Press release
he German Federal Office for Information Security (BSI) has published a recommendation for the security monitoring of substation automation in energy transmission and distribution systems. Amongst device logging and host-based detection, the BSI advocates the installation of a network-based intrusion detection system (NIDS) in OT networks.
Leipzig, Germany, May 6, 2025 – The German Federal Office for Information Security (BSI) has published a recommendation for the security monitoring of substation automation in energy transmission and distribution systems. Amongst device logging and host-based detection, the BSI advocates the installation of a network-based intrusion detection system (NIDS) in OT networks.
The BSI justifies this specific technological recommendation with the digitalization and networking of critical systems using exposed network components, as well as the growing risk of a supply chain compromise. In this form of cyberattack, adversaries attempt to penetrate a network via both the component vendor and the service providers, who usually have extensive privileges for the industrial control systems. OT (Operational Technology) networks are particularly vulnerable to external compromise and disruption due to their low inherent level of cybersecurity.
“The BSI's decision reflects our observations from the last ten years of vulnerability assessments and implementations of our OT intrusion detection system in OT networks,” commented René Krause, Teamlead Support at Rhebo. Since 2015, the German OT cybersecurity company has been offering a NIDS that combines passive network security monitoring with anomaly detection developed specifically for OT. "The core threat to the OT of utilities comes from outdated systems, weak authentication and extensive remote access privileges (see figure). However, these security vulnerabilities cannot be easily eliminated. A NIDS is therefore the best solution for managing this residual risk. If you can't directly secure something, you must continuously monitor it.”
Minimize workload and ensure responsiveness
The BSI's objective is to ensure that energy supply companies can detect and respond to incidents in their substation automation as quickly as possible. To this end, the BSI also recommends that the intrusion detection system in the OT transmits the alerts to a central instance in the company – usually a SIEM – to enable the integration of OT security into the general IT security processes. Since 2019, Rhebo has enabled the integration of security alerts into SIEM systems, including Splunk and IBM QRadar.
For simplifying the training of the NIDS, the BSI also recommends using the existing .scd file in IEC 61850 infrastructures – a baseline automation method Rhebo has been offering for many years.
“The recommendation for monitoring in station automation is an important step in making energy supply resilient against existing and emerging cyber threats,” said René Krause. As the BSI observes in its recommendation, adversaries are less likely to penetrate a station directly via the central control room. Instead, they will “specifically look for systems that are only weakly secured and controlled. [...] Monitoring in substations is therefore just as important for protecting critical services as protecting the central OT network.”
Rhebo - OT Security Made Simple
Rhebo provides simple and effective cybersecurity solutions for Operational Technology and distributed industrial assets for the energy sector, critical infrastructure and manufacturing. The German company supports customers with OT security from the initial risk analysis to managed OT monitoring with intrusion & anomaly detection. Since 2021, Rhebo is part of the Landis+Gyr AG, a leading global provider of integrated energy management solutions for the energy industry with around 7,500 employees in over 30 countries worldwide.
As a trustworthy cybersecurity provider, Rhebo is ISO 27001 certified and was awarded the »Cybersecurity Made In Europe« label for its strict data protection and data security policies.
Contact Rhebo
Oliver Kleindienst
Head of Marketing
Tel. +49 151 5633 9726