Daniel Ackermann
As one of the leading providers of modern energy storage system and renewable energy solutions, cybersecurity of its products has become paramount for Sonnen. Though, residential and commercial energy storage systems (ESS) are typically connected to the local home network of the end customer. These networks are more easily accessible to attackers and lack a dedicated IDS for the industrial communication of the ESS. Due to the networking of identical systems and central monitoring at Sonnen, the risk of the whole fleet being taken over and e.g. misused as a botnet or shut down in an orchestrated manner also increases. Sonnen’s globally distributed energy storage systems were therefore to be equipped with an industrial intrusion detection system that detects and mitigates cyberattacks and disruptions right at the edge device. The goal was to block and isolate attacks before they can spread to the central platform or other connected storage systems.
Detect, mitigate and document unknown and known attack patterns via automated security policies.
Report anomalies to Security Operation Center (SOC) in real-time for immediate global action.
Analyze anomalies across all energy systems centrally for predictive risk management and maintenance.
for globally distributed energy storage systems
for IIoT devices and systems
Since the beginning of 2020, Sonnen has been integrating the advanced Rhebo technology for active protection on all existing and new ESS installations. The rollout on the local controls of the distributed energy storage units is carried out entirely software-based. In addition to the behavior analysis of the energy storage system, local interfaces such as web interfaces and system protocols are also continuously monitored. Standard interfaces (e.g. Syslog, MQTT) and open source technologies are used for the cost-efficient upgrade of existing systems ensuring fast return on investment. The interfaces also allow the easy transmission of anomaly data and security policies between the distributed systems and the central security operations center at Sonnen. Rhebo also actively supports Sonnen in the analysis and evaluation of detected anomalies.
through automated security policies on-premise.
through standard APIs and low CPU footprint.
by meeting relevant standards like IEC 62443.
through device-specific behavior analysis and anomaly detection.
through early detection of error conditions and easy root cause analysis.
through anomaly reports for global trend and dynamics analysis.