Ensuring system availability

at a
manufacturer and operator of smart grid edge devices
The international vendor of critical smart grid devices also operates an installed fleet of tens of thousands of edge devices worldwide – making it directly responsible for their availability and functionality in daily operations.
Play

Detection of OT security risks

in
multiple food production lines
The food manufacturing company with over 20,000 employees in more than two dozen countries sought visibility and clarity on existing cybersecurity risks in its production lines.
Play

OT security monitoring and risk assessment

in the
chemical industry
Play

Global 24/7 Cybersecurity For Renewable Energy Resources

at
BayWa r.e. Data Services GmbH
The BayWa r.e. AG designs, builds and operates wind farms and photovoltaic (PV) parks worldwide. 99 % of technical operations management, servicing and maintenance are carried out via remote access.
Play

Network Intrusion Detection with Rhebo support

at
Stadtwerke Bochum Netz
Stadtwerke Bochum Holding has been a reliable supply partner for all Bochum residents since 1855. Today, Stadtwerke Bochum provides around 3,600 GWh of electricity and around 2,900 GWh of gas every year. It also provides water, district heating, telecommunications products, and solutions for the expansion of e-mobility. As a modern, customer-oriented company, Stadtwerke Bochum actively addresses the requirements and challenges of the times.
Play

Verification of Network Segmentation at German Water Company

at
Waterworks Leipzig
The German water company Leipziger Wasserwerke (LWW) is a subsidiary of the Leipziger Gruppe. With 5 water plants, the company supplies 545,000 people in the Leipzig region with fresh and high-quality drinking water. It also treats 95,000 m³ of waste water per day in 25 sewage treatment plants.
Play

Sabotage Investigation in Logistics Companies

at
Digital Forensics GmbH
Digital Forensics GmbH is a german company specializing in forensic analysis of large-volume network traffic in industry and insurance. The company evaluates cases of damage and analyses cyber attacks. Knowledge of industry-specific protocols such as Profinet, OPC, S7 or IEC61850 as well as their evaluation form a focal point of the work.
Play

Secure Energy Supply For Over 1 Million People

at
Thüringer Energienetze GmbH & Co. KG
TEN Thüringer Energienetze is the largest distribution network operator in the German federal state of Thuringia. Its networks reliably supply more than 1.1 million people, the domestic economy and downstream distributors with energy. TEN provides all infrastructure services for the supply of electricity and natural gas, the connection of decentralized energy resources and, as part of its services, network operation for third parties.
Play

Building Automation cybersecurity for Leipzig data center campus

at
envia TEL GmbH
As a wholly owned subsidiary of the enviaM Group, envia TEL is active in fiber rollout and data center operation and employs around 250 people. Since 2022, the company has been hosting the German internet exchange DE-CIX Leipzig at its data center campus in Leipzig, which connects the metropolitan region of Central Germany to the World Wide Web more closely than ever before.
Play

Real-Time Security and Continuous Improvement Of Energy Supply

at
e-netz Südhessen AG
Anchored in Darmstadt, e-netz Südhessen AG, as a subsidiary of ENTEGA AG, takes care of the secure energy supply and the functioning infrastructure for around one million people in the region - from private households to municipal facilities, operators of solar systems and wind farms to industrial companies, scientific and research institutions.
Play

Defense-in-Depth in the OT networks

at
MEGA, der Monheimer Elektrizitäts- und Gasversorgung GmbH
As a municipal energy supplier and innovative service provider, MEGA is as much a part of Monheim as the Rhine. Personally and locally, we create a warm, bright home for the people of Monheim with a fast digital window to the world. For over 100 years, we have been helping to make Monheim am Rhein a livable and attractive city - for families and companies.
Play

Ensuring ICS Cybersecurity of Energy Providers

at
EWR Netz GmbH
In addition to its core business as a public network operator for electricity, gas and water, EWR Netz GmbH offers many different services with its qualified employees and extensive technical equipment. Regional network operators such as EWR Netz GmbH play an important role in the energy transition, as renewable energies and decentralized generation plants are feeding more and more electricity into the networks.
Play

Intrusion Detection & Mitigation

at
sonnen GmbH
In 2018, sonnen GmbH has been the first provider in Germany to network residential and commercial energy storage systems into a virtual power plant. sonnen GmbH is building an energy system that provides clean electricity at exactly the right time and where it is needed. A system that enables cost benefits for everyone while relieving the strain on the power grid. In addition, the sonnen Virtual Power Plant (VPP) plays an important role in the energy transition: Through its storage system, the company is globally ensuring that more and more renewable energies can be connected to the grid. This stabilises the energy grids and accelerates the transition to sustainable energy supply.
Play

Details

Initial situation
Solution
Implementation
Results

Initial situation and challenge

Perhaps more than in any other industry, cybersecurity in chemical production is also about protecting employees and the environment. The supported chemical company already has a well-established and effective IT security team. However, the OT of the process plants had not been monitored for cyber incidents until now. Given the high level of digitization and networking of the production lines, however, this had become necessary in order to strengthen protection against data theft as well as protection for people, plants and the environment in chemical production.  

First, a risk analysis was carried out to examine three production lines of the chemical company at one site. For this, a Rhebo Industrial Security Assessment was carried out to identify existing security gaps and vulnerabilities.

Solution

Analysis and assessment
Network intrusion detection
Security monitoring
Arbeiter bedient Schaltkasten

Risk analysis and vulnerability assessment

Rhebo Industrial Security Assessment

  • detect and analyze assets and communication structures,
  • identify vulnerabilities, stability and security gaps,
  • define mitigation measures for system hardening.
Arbeiter bedient Schaltkasten

Network intrusion detection system for OT networks

Rhebo Industrial Protector

  • continously monitor OT network communication,
  • identify cyber attacks, security gaps and error states in real time,
  • ensure legal compliance with national cybersecurity laws.
Arbeiter bedient Schaltkasten

Managed OT security monitoring

Rhebo Managed Protection

  • conduct regular vulnerability assessments,
  • regularly evaluate reported anomalies with Rhebo experts,
  • get emergency support with forensic analysis of incidents.

Implementation and findings

To run the Rhebo Industrial Security Assessment, a Rhebo sensor was integrated into each OT network. Over a period of two weeks, the sensors passively and non-intrusively recorded the OT communication and stored it as packet captures (pcap). Afterwards, Rhebo experts analyzed the communication logs, using methods such as deep packet inspection, automated anomaly detection and forensic analysis.  

As a result, the chemical company was able to gain visibility into its OT for the first time. It was revealed – not surprisingly – that the chemical production plant had a relatively homogeneous infrastructure. Although several hundred devices were identified in each monitored OT network, they were from only a few manufacturers.

However, the security posture and network quality scored in the middle range. Observations that led to this assessment included:

  • insecure software, operating systems, and firmware on multiple devices,  
  • suspected address scanning,
  • use of protocols with unencrypted passwords,
  • insecure authentication methods,  

On the stability and availability assessment side, the team identified  

  • unreachable devices,  
  • network disturbances,  
  • checksum errors.

The sensors integrated as part of the Rhebo Industrial Security Assessment remained in the OT networks and were put into operation with a Rhebo Controller as a network intrusion detection system (Rhebo Industrial Protector). Rhebo regularly supported the chemical company in evaluating anomaly alerts and assessing the risk situation until the company had built up sufficient in-house expertise to operate the intrusion detection system independently.

To the company website