Global 24/7 Cybersecurity For Renewable Energy Resources

at
BayWa r.e. Data Services GmbH
The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access.

Network Intrusion Detection with Rhebo support

at
Stadtwerke Bochum Netz
Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times.

Verification of Network Segmentation at German Water Company

at
Waterworks Leipzig
The German water company Leipziger Wasserwerke (LWW) is a subsidiary of the Leipziger Gruppe. With 5 water plants, the company supplies 545,000 people in the Leipzig region with fresh and high-quality drinking water. It also treats 95,000 m³ of waste water per day in 25 sewage treatment plants.

Sabotage Investigation in Logistics Companies

at
Digital Forensics GmbH
Digital Forensics GmbH is a german company specializing in forensic analysis of large-volume network traffic in industry and insurance. The company evaluates cases of damage and analyses cyber attacks. Knowledge of industry-specific protocols such as Profinet, OPC, S7 or IEC61850 as well as their evaluation form a focal point of the work.

Secure Energy Supply For Over 1 Million People

at
Thüringer Energienetze GmbH & Co. KG
TEN Thüringer Energienetze is the largest distribution network operator in the German federal state of Thuringia. Its networks reliably supply more than 1.1 million people, the domestic economy and downstream distributors with energy. TEN provides all infrastructure services for the supply of electricity and natural gas, the connection of decentralized energy resources and, as part of its services, network operation for third parties.

Real-Time Security and Continuous Improvement Of Energy Supply

at
e-netz Südhessen AG
Anchored in Darmstadt, e-netz Südhessen AG, as a subsidiary of ENTEGA AG, takes care of the secure energy supply and the functioning infrastructure for around one million people in the region - from private households to municipal facilities, operators of solar systems and wind farms to industrial companies, scientific and research institutions.

Defense-in-Depth in the OT networks

at
MEGA, der Monheimer Elektrizitäts- und Gasversorgung GmbH
As a municipal energy supplier and innovative service provider, MEGA is as much a part of Monheim as the Rhine. Personally and locally, we create a warm, bright home for the people of Monheim with a fast digital window to the world. For over 100 years, we have been helping to make Monheim am Rhein a livable and attractive city - for families and companies.

Ensuring ICS Cybersecurity of Energy Providers

at
EWR Netz GmbH
In addition to its core business as a public network operator for electricity, gas and water, EWR Netz GmbH offers many different services with its qualified employees and extensive technical equipment. Regional network operators such as EWR Netz GmbH play an important role in the energy transition, as renewable energies and decentralized generation plants are feeding more and more electricity into the networks.

Intrusion Detection & Mitigation

at
sonnen GmbH
Since 2018, Sonnen GmbH has been the first and so far only provider in Germany to connect private home storage systems to form a virtual power plant. Sonnen GmbH is building an energy system that provides clean electricity at exactly the right time and where it is needed. A system that enables cost benefits for everyone while relieving the strain on the power grid. In addition, the sonnenVPP plays an important role in the energy transition. By stabilizing the energy grids on three continents, the company is ensuring that more and more renewable energies can be connected to the grid, thus accelerating the transition to clean energy.

Daniel Ackermann

Director Software Development
|
sonnen GmbH
»When selecting the solution, it was particularly important to us that monitoring and security automation are specifically tailored to our devices and can be expanded at any time. Because both our technology and the threat landscape are constantly evolving.«
To story download

Details

Initial situation and challenge

As one of the leading providers of modern energy storage system and renewable energy solutions, cybersecurity of its products has become paramount for Sonnen. Though, residential and commercial energy storage systems (ESS) are typically connected to the local home network of the end customer. These networks are more easily accessible to attackers and lack a dedicated IDS for the industrial communication of the ESS. Due to the networking of identical systems and central monitoring at Sonnen, the risk of the whole fleet being taken over and e.g. misused as a botnet or shut down in an orchestrated manner also increases. Sonnen’s globally distributed energy storage systems were therefore to be equipped with an industrial intrusion detection system that detects and mitigates cyberattacks and disruptions right at the edge device. The goal was to block and isolate attacks before they can spread to the central platform or other connected storage systems.

Detection & Response for globally distributed energy storage systems

Detect, mitigate and document unknown and known attack patterns via automated security policies.

Comprehensive fleet protection

Report anomalies to Security Operation Center (SOC) in real-time for immediate global action.

Global Threat Intelligence

Analyze anomalies across all energy systems centrally for predictive risk management and maintenance.

Solution

ENDPOINT DETECTION & RESPONSE

for globally distributed energy storage systems

  • continuously monitors behavior of energy storage systems;
  • identifies, analyses and reports cyberattacks, malware and technical error conditions in real-time;
  • enables fleet protection against critical events via automated security policies.
SOFTWARE-BASED SECURITY SOLUTION

for IIoT devices and systems

  • allows for fast and low-footprint integration on controls of globally distributed energy storage systems;
  • allows for global and cost-efficient security upgrade
  • provides standard interfaces to common security analysis tools like Elastic Stack, Splunk and QRadar.

Implementation and findings

Since the beginning of 2020, Sonnen has been integrating the advanced Rhebo technology for active protection on all existing and new ESS installations. The rollout on the local controls of the distributed energy storage units is carried out entirely software-based. In addition to the behavior analysis of the energy storage system, local interfaces such as web interfaces and system protocols are also continuously monitored. Standard interfaces (e.g. Syslog, MQTT) and open source technologies are used for the cost-efficient upgrade of existing systems ensuring fast return on investment. The interfaces also allow the easy transmission of anomaly data and security policies between the distributed systems and the central security operations center at Sonnen. Rhebo also actively supports Sonnen in the analysis and evaluation of detected anomalies.

  • Overview dashboard of Rhebo IIoT security monitoring
  • Overview of all anomaly notifications with details

Results

GLOBAL FLEET PROTECTION

through automated security policies on-premise.

COST-EFFICIENT SECURITY DESIGN

through standard APIs and low CPU footprint.

COMPLIANCE AND STATEOF- THE-ART SECURITY

by meeting relevant standards like IEC 62443.

PROTECTION AGAINST KNOWN AND UNKNOWN CYBER THREATS

through device-specific behavior analysis and anomaly detection.

RAPID MITIGATION OF SOFTWARE ERRORS

through early detection of error conditions and easy root cause analysis.

CENTRAL THREAT INTELLIGENCE

through anomaly reports for global trend and dynamics analysis.

Also interesting