Global 24/7 Cybersecurity For Renewable Energy Resources

at
BayWa r.e. Data Services GmbH
The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access.

Network Intrusion Detection with Rhebo support

at
Stadtwerke Bochum Netz
Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times.

Verification of Network Segmentation at German Water Company

at
Waterworks Leipzig
The German water company Leipziger Wasserwerke (LWW) is a subsidiary of the Leipziger Gruppe. With 5 water plants, the company supplies 545,000 people in the Leipzig region with fresh and high-quality drinking water. It also treats 95,000 m³ of waste water per day in 25 sewage treatment plants.

Sabotage Investigation in Logistics Companies

at
Digital Forensics GmbH
Digital Forensics GmbH is a german company specializing in forensic analysis of large-volume network traffic in industry and insurance. The company evaluates cases of damage and analyses cyber attacks. Knowledge of industry-specific protocols such as Profinet, OPC, S7 or IEC61850 as well as their evaluation form a focal point of the work.

Secure Energy Supply For Over 1 Million People

at
Thüringer Energienetze GmbH & Co. KG
TEN Thüringer Energienetze is the largest distribution network operator in the German federal state of Thuringia. Its networks reliably supply more than 1.1 million people, the domestic economy and downstream distributors with energy. TEN provides all infrastructure services for the supply of electricity and natural gas, the connection of decentralized energy resources and, as part of its services, network operation for third parties.

Real-Time Security and Continuous Improvement Of Energy Supply

at
e-netz Südhessen AG
Anchored in Darmstadt, e-netz Südhessen AG, as a subsidiary of ENTEGA AG, takes care of the secure energy supply and the functioning infrastructure for around one million people in the region - from private households to municipal facilities, operators of solar systems and wind farms to industrial companies, scientific and research institutions.

Defense-in-Depth in the OT networks

at
MEGA, der Monheimer Elektrizitäts- und Gasversorgung GmbH
As a municipal energy supplier and innovative service provider, MEGA is as much a part of Monheim as the Rhine. Personally and locally, we create a warm, bright home for the people of Monheim with a fast digital window to the world. For over 100 years, we have been helping to make Monheim am Rhein a livable and attractive city - for families and companies.

Ensuring ICS Cybersecurity of Energy Providers

at
EWR Netz GmbH
In addition to its core business as a public network operator for electricity, gas and water, EWR Netz GmbH offers many different services with its qualified employees and extensive technical equipment. Regional network operators such as EWR Netz GmbH play an important role in the energy transition, as renewable energies and decentralized generation plants are feeding more and more electricity into the networks.

Intrusion Detection & Mitigation

at
sonnen GmbH
Since 2018, Sonnen GmbH has been the first and so far only provider in Germany to connect private home storage systems to form a virtual power plant. Sonnen GmbH is building an energy system that provides clean electricity at exactly the right time and where it is needed. A system that enables cost benefits for everyone while relieving the strain on the power grid. In addition, the sonnenVPP plays an important role in the energy transition. By stabilizing the energy grids on three continents, the company is ensuring that more and more renewable energies can be connected to the grid, thus accelerating the transition to clean energy.

Sven Wienand

system administrator
|
Stadtwerke Bochum Netz
»We know our networks and service companies very well. Nevertheless, Rhebo’s intrusion detection system keeps surprising us by alerting us to security risks and irregularities that still remain in our OT communication.«
To story download

Details

Initial situation and challenge

Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times. With the digitization of its critical infrastructure, this also included securing its substations and renewable energy plants against cyberattacks. In 2017, the local supplier therefore implemented an information and security management system (ISMS) in accordance with ISO 27001. Stadtwerke Bochum Netz, as part of Stadtwerke Bochum Holding, had already been addressing the need for an OT intrusion detection system for their critical infrastructure for four years before it was made mandatory by German authorities. This solution had to provide two key capabilities:

  1. Early detection of even successful attacks within the operational technology to prevent them from reaching the control center. In addition to the detection of malware that might have bypassed the firewall via service provider laptops (supply chain compromise), this also includes the identification of systems and communication behavior that endanger the cyber security of the OT.
  2. Support by the company providing the network intrusion detection system with forensic analysis of anomalies to compensate for the continued shortage of specialists in the field of OT cyber security and to build in-house know-how.

Solution

OT RISK ANALYSIS AND VULNERABILITY ASSESSMENT

Rhebo Industrial Security Assessment

  • analyze assets and communication structures,
  • identify vulnerabilities and security gaps,
  • define measures for system hardening.

OT NETWORK INTRUSION DETECTION SYSTEM

Rhebo Industrial Protector

  • continuously monitor the OT network communication,
  • identify and analyze cyberattacks, security vulnerabilities, malware, and error states in real time.

ON-DEMAND OT SECURITY SUPPORT

Rhebo Managed Protection

  • conduct periodic vulnerability assessments,
  • regularly evaluate identified anomalies with Rhebo experts,
  • get emergency support.

Implementation and findings

At the end of 2019, Rhebo conducted a Rhebo Industrial Security Assessment for Stadtwerke Bochum Netz. The OT networks of the energy supply infrastructure were analyzed for existing vulnerabilities and security risks, their criticality was assessed, and recommendations for remediation were made. All detected anomalies were subsequently resolved in a targeted manner. Once the security risks had been eliminated, the OT monitoring with anomaly detection Rhebo Industrial Protector used during the assessment started continuous operation. Since then, the dedicated network intrusion detection system has been monitoring the OT networks for electricity, gas, and water as well as the interface to the company's IT. With the introduction of OT monitoring in 2019, the company also needed to acquire expertise on the still new topic of OT security. Faced with the ongoing shortage of skilled workers, Stadtwerke Bochum Netz decided to train the existing team on the job. Stadtwerke Bochum Netz operates the Rhebo intrusion detection system independently, but regularly accesses the expertise of the
Rhebo team. As part of the OT security service Rhebo Managed Protection, the security team discusses conspicuous or unclear anomalies identified by Rhebo Industrial Protector with the Rhebo support team on a weekly basis and coordinates the next steps. This has not only enabled the localization and elimination of frequent network and communication errors or nonsecure OT components. Security risks from service providers, such as the use of SNMPv1 and NTLMv1, which would otherwise have remained invisible, have also been quickly identified and addressed with the subcontractor.

Results

EXISTING VULNERABILITIESRESOLVED

through asset inventory and visualization of connections and system properties in the OT.

SECURITY TEAM TRAINED IN OT SECURITY

through weekly evaluation of anomaly reports with the Rhebo team.

TARGETED CLOSURE OF HIDDEN SECURITY RISKS

by identifying insecure authentication methods used by service providers and employees.

Also interesting