GUARANTEE 100% AVAILABILITY
with a multi-layered cybersecurity architecture (defense-in-depth) for building automation with air gap, perimeter security, and monitoring.
DETECT SECURITY INCIDENTS AT AN EARLY STAGE
with continuous communication monitoring in the control system with passive anomaly detection and integrated risk assessment.
BRIDGE THE SKILLS GAP
with regular detailed analysis and evaluation of critical anomaly alerts by Rhebo experts for effective learning on the job.
Although the building automation isn't connected to the internet, Rhebo has helped us proactively find security vulnerabilities and anomalies in the control system. Rhebo Industrial Protector and regular support enable us to make these visible and eliminate them at an early stage.
Michael Freitag, Group Manager Datacenter, envia TEL
Initial situation and challenges
As a wholly owned subsidiary of the enviaM Group, envia TEL is active in fiber rollout and data center operation and employs around 250 people. Since 2022, the company has been hosting the German internet exchange DE-CIX Leipzig at its data center campus in Leipzig, which connects the metropolitan region of Central Germany to the World Wide Web more closely than ever before. However, private customers and commercial enterprises can also use the data centers, which currently provide 3,000 m² of space (set to increase to 5,000 m² from 2025), to securely manage their data and host services.
The data centers fall under the German Critical Infrastructure regulations and are subject to special security requirements for the early detection of cyberattacks and to avoid disruptions to critical infrastructure. This also includes the cybersecurity of the building automation systems. The building control system not only supplies the tens of thousands of servers with power and cooling, but also secures access to the data centers and ensures fire protection. As part of the necessary certifications according to ISO 27001, DIN EN 50600, and in accordance with the TÜViT criteria catalog, Rhebo’s OT monitoring with anomaly detection was deployed in October 2022.
Solution
Risk analysis and vulnerability assessment
Rhebo Industrial Security Assessment
- Analyze assets and communication structures
- Identify vulnerabilities and security gaps
- Define measures for system hardening
Intrusion detection system for the OT
Rhebo Industrial Protector
- Continuously monitor building control system communication
- Identify and analyze cyberattacks, security gaps, malware, and error conditions in real time
Managed operation of the security solution
Rhebo Managed Protection
- Conduct regular vulnerability assessments
- Regularly evaluate reported anomalies with Rhebo experts
- Get emergency support
Implementation and results for envia TEL
In October 2022, Rhebo carried out its first Rhebo Industrial Security Assessment of data centers 1 and 2 of envia TEL. This created full visibility across all systems and connections in the control system that are crucial for a sustainable asset management and security concept. It also brought unfavorable configurations and security risks to light which then could be directly addressed. These included the cyber hygiene of service companies as well as legacy systems and problems with systems that send data to the outside world. The Intrusion Detection System Rhebo Industrial Protector installed in the control system went into continuous operation after initial baselining. It has since monitored communication within the building management control system 24/7. In the first year, OT monitoring enabled the security team to eliminate unencrypted communications, localize unreachable services, and identify outdated operating systems, firmware, and protocols that pose a security risk. For more complex issues, envia TEL can rely on Rhebo’s expertise by discussing critical or unclear anomalies in detail in regular meetings. This allows the security team to bridge the prevailing skills gap and continually expand its knowledge on OT security.
It’s fascinating to see what security risks can be found in the control system, even though it’s a closed network. With Rhebo’s Intrusion Detection System, we can identify these problems at an early stage and address them directly.
Michael Freitag, Group Manager Datacenter, envia TEL
Results for envia TEL
- STRENGTHENED ASSET MANAGEMENT with visualization of all systems, devices, as well as their connections and communication quality.
- REAL-TIME ERROR AND INTRUSION DETECTION with continuous monitoring of the entire control system communication and of suspicious events.
- KNOWLEDGE BUILDING IN THE COMPANY and bridging of the skills gap through regular incident analysis with Rhebo experts.
Text taken over from original – Rhebo