Global 24/7 Cybersecurity For Renewable Energy Resources

at
BayWa r.e. Data Services GmbH
The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access.

Network Intrusion Detection with Rhebo support

at
Stadtwerke Bochum Netz
Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times.

Verification of Network Segmentation at German Water Company

at
Waterworks Leipzig
The German water company Leipziger Wasserwerke (LWW) is a subsidiary of the Leipziger Gruppe. With 5 water plants, the company supplies 545,000 people in the Leipzig region with fresh and high-quality drinking water. It also treats 95,000 m³ of waste water per day in 25 sewage treatment plants.

Sabotage Investigation in Logistics Companies

at
Digital Forensics GmbH
Digital Forensics GmbH is a german company specializing in forensic analysis of large-volume network traffic in industry and insurance. The company evaluates cases of damage and analyses cyber attacks. Knowledge of industry-specific protocols such as Profinet, OPC, S7 or IEC61850 as well as their evaluation form a focal point of the work.

Secure Energy Supply For Over 1 Million People

at
Thüringer Energienetze GmbH & Co. KG
TEN Thüringer Energienetze is the largest distribution network operator in the German federal state of Thuringia. Its networks reliably supply more than 1.1 million people, the domestic economy and downstream distributors with energy. TEN provides all infrastructure services for the supply of electricity and natural gas, the connection of decentralized energy resources and, as part of its services, network operation for third parties.

Building Automation cybersecurity for Leipzig data center campus

at
envia TEL GmbH
As a wholly owned subsidiary of the enviaM Group, envia TEL is active in fiber rollout and data center operation and employs around 250 people. Since 2022, the company has been hosting the German internet exchange DE-CIX Leipzig at its data center campus in Leipzig, which connects the metropolitan region of Central Germany to the World Wide Web more closely than ever before.

Real-Time Security and Continuous Improvement Of Energy Supply

at
e-netz Südhessen AG
Anchored in Darmstadt, e-netz Südhessen AG, as a subsidiary of ENTEGA AG, takes care of the secure energy supply and the functioning infrastructure for around one million people in the region - from private households to municipal facilities, operators of solar systems and wind farms to industrial companies, scientific and research institutions.

Defense-in-Depth in the OT networks

at
MEGA, der Monheimer Elektrizitäts- und Gasversorgung GmbH
As a municipal energy supplier and innovative service provider, MEGA is as much a part of Monheim as the Rhine. Personally and locally, we create a warm, bright home for the people of Monheim with a fast digital window to the world. For over 100 years, we have been helping to make Monheim am Rhein a livable and attractive city - for families and companies.

Ensuring ICS Cybersecurity of Energy Providers

at
EWR Netz GmbH
In addition to its core business as a public network operator for electricity, gas and water, EWR Netz GmbH offers many different services with its qualified employees and extensive technical equipment. Regional network operators such as EWR Netz GmbH play an important role in the energy transition, as renewable energies and decentralized generation plants are feeding more and more electricity into the networks.

Intrusion Detection & Mitigation

at
sonnen GmbH
Since 2018, Sonnen GmbH has been the first and so far only provider in Germany to connect private home storage systems to form a virtual power plant. Sonnen GmbH is building an energy system that provides clean electricity at exactly the right time and where it is needed. A system that enables cost benefits for everyone while relieving the strain on the power grid. In addition, the sonnenVPP plays an important role in the energy transition. By stabilizing the energy grids on three continents, the company is ensuring that more and more renewable energies can be connected to the grid, thus accelerating the transition to clean energy.

Mirko Juranic

Network administrator & ISMS coordinator
|
MEGA, der Monheimer Elektrizitäts- und Gasversorgung GmbH
»Our most important goal is to avoid disruptions and security risks in the electricity supply for the citizens of Monheim. With Rhebo’s security concept, we feel well equipped to deal with the growing threat of cyber attacks.«
To story download

Details

Initial situation
Solution
Implementation
Results

Initial situation and challenge

Monheim Elektrizitäts- und Gasversorgung GmbH, or MEGA for short, is the municipal energy and multimedia service provider for the town of Monheim am Rhein, Germany. For more than 100 years, the company with around 130 employees has been working to make Monheim am Rhein an attractive town worth living in for both families and businesses. This also includes a modern energy infrastructure with its own substation, hundreds of intelligent local stations and decentralized energy generation, such as the tenant electricity project in the Berlin quarter of Monheim am Rhein. For MEGA, automation and cyber security of the energy supply go hand in hand. Since 2015, the company has been operating a comprehensive information security management system (ISMS) in accordance with ISO 27001 and has been protecting its critical infrastructure according to the latest standards. The operational technology (OT) runs as an air-gapped solution with its own fiber optic network, sophisticated segmentation and multi-factor authentication in order to control access to sensitive industrial processes in the best possible way. Following the advice of the ISO 27001 auditors, an OT monitoring system was to be added to the security structure in 2023 to include an alarm and intrusion detection system that both detects successful attacks and unsolicited external access (e.g. via stolen credentials) at an early stage, and continuously checks the effectivness of the existing perimeter security.

Solution

OT RISK ANALYSIS AND VULNERABILITY ASSESSMENT

Rhebo Industrial Security Assessment

  • analyze assets and communication structures,
  • identify vulnerabilities and security gaps,
  • define measures for system hardening.
OT NETWORK INTRUSION DETECTION SYSTEM

Rhebo Industrial Protector

  • continuously monitor the OT network communication,
  • identify and analyze cyberattacks, security vulnerabilities, malware, and error states in real time.

ON-DEMAND OT SECURITY SUPPORT

Rhebo Managed Protection

  • conduct periodic vulnerability assessments,
  • regularly evaluate identified anomalies with Rhebo experts,
  • get emergency support.

Implementation and findings

In the search for an OT monitoring solution, ISMS coordinator Mirko Juranic trusted like-minded people. He spoke to various municipal utilities, which are also network operators, about their challenges and experiences with OT monitoring solutions. This also sharpened the requirements specification for MEGA: OT monitoring needed to be easy to integrate and independent of the grid control technology vendor. In addition, due to the existing shortage of specialists, active support was required for implementation, operation and forensics. The aim was and is both to relieve the burden on personnel, and to ensure knowledge transfer to build internal expertise on the subject of OT security through hands-on expert support. Following the initial vulnerability assessment and risk analysis of the OT networks by the Rhebo cyber security analysts, the network- based intrusion detection system Rhebo Industrial Protector was integrated into both the operational and redundant OT networks of MEGA. This ensures that communication from and between the several hundred local stations is continuously monitored for anomalies and conspicuous incidents. Already, various vulnerabilities were identified and eliminated in the first few weeks. These included outdated protocols and firmware versions as well as compromising factory settings on OT components. In addition, the ISMS coordinator and his team now have clarity at all times about how heavily the OT networks are used at specific times and where capacity bottlenecks occur.

To the company website

Results

EXISTING VULNERABILITIES RESOLVED

through asset inventory and visualization of connections and system properties in the OT.

SECURITY TEAM TRAINED IN OT SECURITY

through weekly assessment of anomaly reports with Rhebo OT security experts.

TARGETED CLOSURE OF HIDDEN SECURITY RISKS

by identifying insecure authentication methods used by service providers and employees.

Also interesting

Rhebo Story

Global 24/7 Cybersecurity For Renewable Energy Resources

BayWa r.e. Data Services GmbH

Rhebo Story

Network Intrusion Detection with Rhebo support

Stadtwerke Bochum Netz

Rhebo Story

Verification of Network Segmentation at German Water Company

Waterworks Leipzig

Get in touch with us

Write or call us to discuss your requirements for OT cybersecurity and intrusion detection.
Contact us

Schedule a online demo

Let us show you hands on how Rhebo advances your company’s OT cybersecurity posture.
Schedule an online demo
All rights reserved - Rhebo
Facebook Icon weissLikedIn Icon weiss