems and connections in the control system that are crucial for a sustainable asset management and security concept. It also brought unfavorable configurations and security risks to light which then could be directly addressed. These included the cyber hygiene of service companies as well as legacy systems and problems with systems that send data to the outside world. The Intrusion Detection System Rhebo Industrial Protector installed in the control system went into continuous operation after initial baselining. It has since monitored communication within the building management control system 24/7. In the first year, OT monitoring enabled the security team to eliminate unencrypted communications, localize unreachable services, and identify outdated operating systems, firmware, and protocols that pose a security risk. For more complex issues, envia TEL can rely on Rhebo's expertise by discussing critical or unclear anomalies in detail in regular meetings. This allows the security team to bridge the prevailing skills gap and continually expand its knowledge on OT security.

Results

STRENGTHENED ASSET MANAGEMENT

with visualization of all systems, devices, as well as their connections and communication quality.

REAL-TIME ERROR AND INTRUSION DETECTION

with continuous monitoring of the entire control system communication and of suspicious events.

KNOWLEDGE BUILDING IN THE COMPANY

and bridging of the skills gap through regular incident analysis with Rhebo experts.

Also interesting