Global 24/7 Cybersecurity For Renewable Energy Resources

at
BayWa r.e. Data Services GmbH
The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access.

Network Intrusion Detection with Rhebo support

at
Stadtwerke Bochum Netz
Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times.

Verification of Network Segmentation at German Water Company

at
Waterworks Leipzig
The German water company Leipziger Wasserwerke (LWW) is a subsidiary of the Leipziger Gruppe. With 5 water plants, the company supplies 545,000 people in the Leipzig region with fresh and high-quality drinking water. It also treats 95,000 m³ of waste water per day in 25 sewage treatment plants.

Sabotage Investigation in Logistics Companies

at
Digital Forensics GmbH
Digital Forensics GmbH is a german company specializing in forensic analysis of large-volume network traffic in industry and insurance. The company evaluates cases of damage and analyses cyber attacks. Knowledge of industry-specific protocols such as Profinet, OPC, S7 or IEC61850 as well as their evaluation form a focal point of the work.

Secure Energy Supply For Over 1 Million People

at
Thüringer Energienetze GmbH & Co. KG
TEN Thüringer Energienetze is the largest distribution network operator in the German federal state of Thuringia. Its networks reliably supply more than 1.1 million people, the domestic economy and downstream distributors with energy. TEN provides all infrastructure services for the supply of electricity and natural gas, the connection of decentralized energy resources and, as part of its services, network operation for third parties.

Real-Time Security and Continuous Improvement Of Energy Supply

at
e-netz Südhessen AG
Anchored in Darmstadt, e-netz Südhessen AG, as a subsidiary of ENTEGA AG, takes care of the secure energy supply and the functioning infrastructure for around one million people in the region - from private households to municipal facilities, operators of solar systems and wind farms to industrial companies, scientific and research institutions.

Defense-in-Depth in the OT networks

at
MEGA, der Monheimer Elektrizitäts- und Gasversorgung GmbH
As a municipal energy supplier and innovative service provider, MEGA is as much a part of Monheim as the Rhine. Personally and locally, we create a warm, bright home for the people of Monheim with a fast digital window to the world. For over 100 years, we have been helping to make Monheim am Rhein a livable and attractive city - for families and companies.

Ensuring ICS Cybersecurity of Energy Providers

at
EWR Netz GmbH
In addition to its core business as a public network operator for electricity, gas and water, EWR Netz GmbH offers many different services with its qualified employees and extensive technical equipment. Regional network operators such as EWR Netz GmbH play an important role in the energy transition, as renewable energies and decentralized generation plants are feeding more and more electricity into the networks.

Intrusion Detection & Mitigation

at
sonnen GmbH
Since 2018, Sonnen GmbH has been the first and so far only provider in Germany to connect private home storage systems to form a virtual power plant. Sonnen GmbH is building an energy system that provides clean electricity at exactly the right time and where it is needed. A system that enables cost benefits for everyone while relieving the strain on the power grid. In addition, the sonnenVPP plays an important role in the energy transition. By stabilizing the energy grids on three continents, the company is ensuring that more and more renewable energies can be connected to the grid, thus accelerating the transition to clean energy.

Mohamed Harrou

»The simple integration of the Rhebo solution into our SystemSafe infrastructure on INSYS icom gateways enables us to fully secure all remote-controlled wind and solar parks against technical failures and cyberattacks without significant additional effort.«
To story download

Details

Initial situation and challenge

The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access. This makes the wind farms and PV parks subject to a particularly high threat exposure. In addition to the protection of sensitive data, the BayWa r.e. cybersecurity strategy above all focuses on plant availability, fleet protection and security of supply. BayWa r.e. had already implemented its own security solution for this purpose. This ensured both secure and reliable data transmission and continuous monitoring of performance data. The Smart Energy Gateway MRX from INSYS icom was used as the core element of these functionalities. In a field test, these functionalities were amended by an ICS monitoring with anomaly detection by Rhebo. The aim was to extend the security capabilities to real-time detection of novel attack patterns, advanced persistent threats and technical error states on the distributed energy resources.

Comprehensive protection against cyberattacks

Detect and stop any change of communication pattern between the globally distributed energy resources.

Optimised resource planning of service technicians

Proactively detect and localise defects and misconfigurations on devices to trigger maintenance before device failure.

Easy integration in existing infrastructure

Reduce complexity and costs of operations with Defense-in-Depth security concept on a single device.

Solution

RISK AND VULNERABILITY ANALYSIS

Rhebo Industry 4.0 Stability and Security Audit

  • Analysis of deployed assets and existing communication structures;
  • Evaluation of threats for security and availability of wind farms and PV parks;
  • Definition of specific measures.

GLOBAL CYBERSECURITY

Rhebo Industrial Protector Software Integration

  • Real-time identification of cyberattacks, vulnerabilities and technical error states;
  • 24/7 security monitoring on INSYS icom gateways with extended security functions for SystemSafe architecture.

Implementation and findings

The ICS monitoring with anomaly detection Rhebo Industrial Protector was integrated as a software sensor on the existing INSYS icom Smart Energy Gateways MRX. No additional hardware had to be installed in the distributed infrastructure. At this point, Rhebo continuously monitors and analyses the entire communication between servers, control center and energy resources. In the first step, the existing communication behaviour at a wind farm as well as a PV park was recorded over several days and analysed in detail. The analysis showed that almost three-quarters of all traffic was related to vendor communication between devices and vendor servers. Rhebo identified several previously unknown security risks. Among others, the anomaly detection found communication via an unprotected FTP server with outdated firmware, unencrypted data transfer as well as private communication via a Whatsapp client. In addition, communication errors and failed connection attempts were identified which affected network quality. All anomalies were subsequently corrected.

Results

24/7 CYBERSECURITY

ensured through continuous ICS monitoring and anomaly detection.

SYSTEMATIC OPTIMISATION

of security settings through identification of insecure communication.

ICS LOAD OPTIMISATION

through reduction of vendor data traffic.

CLOSED VULNERABILITIES

through comprehensive analysis of the entire Industrial Control System.

AMENDMENT OF ICS AVAILABILITY

through mitigation of technical error states.

SIMPLE EXTENSION

of security and availability functions through software rollout on INSYS icom routers.

Also interesting