Falk Fischer
The German water company Leipziger Wasserwerke (LWW) is a subsidiary of the Leipziger Gruppe. With 5 water plants, the company supplies 545,000 people in the Leipzig region with fresh and high-quality drinking water. It also treats 95,000 mÑ of waste water per day in 25 sewage treatment plants. In addition to the secure and sustainable supply to the population of Leipzig, the protection of the sensitive waters of Leipzig is at the centre of its daily activities. For example, the LWW was able to reduce the amount of mixed water discharged into the natural waters by 30% via a modern sewer ICS for the 2,800 km long sewer network. As a modern company, LWW actively accepts the challenges of digitalization for security of supply. As part of the implementation of an ICS security concept, the information technology infrastructure was modernized. In order to establish a high level of security, the office IT and ICS were separated and additionally protected by demilitarized zones and other measures. For this purpose, a Rhebo Industry 4.0 Stability and Security Audit was carried out. Three aspects were in the spotlight:
Identify all active components in the ICS for a complete asset inventory, and analyze their properties such as firmware version, manufacturer and identifier.
Visualize the connections of the ICS components among each other as well as to the office IT in a network map, and analyze them with regards to volume, type, function and content.
Investigate the monitoring results for known vulnerabilities (according to Common Vulnerability & Exploits, CVE) and develop specific mitigation measures.
Rhebo Industry 4.0 Stability and Security Audit
Rhebo Industrial Protector
The Rhebo Industry 4.0 Stability and Security Audit was carried out by the IT consulting company Softline Solutions GmbH at the client’s site. For the audit, non-intrusive sensors were integrated at neuralgic points of the LWW ICS in order to capture the entire communication. The integration took place via existing ports. Subsequently, all communication processes in the ICS were passively recorded over a period of two weeks. After completion of the data collection, Rhebo analyzed the data and summarized the results in a comprehensive report. The results were evaluated and concrete recommendations for action were developed in the concluding workshop under the guidance of Softline Solutions GmbH.
of the ICS structure and processes established.
nalyzed in detail.
of devices and systems in the ICS verified.
identified.
between ICS and enterprise IT identified.
implemented through detailed risk analysis.