Press release

Rhebo Confirms Importance of New German Cybersecurity Guidelines for Substation OT Monitoring

he German Federal Office for Information Security (BSI) has published a recommendation for the security monitoring of substation automation in energy transmission and distribution systems. Amongst device logging and host-based detection, the BSI advocates the installation of a network-based intrusion detection system (NIDS) in OT networks.

May 6, 2025
  • The German Federal Office for Information Security (BSI) recommends dedicated security monitoring for the substation automation of energy utilities.
  • The recommendation focuses on OT networks and systems.
  • The German OT cybersecurity company Rhebo confirms the BSI's warning that most substations are currently insecure.

Leipzig, Germany, May 6, 2025 – The German Federal Office for Information Security (BSI) has published a recommendation for the security monitoring of substation automation in energy transmission and distribution systems. Amongst device logging and host-based detection, the BSI advocates the installation of a network-based intrusion detection system (NIDS) in OT networks.  

The BSI justifies this specific technological recommendation with the digitalization and networking of critical systems using exposed network components, as well as the growing risk of a supply chain compromise. In this form of cyberattack, adversaries attempt to penetrate a network via both the component vendor and the service providers, who usually have extensive privileges for the industrial control systems. OT (Operational Technology) networks are particularly vulnerable to external compromise and disruption due to their low inherent level of cybersecurity.  

The BSI's decision reflects our observations from the last ten years of vulnerability assessments and implementations of our OT intrusion detection system in OT networks,” commented René Krause, Teamlead Support at Rhebo. Since 2015, the German OT cybersecurity company has been offering a NIDS that combines passive network security monitoring with anomaly detection developed specifically for OT. "The core threat to the OT of utilities comes from outdated systems, weak authentication and extensive remote access privileges (see figure). However, these security vulnerabilities cannot be easily eliminated. A NIDS is therefore the best solution for managing this residual risk. If you can't directly secure something, you must continuously monitor it.

Typical security risks in OT networks (source: Rhebo)

Minimize workload and ensure responsiveness

The BSI's objective is to ensure that energy supply companies can detect and respond to incidents in their substation automation as quickly as possible. To this end, the BSI also recommends that the intrusion detection system in the OT transmits the alerts to a central instance in the company – usually a SIEM – to enable the integration of OT security into the general IT security processes. Since 2019, Rhebo has enabled the integration of security alerts into SIEM systems, including Splunk and IBM QRadar.

For simplifying the training of the NIDS, the BSI also recommends using the existing .scd file in IEC 61850 infrastructures – a baseline automation method Rhebo has been offering for many years.

“The recommendation for monitoring in station automation is an important step in making energy supply resilient against existing and emerging cyber threats,” said René Krause. As the BSI observes in its recommendation, adversaries are less likely to penetrate a station directly via the central control room. Instead, they will “specifically look for systems that are only weakly secured and controlled. [...] Monitoring in substations is therefore just as important for protecting critical services as protecting the central OT network.”  

Rhebo - OT Security Made Simple

Rhebo provides simple and effective cybersecurity solutions for Operational Technology and distributed industrial assets for the energy sector, critical infrastructure and manufacturing. The German company supports customers with OT security from the initial risk analysis to managed OT monitoring with intrusion & anomaly detection. Since 2021, Rhebo is part of the Landis+Gyr AG, a leading global provider of integrated energy management solutions for the energy industry with around 7,500 employees in over 30 countries worldwide.

As a trustworthy cybersecurity provider, Rhebo is ISO 27001 certified and was awarded the »Cybersecurity Made In Europe« label for its strict data protection and data security policies.

https://rhebo.com/  

Contact Rhebo

Oliver Kleindienst

Head of Marketing

Tel. +49 151 5633 9726

press@rhebo.com

More press releases

Press release

Rhebo celebrates 10 years of secure industry

The German company for the cyber security of operational technology networks, Rhebo, is celebrating its 10th anniversary and is planning further expansion in the coming years.
Nov 25, 2024

Press release

Rhebo integrates its OT intrusion detection for Splunk

The integration of the OT intrusion detection, Rhebo Industrial Protector, into the ecosystem of the SIEM system, Splunk, simplifies the embedding of industrial cyber security
Dec 7, 2023

Press release

Rhebo announces change of CEO

Klaus Mochalski, founder of German OT cybersecurity solution provider Rhebo, leaves as CEO for personal reasons.
Oct 7, 2023

Get in touch with us

Oliver Kleindienst
Oliver Kleindienst
Head of Marketing
+49 151 5633 9726
press@rhebo.com
Contact us

Schedule a online demo

Let us show you hands on how Rhebo advances your company’s OT cybersecurity posture.
Schedule an online demo
All rights reserved - Rhebo
Facebook Icon weissLikedIn Icon weissXing IconYoutube Icon