Smart meters promote the digitalization of the energy grid and the energy transition, but at the same time they are potential vulnerabilities for cyber attacks. The IT Security Act therefore requires real-time attack detection, automatic assessment of attacks and reporting of anomalies.
The challenge: Smart electricity meters are a potential weak point for cyberattacks
Smart meters are an integral part of the digitalization of the energy grid and the shift to renewable energies. There are around 53 million electricity meters in Germany that will be replaced with smart metering devices over the next few years. With them, electricity consumption and feed-in are better managed and more accurately accounted for.
However, smart meters create millions of potential entry points for cybercriminals. They can attack local and national power grids as well as the European interconnected grid using the electricity meters. Smart meter infrastructure is difficult to monitor and protect. Thus, many devices in private homes and public buildings are easily accessible. They are also closely networked with each other and with higher-level systems and data concentrators via the Industrial IoT.
Since the utilities’ IT infrastructures are protected according to the latest standards, the attackers will target the weakest link: The industrial infrastructure with its millions of AMI (Advanced Metering Infrastructure) IoT components. This creates the risk of cyberattacks spreading to other systems. Example: An attacker could use a vulnerability in a smart meter to penetrate the head-end system of an energy supplier and manipulate measured values as well as intervene in the control of the smart meter.
The solution: Automated attack detection in OT plus Managed Security Services
KRITIS companies such as utilities are required by law to protect their Operational Technology (OT) devices with attack detection systems. The goal here should also always be to detect even previously unknown cyberattacks at an early stage. As a result, the company can take measures to prevent or at least minimize damage. However, the attack detection systems commonly used to date are focused on IT infrastructures. For OT systems, on the other hand, there are only inadequate technical options for securing them directly on the devices and components.
Rhebo GmbH from Leipzig is a security provider specializing in security for OT and Industrial IoT. With Rhebo OT Security, the company can provide not only a comprehensive solution for security monitoring with anomaly detection in operational technology (e.g. control technology, network control technology, telecontrol technology). The new “Rhebo AMI Security” solution extends the cybersecurity of energy companies to the edge of the infrastructure by including smart meters.
The core of Rhebo AMI Security consists of real-time intrusion detection, as well as automatic assessment and reporting of the detected anomaly within the AMI. In combination with Rhebo OT Security, Rhebo AMI Security enables the implementation of the about 60 requirements of the BSI (German Federal Office for Information Security) for the use of systems for attack detection in operational technology.
It is critical that the safety system provide real-time visibility of the current status of the entire OT and AMI and enable rapid threat mitigation through powerful anomaly detection. The communication between smart meters, data concentrators and the head-end system (HES) is monitored. Monitoring with anomaly detection is integrated into the HES without requiring adjustments to the Advanced Metering Infrastructure. The system reports anomalies in real time and allows early countermeasures.
Rhebo also offers a comprehensive managed service that combines attack detection with security services. This counteracts the existing shortage of specialists in the field of OT security within many companies. In this case Rhebo takes over the support and operation of the security monitoring. The service also includes regular risk analysis and security analysis, as well as rapid forensic analysis when AMI anomalies are detected.
The result: Visibility across AMI devices and cost-effective attack detection
Rhebo’s AMI security system offers cost-effective integration with Operational Technology, Advanced Metering Infrastructure and Industrial IoT (IIoT). This provides utilities with a detailed understanding of AMI devices, network and communications structure, and existing security risks.
Cyber attacks are quickly detected and can be quickly responded to. In addition, Managed Detection & Response conserves utility resources and provides cost-effective cybersecurity operations. Overall, the utilities receive an attack detection system for OT in accordance with the new IT Security Act (ITSiG 2.0) and known security standards.
