Remotely controlled energy resources: threat & intrusion detection at the edge for wind farm cybersecurity

IoT Use Case - Rhebo + BayWa r.e.
4 minutes Reading time
4 minutes Reading time

BayWa r.e. AG is one of the leading companies in the global market for the construction and operation of solar and wind turbines. The vast majority of maintenance, servicing and management work is now carried out remotely in purely digital form. Remote access, as well as the possibility of local intrusion, also increases cyber risks to energy parks and the connected energy grid. The focus of the cybersecurity strategy is therefore on protecting sensitive data, ensuring plant availability, protecting the fleet and ensuring the security of the energy supply. To implement such a strategy, Rhebo GmbH, a Landis+Gys company, came into play.

The challenge: Cybersecurity of remotely controlled energy resources

The particular challenge of the project was to ensure cybersecurity for remotely controlled energy resources and to locate defective equipment and error states. Another important task was the cost-effective expansion of the company’s own security architecture.

BayWa r.e. has its own security system in place to ensure secure data transmission and continuous performance monitoring. The Smart Energy Gateway MRX from INSYS icom is the central module for these functions. An extension for local security monitoring using Rhebo Industrial Protector was designed and was to be tested in a field trial. Rhebo Industrial Protector combines continuous OT monitoring with dedicated anomaly detection. The OT monitoring supervises the entire communication of the energy park. Integrated anomaly detection analyzes communications in real time for suspicious or deviant ones. This enables immediate detection of novel attacks, advanced persistent threats and technical error states that could cause disruptions to distributed energy resources.

The solution: Integration of network monitoring and anomaly detection

The risk exposure and existing security architecture was examined for vulnerabilities and hidden gaps in the first step through a detailed Rhebo Industrial Security Assessment. This also included the analysis of existing assets and communication structures of the pilot wind farm. On this basis, specific measures and the requirements for OT monitoring at the grid edge could be defined.

To ensure continuous cybersecurity, the monitoring sensor from Rhebo Industrial Protector was integrated on a Smart Energy Gateway MRX from INSYS icom. No additional hardware installation in the distributed infrastructure was required, as the installation of the industrial intrusion detection system was purely software-based. This involved integration with other security functions of BayWa r.e.’s SystemSafe architecture.

Rhebo Industrial Protector then enabled real-time identification of cyberattacks, vulnerabilities and error states using OT monitoring and anomaly detection. For this purpose, all communication that passes through the security gateway is analyzed. In order not to disturb the sensitive industrial processes in the energy park, the anomaly detection is completely passive and functions without feedback. The security team of the monitoring company receives real-time notifications of suspicious activities and can thus react quickly and in a targeted manner.

As a containerized threat & intrusion detection system for OT, Rhebo’s OT monitoring sensors can already be integrated on a variety of well-known OT components from a wide range of manufacturers, including WAGO, Welotec, Bosch Rexroth and Barracuda. Rhebo Industrial Protector can also be easily integrated as a data supplier into the IBM QRadar Security Information and Event Management (SIEM) system through the IBM App Store.

The result: Improvement of cybersecurity and optimization of network control systems

Several critical aspects were identified and resolved during the anomaly detection process, including:

  • an unprotected FTP server with outdated firmware
  • repeated unencrypted data transmission
  • private communication via a WhatsApp client
  • Communication errors and failed connection attempts.

This allowed existing risks to be minimized and network quality to be enhanced. Load optimization was carried out to ensure optimum performance of the network control system. This was achieved by reducing redundant communication from OT components to manufacturer servers. This enables more efficient data processing and improves the responsiveness of the system.

Rhebo’s OT monitoring is easily scalable across multiple energy parks as an integration solution on INSYS icom gateways. Neither additional hardware needs to be installed nor the network control and ICS needs to be adapted in terms of bandwidth and configuration.

By identifying insecure communication, BayWa r.e. was able to make targeted optimizations to its security settings. Vulnerabilities were fixed and all communication within the system was brought to a high level of security. This minimizes the risk of unauthorized access and data loss at the wind farm.

Last but not least, the reliability of network control and Industrial Control Systems has been significantly enhanced through the correction of technical error conditions.

In application

Get our IoT Use Case Update now

Get exclusive monthly insights into our use cases, activities and news from the network - Register now for free.