Global 24/7 Cybersecurity For Renewable Energy Resources

at
BayWa r.e. Data Services GmbH
The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access.

Network Intrusion Detection with Rhebo support

at
Stadtwerke Bochum Netz
Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times.

Verification of Network Segmentation at German Water Company

at
Waterworks Leipzig
The German water company Leipziger Wasserwerke (LWW) is a subsidiary of the Leipziger Gruppe. With 5 water plants, the company supplies 545,000 people in the Leipzig region with fresh and high-quality drinking water. It also treats 95,000 m³ of waste water per day in 25 sewage treatment plants.

Sabotage Investigation in Logistics Companies

at
Digital Forensics GmbH
Digital Forensics GmbH is a german company specializing in forensic analysis of large-volume network traffic in industry and insurance. The company evaluates cases of damage and analyses cyber attacks. Knowledge of industry-specific protocols such as Profinet, OPC, S7 or IEC61850 as well as their evaluation form a focal point of the work.

Secure Energy Supply For Over 1 Million People

at
Thüringer Energienetze GmbH & Co. KG
TEN Thüringer Energienetze is the largest distribution network operator in the German federal state of Thuringia. Its networks reliably supply more than 1.1 million people, the domestic economy and downstream distributors with energy. TEN provides all infrastructure services for the supply of electricity and natural gas, the connection of decentralized energy resources and, as part of its services, network operation for third parties.

Building Automation cybersecurity for Leipzig data center campus

at
envia TEL GmbH
As a wholly owned subsidiary of the enviaM Group, envia TEL is active in fiber rollout and data center operation and employs around 250 people. Since 2022, the company has been hosting the German internet exchange DE-CIX Leipzig at its data center campus in Leipzig, which connects the metropolitan region of Central Germany to the World Wide Web more closely than ever before.

Real-Time Security and Continuous Improvement Of Energy Supply

at
e-netz Südhessen AG
Anchored in Darmstadt, e-netz Südhessen AG, as a subsidiary of ENTEGA AG, takes care of the secure energy supply and the functioning infrastructure for around one million people in the region - from private households to municipal facilities, operators of solar systems and wind farms to industrial companies, scientific and research institutions.

Defense-in-Depth in the OT networks

at
MEGA, der Monheimer Elektrizitäts- und Gasversorgung GmbH
As a municipal energy supplier and innovative service provider, MEGA is as much a part of Monheim as the Rhine. Personally and locally, we create a warm, bright home for the people of Monheim with a fast digital window to the world. For over 100 years, we have been helping to make Monheim am Rhein a livable and attractive city - for families and companies.

Ensuring ICS Cybersecurity of Energy Providers

at
EWR Netz GmbH
In addition to its core business as a public network operator for electricity, gas and water, EWR Netz GmbH offers many different services with its qualified employees and extensive technical equipment. Regional network operators such as EWR Netz GmbH play an important role in the energy transition, as renewable energies and decentralized generation plants are feeding more and more electricity into the networks.

Intrusion Detection & Mitigation

at
sonnen GmbH
Since 2018, Sonnen GmbH has been the first and so far only provider in Germany to connect private home storage systems to form a virtual power plant. Sonnen GmbH is building an energy system that provides clean electricity at exactly the right time and where it is needed. A system that enables cost benefits for everyone while relieving the strain on the power grid. In addition, the sonnenVPP plays an important role in the energy transition. By stabilizing the energy grids on three continents, the company is ensuring that more and more renewable energies can be connected to the grid, thus accelerating the transition to clean energy.

Rainer Fuhrmann

Head of I&C Systems
|
EWR Netz GmbH
»The Rhebo ICS monitoring provides us with specific support in monitoring remote maintenance and network access points. It helps us detect defects and anomalies in the ICS before disruptions occur in our energy or water supply.«
To story download

Details

Initial situation
Solution
Implementation
Results

Initial situation and challenge

Each year, EWR Netz GmbH supplies around 230,000 customers with over 1.8 million MWh of electricity, 64,000 customers with 1.2 million MWh of gas and 15,000 customers with 7,200 TmÑ of water. One of the most urgent challenges for grid management, plant operation and maintenance is the shift towards renewable energies. In particular, the heterogeneity and decentralisation of plants and the expansion of the industrial control system are creating new risks for supply. EWR Netz GmbH is therefore actively shaping the secure and stable development of a modern, digitalised and renewable energy supply. With the support of security service provider Corning Services GmbH, the energy supply company had renewed its entire ICS in 2018 and 2019. State-of-the-art technology and the use of the IEC 60870-5- 104 protocol will continue to guarantee the trouble-free operation of electrical devices for their customers. EWR Netz GmbH pays particular attention to the security of its ICS. The requirement was a dedicated security system that protects the ICS holistically against disruptions. Vulnerabilities, known and novel attack patterns, as well as misconfigurations, defects and technical error states should be detected reliably and quickly.

Close existing vulnerabilities

Conduct risk analysis according to ISO 27001 ff. for the entire ICS, check segmentation, identify and evaluate vulnerabilities.

Detect attacks and malfunctions

Continuously monitor communication within the ICS (IEC104) at value level in order to detect and eliminate changes at an early stage before disruptions occur.

Locate and mitigate technical error states

Detect and locate defects and misconfigurations in equipment to initiate maintenance before equipment fails.

Solution

RISK ANALYSIS

Rhebo Industry 4.0 Stability and Security Audit

  • Analysis of assets and communication structures;
  • Risk assessment for cybersecurity and stability;
  • Definition of mitigation measures.

ICS MONITORING WITH ANOMALY DETECTION

Rhebo Industrial Protector

  • Continuous ICS monitoring;
  • Real-time identification and evaluation of cyber attacks, vulnerabilities, malware and error states;
  • Compliance with industry standards and regulatory requirements.

Implementation and findings

At the beginning, Rhebo and Corning Services carried out a Rhebo Industry 4.0 Stability and Security Audit at EWR Netz GmbH. Over a period of three weeks, the communication within the ICS was recorded using the ICS monitoring Rhebo Industrial Protector, and later analysed and evaluated. The visualisation of the assets and communication patterns showed a very well maintained ICS. However, the risk analysis identified various anomalies such as vulnerable firmware, unrequired protocols and conspicuous communication behaviour as well as various anomalies related to repeated transmission problems. The sources were later corrected by the I&C System department. The detailed monitoring of the ICS, the extremely good traceability of incidents, and the combination of cybersecurity and operational stability convinced EWR Netz GmbH to permanently integrate Rhebo Industrial Protector. Since then, the ICS monitoring solution passively monitors the entire communication within the network. Any change in the communication that indicates a risk to cybersecurity or process stability is reported to the control center in real-time.

  • The network map visualises all assets in the ICS with their properties and connections.
  • For each host, details such as protocols, connections, and anomalies are displayed in real-time.
  • Rhebo Industrial Protector also reports insecure operations such as scans and unencrypted passwords.
To the company website

Results

COMPLETE TRANSPARENCY

of the structure, assets and connections of the ICS.

REAL-TIME ALERTS

and documentation of anomalies ensured.

STABLE OPERATION OF THE ICS

strengthened by identification and analysis of misconfigurations.

CONTINUOUS MONITORING

of communication within the ICS.

EXISTING VULNERABILITIES IDENTIFIED

revewed and corrected.

TRACEABILITY AND RISK ASSESSMENT

of incidents significantly improved.

Also interesting

Rhebo Story

Global 24/7 Cybersecurity For Renewable Energy Resources

BayWa r.e. Data Services GmbH

Rhebo Story

Network Intrusion Detection with Rhebo support

Stadtwerke Bochum Netz

Rhebo Story

Verification of Network Segmentation at German Water Company

Waterworks Leipzig

Get in touch with us

Write or call us to discuss your requirements for OT cybersecurity and intrusion detection.
Contact us

Schedule a online demo

Let us show you hands on how Rhebo advances your company’s OT cybersecurity posture.
Schedule an online demo
All rights reserved - Rhebo
Facebook Icon weissLikedIn Icon weiss