Digital sovereignty in cybersecurity: OT Security Made in Germany®

Trust is good. Sovereignty is better. And yes, who watches the watchmen? What is the point of a company having a security system that itself is not secure? Or which will become insecure in the future because of some shift in geopolitics.¹

All it takes is a quick search engine query to unravel this seemingly paradoxical question. For starters, you just need to remember Edward Snowden's revelations more than ten years ago.²

Backdoors in regulations

In March 2025, Microsoft France's director of public and legal affairs stated under oath that he could not guarantee 100% data protection under European law to companies that use Microsoft and store and process their data exclusively on European Microsoft servers. Microsoft is a US company and is therefore subject to the US Cloud Act. This requires US companies to give US authorities access to their customers' data if certain conditions are met, regardless of where in the world it is stored. The authorities can even order that the companies concerned do not receive any disclosure.³

In July 2025, it came to light that Cisco – a company that promises cybersecurity – had built a permanent backdoor into its Unified Communications Manager. This was not documented for customers. Nor were customers given the option to configure it, i.e., to secure it themselves. The backdoor was hard-coded.⁴ And this was not the first time.

Lost in the cloud

In our podcast, Manuel Atug, long-time cybersecurity expert and founder of AG KRITIS, responded to the question “Can intrusion detection systems become a security risk?” with some rather sobering experiences: “We have seen IDS software where you could access the entire customer environment from a single client on any environment.”

He continued, “In some cases, companies take this a step further and say, ‘The data is first transferred to the cloud, and we analyze it from there. This means that in the production environment, in the critical infrastructure [...] the agent software is rolled out on all systems, often with full system rights, and it collects all kinds of critical production data and information from the components, uploads it somewhere in the cloud, and then the data is processed further in the US or Israel, for example."

The situation is no better for products from other parts of the world. In November 2022, it became public that certain routers from Chinese providers are delivered with built-in backdoors by default. These sometimes receive a visit from overseas right after connection.⁵ Moreover, just this year, undocumented communication components were discovered in Chinese inverters for photovoltaic systems.⁶ Incidentally, these products are also commonplace in Europe.

Additionally, one should always keep in mind, that technology companies in both China and the U.S. are often more than willing to collaborate with or recruit directly from the military and intelligence complex⁷. This applies not least to some cybersecurity companies.⁸

Strengthening your data protection and sovereignty

With OT Security Made in Germany^Ⓡ Rhebo is giving a clear commitment to data protection and the digital sovereignty of our customers. Already since mid-2021, Rhebo has been holder of the trust seal Cybersecurity Made in Europe of the European Cyber Security Organisation (ECSO)⁹. We thus follow the strict data protection regulations of the GDPR and the European Union Agency for Cybersecurity (ENISA).

OT Security Made in Germany^Ⓡ extends this commitment:

• 100 % of development and testing is done in Germany.

• There are no built-in backdoors for security and government agencies.

• Third parties never gain access to the backend of our solution.

• We do not work with security agencies or the military at the development level.

• Our network-based intrusion detection system is always available as an on-prem solution and does not need any internet connection to be run and maintained.

In addition, for our German and European customers, working with Rhebo means:

• fast response times to inquiries and

• prompt, comprehensive support.

As a European company, Rhebo also explicitly takes into account the requirements of European cybersecurity directives and national legislations, including NIS2.

With Rhebo's solutions, European organizations can therefore rest assured that they are getting OT monitoring with anomaly detection that meets their requirements for compliance, performance, simplicity AND sovereignty.

OT Security Made in Germany^Ⓡ is a registered trademark Rhebo GmbH.

‍

‍

¹ https://www.globaltimes.cn/page/202305/1290958.shtml

² https://www.forbes.com/sites/emmawoollacott/2025/07/22/microsoft-cant-keep-eu-data-safe-from-us-authorities/

³ https://www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/

⁴ https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/

⁵ https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/

⁶ https://techcrunch.com/2022/02/05/the-rise-of-defense-tech-is-bringing-silicon-valley-back-to-its-roots/

⁷ https://www.govconwire.com/articles/former-nsa-cybercom-chief-michael-rogers-appointed-claroty-advisory-board-chair

⁸ https://rhebo.com/en/company/news/post/rhebo-obtains-ecso-label-cybersecurity-made-in-europe/