Sven Wienand
Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times. With the digitization of its critical infrastructure, this also included securing its substations and renewable energy plants against cyberattacks. In 2017, the local supplier therefore implemented an information and security management system (ISMS) in accordance with ISO 27001. Stadtwerke Bochum Netz, as part of Stadtwerke Bochum Holding, had already been addressing the need for an OT intrusion detection system for their critical infrastructure for four years before it was made mandatory by German authorities. This solution had to provide two key capabilities:
Rhebo Industrial Security Assessment
Rhebo Industrial Protector
Rhebo Managed Protection
At the end of 2019, Rhebo conducted a Rhebo Industrial Security Assessment for Stadtwerke Bochum Netz. The OT networks of the energy supply infrastructure were analyzed for existing vulnerabilities and security risks, their criticality was assessed, and recommendations for remediation were made. All detected anomalies were subsequently resolved in a targeted manner. Once the security risks had been eliminated, the OT monitoring with anomaly detection Rhebo Industrial Protector used during the assessment started continuous operation. Since then, the dedicated network intrusion detection system has been monitoring the OT networks for electricity, gas, and water as well as the interface to the company's IT. With the introduction of OT monitoring in 2019, the company also needed to acquire expertise on the still new topic of OT security. Faced with the ongoing shortage of skilled workers, Stadtwerke Bochum Netz decided to train the existing team on the job. Stadtwerke Bochum Netz operates the Rhebo intrusion detection system independently, but regularly accesses the expertise of the
Rhebo team. As part of the OT security service Rhebo Managed Protection, the security team discusses conspicuous or unclear anomalies identified by Rhebo Industrial Protector with the Rhebo support team on a weekly basis and coordinates the next steps. This has not only enabled the localization and elimination of frequent network and communication errors or nonsecure OT components. Security risks from service providers, such as the use of SNMPv1 and NTLMv1, which would otherwise have remained invisible, have also been quickly identified and addressed with the subcontractor.
through asset inventory and visualization of connections and system properties in the OT.
through weekly evaluation of anomaly reports with the Rhebo team.
by identifying insecure authentication methods used by service providers and employees.