With the integration of Rhebo Industrial Protector on the RAD SecFlow-1v IoT gateways, utilities and other critical infrastructure system operators gain complete visibility and cybersecurity for the remote operation of their plants. Rhebo, a Landis+Gyr company, extends the stateful firewall on the gateway with powerful network monitoring and anomaly detection at the substation level. New types of attacks, malware activity and technical error states can be detected and corrected before malfunctions occur.360° Security Against Disruptions
Companies in the energy and gas sector often operate their facilities via remote control. Thus, communication with the Network Operation Center (NOC) and within the remote facilities must be specially secured. With more than 320,000 new malware variants and increasingly specialized attack methods every day, the detection of novel attack patterns is all the more important. Though, to ensure fast mitigation as well as prevention of spillover to other locations or the NOC requires detection already at the affected facility.
With RAD’s SecFlow-1v Industrial IoT Gateway companies create the basis for a secure and economical connection of remote-controlled energy systems. The gateway enables the secure connection of RTUs, smart meter aggregation devices and IoT base stations via wireless or fiber optic networks. RAD‘s pre-installed stateful firewall analyzes incoming communications for known attack signatures and blocks them if necessary.
With Rhebo Industrial Protector, the firewall function is extended by ICS monitoring with anomaly detection. The Rhebo sensor runs as an embedded function on the RAD device utilizing edge computing capabilities of the SecFlow-1v. Rhebo Industrial Protector continuously analyzes the communication in the industrial control system (ICS) on the level of the individual sites (e.g. substation, solar park, wind power plants, heat pumps, NOC). Any deviation within the communication from the expected pattern is identified, evaluated and reported in real-time. This allows operators to advance their intrusion detection system to identifying anomalies including:
• new devices and network users
• changed device communication behavior
• critical activities such as firmware updates and changes in PLC operation modes
• bypassing of security mechanisms through physical and virtual components
• reconnaissance activities such as network scans and lateral movement
• device-related vulnerabilities
• technical error states (e.g. cyclical telegrams, communication errors, misconfigurations)
A detailed network map and connection overview additionally create a complete real-time picture of the network. Operators can thus establish full visibility of their ICS as well as its current security status and risk exposure at any time. As the SecFlow is connected to sensors deployed in the field, the hosted Rhebo Industrial Protector within the SecFlow is able to detect field-level attacks that are not visible at higher levels.Network Condition Monitoring for Increased Availability
The embedded Rhebo Industrial Protector provides detailed information on malicious communication, cyberattacks as well as network quality and performance. All anomalies are reported in realtime. This ensures consistently high availability, security and effciency in critical infrastructures. The deployment of Rhebo Industrial Protector is done via the central RADview control interface. This provides a highly cost-efficient roll-out of in-depth cybersecurity and availability management to any amount of substations. By hosting both networking and non-networking functions on the same hardware, the SecFlow reduces the number of devices in the network. In addition to a built-in router and LTE modem, the SecFlow features such functionalities as a PLC, LoRaWAN gateway, a protocol converter, a video surveillance DVR, and more. It differs from other available IIoT hardware by:
• handling different functionalities that would otherwise require different appliances;
• support for any media connection that is available on site in the same device;
• protocol conversion – allowing field equipment to connect to the network even if it does not speak new IIoT languages.About Rhebo
Rhebo develops and markets innovative industrial monitoring solutions and services for energy suppliers, industrial companies and critical infrastructures. The company enables its customers to guarantee both cybersecurity and the availability of their OT and IoT infrastructures and thus master the complex challenges of securing industrial networks and smart infrastructures. Since 2021 Rhebo has been a 100% subsidiary of Landis+Gyr AG, a leading global provider of integrated energy management solutions for the energy industry with around 5,500 employees worldwide. Rhebo is a partner of the Alliance for Cyber Security of the Federal Office for Information Security and is actively involved in Teletrust – IT Security Association Germany and Bitkom Working Group on Security Management for the development of security standards.About RAD
As a global telecom access solutions vendor, RAD is committed to enabling service providers and critical infrastructure operators to evolve any service over any network. By keeping at the forefront of pioneering technologies and engaging in co-innovation with our customers, we strive to help service providers move up the value chain at a pace that is right for them, while offering their end-customers and network operators added value – be it in network edge virtualization and vCPE, industrial IoT, or 5G xHaul. With 40 years of innovation and a significant worldwide presence in over 150 countries, RAD has an installed base of more than 16 million network elements. RAD is a member of the $1.5 billion RAD Group of companies, a world leader in telecommunications solutions.
Contact Telescience to learn more