ENSURING LEGAL COMPLIANCE WITH NIS2
through integrated threat and intrusion detection, incident documentation, and continuous improvement of the ISMS.
SECURE OPERATION OF THE SMART GRID
with continuous communication monitoring in the control system with passive anomaly detection and integrated risk assessment.
BRIDGE THE SKILLS GAP
through regular evaluation of critical messages with Rhebo experts for effective on-the-job training.
Our primary goal is to prevent disruptions and security risks in the power supply for the citizens of Monheim. With Rhebo's security concept, we feel well equipped to counter the growing threat of cyberattacks.
Initial situation and challenges
Monheim Elektrizitäts- und Gasversorgung GmbH (MEGA) is the municipal energy and multimedia service provider for the city of Monheim am Rhein. For over 100 years, the company, with around 130 employees, has contributed to making Monheim on the Rhine a livable and attractive city for families and businesses. This includes a modern energy infrastructure with its own substation, hundreds of intelligent local stations, and decentralized energy generation, such as the tenant electricity project in the Berliner Viertel district.
For MEGA, automation and cybersecurity in energy supply naturally go hand in hand. Since 2015, the company has operated a comprehensive Information Security Management System (ISMS) in accordance with ISO 27001, securing its critical infrastructure to the highest modern standards. The control system runs as an isolated solution with its own fiber optic network, sophisticated segmentation, and multi-factor authentication to ensure maximum control over access to sensitive industrial processes. On the recommendation of ISO 27001 auditors, an OT monitoring system was introduced in 2023 to enhance the security structure with an alarm system. This system not only detects unauthorized access attempts—such as those using stolen credentials—at an early stage but also continuously evaluates the effectiveness of the existing perimeter security.
Solution
Risk analysis and vulnerability assessment
Rhebo Industrial Security Assessment
- Analyze assets and communication structures
- Identify vulnerabilities and security gaps
- Define measures for system hardening
Intrusion detection system for the OT
Rhebo Industrial Protector
- continuously monitor process control system communication,
- identify and analyze cyberattacks, security vulnerabilities, malware, and faults in real time.
Managed operation of the security solution
Rhebo Managed Protection
- Conduct regular vulnerability assessments
- Regularly evaluate identified anomalies with Rhebo experts.
- Get emergency support
Implementation and results for MEGA Monheim
When searching for an OT monitoring solution, ISMS Coordinator Mirko Juranic relied on like-minded professionals. He spoke with various municipal utilities that also operate networks to learn about their challenges and experiences with OT monitoring solutions.
This helped refine MEGA’s requirements:
OT monitoring needed to be easy to integrate and independent of the network control technology manufacturer. In addition, due to the existing shortage of specialists, comprehensive support was required for implementation, operation and forensics. The goal was and still is not only to reduce the workload on personnel but also to facilitate targeted knowledge transfer in order to build internal, practice-oriented expertise in OT security.
Following an initial vulnerability assessment and risk analysis of the control system by Rhebo GmbH’s cybersecurity analysts, the network-based intrusion detection system Rhebo Industrial Protector was integrated into both the operational and redundant control and remote-control systems. This ensures continuous monitoring of communications from and between the hundreds of local stations, detecting anomalies and suspicious activities. Within the first few weeks, several vulnerabilities were identified and mitigated. These included outdated protocols and firmware versions as well as risky factory default settings on OT components. Additionally, the ISMS coordinator and his team now have real-time visibility into how heavily the control system is utilized at different times and where there are capacity bottlenecks.
When searching for a solution, I turned to those who truly know what they’re talking about: local utilities that were already working with Rhebo. The fast and clear results, along with the outstanding service, convinced me and help me immensely in my daily work to secure Monheim’s energy supply.
Results for MEGA Monheim
- EXISTING VULNERABILITIES ELIMINATED through asset inventory and visualization of connections and system properties in the OT.
- SECURITY TEAM TRAINED IN OT SECURITY through weekly analysis of anomaly reports with the Rhebo team.
- CURRENT SECURITY RISKS TARGETED AND MITIGATED by identifying insecure communication methods used by service providers and employees.
Text taken over from original and translated – Rhebo
