Mohamed Harrou
The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access. This makes the wind farms and PV parks subject to a particularly high threat exposure. In addition to the protection of sensitive data, the BayWa r.e. cybersecurity strategy above all focuses on plant availability, fleet protection and security of supply. BayWa r.e. had already implemented its own security solution for this purpose. This ensured both secure and reliable data transmission and continuous monitoring of performance data. The Smart Energy Gateway MRX from INSYS icom was used as the core element of these functionalities. In a field test, these functionalities were amended by an ICS monitoring with anomaly detection by Rhebo. The aim was to extend the security capabilities to real-time detection of novel attack patterns, advanced persistent threats and technical error states on the distributed energy resources.
Detect and stop any change of communication pattern between the globally distributed energy resources.
Proactively detect and localise defects and misconfigurations on devices to trigger maintenance before device failure.
Reduce complexity and costs of operations with Defense-in-Depth security concept on a single device.
Rhebo Industry 4.0 Stability and Security Audit
Rhebo Industrial Protector Software Integration
The ICS monitoring with anomaly detection Rhebo Industrial Protector was integrated as a software sensor on the existing INSYS icom Smart Energy Gateways MRX. No additional hardware had to be installed in the distributed infrastructure. At this point, Rhebo continuously monitors and analyses the entire communication between servers, control center and energy resources. In the first step, the existing communication behaviour at a wind farm as well as a PV park was recorded over several days and analysed in detail. The analysis showed that almost three-quarters of all traffic was related to vendor communication between devices and vendor servers. Rhebo identified several previously unknown security risks. Among others, the anomaly detection found communication via an unprotected FTP server with outdated firmware, unencrypted data transfer as well as private communication via a Whatsapp client. In addition, communication errors and failed connection attempts were identified which affected network quality. All anomalies were subsequently corrected.
ensured through continuous ICS monitoring and anomaly detection.
of security settings through identification of insecure communication.
through reduction of vendor data traffic.
through comprehensive analysis of the entire Industrial Control System.
through mitigation of technical error states.
of security and availability functions through software rollout on INSYS icom routers.