The digitalization of the energy industry has led to a convergence of operational and informational technologies across metering infrastructures worldwide. This OT/IT convergence brings with it all the benefits of the connected, IoT era such as personal energy management insights, automated energy management and grid transparency. However it has also resulted in increasingly complex OT/IT ecosystems creating with new areas of vulnerability and increasing exposure to attacks.
We caught up with Klaus Mochalski CEO of Rhebo to get his view on these new challenges and on what can be done to address them.
Rhebo is a leading provider of cybersecurity solutions for Operational Technology (OT) and IoT networks and was acquired by Landis+Gyr in the beginning of 2021.
Which security challenges do energy companies face today?
Klaus: Digitalization, system integration and remote control have opened and connected former stand-alone, isolated utilities. All of a sudden the industrial automation systems of power plants, substations, renewable energy resources etc. can fall victim to cyber attacks. The advantageous interconnectedness and interoperability established by frameworks like IEC 61850 can even create a cascade of system failure by spill-over.But doesn’t IT security have a long successful history of dealing with such attacks.
Klaus: This only counts for IT systems, not for operational technology (OT) networks. And since the OT is very different to the IT in terms of processes, protocols and requirements, IT security measures cannot easily be copy-pasted to the OT. Plus, the real danger are professional adversaries that don’t use off-the-shelve attack methods.What does this mean for operational technologies in the energy industry?
Klaus: In particular state-sponsored, well-resourced hacker groups mean serious business. They don’t just want some ransom, they aim for wide-spread disruption. And they do it by means of unknown vulnerabilities and back doors, which no firewall knows about yet. And as soon as the adversaries are inside the network, common security measures are blind to their activities. They fail to detect. In the energy industry this can be particularly disastrous as millions of homes, offices, industries etc can be affected.What can be done about it?
Klaus: Energy companies need visibility within their networks, in particular within the OT. Thousands and thousands of substations and remotely controlled energy resources in Europe are unmanned and a complete black box for control room operators. The objective must be to gain full OT visibility and to be able to detect novel attack patterns as well as malicious activities of professional adversaries within the OT networks before they can wreak havoc.What kind of solutions exist that provide such OT visibility and threat detection ?
Klaus: Landis+Gyr subsidiary Rhebo provides the only vendor-independent threat detection and network monitoring systems for industrial automated networks that can also be used to monitor Advanced Metering Infrastructures (AMI). By protecting OT & IoT networks and devices against cyberattacks and technical error states, Rhebo’s solutions help grid operators increase plant availability and implement security regulations and standards. Rhebo’s industrial protector for example is a non-intrusive real time monitoring solution for detecting network anomalies such as cyber-security events and technical error states. This allows a network operator to mitigate vulnerabilities and cyber-attacks thereby improving plant availability and securing expensive IoT devices with embedded threat monitoring. We recommend starting with the Rhebo Industry 4.0 Security Audit to get a comprehensive risk assessment of the Industrial Automation & Control System (IACS).Could you explain what additional benefits customers can expect from the Rhebo - Landis+Gyr alliance ?
Klaus: For us, the cooperation with Landis+Gyr follows our strategy to seamlessly secure critical IoT devices in industrial networks. With Rhebo’s suite of solutions, Landis+Gyr can extend the functionalities of its high-performance smart metering devices with comprehensive cyber security and availability. For customers ie, grid operators and DSO’s that operate critical metering infrastructure, this means getting end to end threat detection and protection across their AMI, thus paving the way for further digitalization and automation of their services.