Case Study

Attacks on energy utilities

Energy utilities are an integral part

of critical infrastructure. Recently
they have recently become a unique
Improving Operational Efficiency and OT Security for the German target for adversaries seeking to
Power Grid disrupt their operations and the daily
lives of those who depend on them.
IT and OT networks continue to grow
and converge, increasing the attack
Building a new substation surface for new threats within the
utility and industrial control system
As part of its digitalization roadmap,
(ICS) environment.
Stadtwerke Kempen has commis-
sioned a new substation to develop a OMICRON helps secure critical
flexible, reliable, and resilient energy infrastructure with innovative
network using all available digital devices and resilient processes.
tools and technologies. The path
to future-proofing the power grid
proved to be challenging. Technical,
The newly built substation project management, engineering,
and cybersecurity challenges had to
be considered and overcome during the planning and production process.

Technical challenges throughout the lifecycle of a new substation

The typical substation project lifecycle consists of three critical phases:
> Engineering Design
> Testing and Commissioning
> Operation and Maintenance
For Stadtwerke Kempen’s new substation, all three phases required new
tools and processes to ensure a seamless transition from traditional to
digital practices – one of the most important being the transition from
hard-wired communication to an Ethernet-based network, and how to
secure this communication.

Learn more about our innovative products. Visit omicronenergy.com or contact us at [email protected] 1
 Case Study

Cybersecurity
To mitigate cybersecurity risks, Stadtwerke Kempen has implemented many
of the controls recommended by three major risk mitigation and manage-
ment frameworks:
> NIST
> IEC 62443
> German IT-Security Law 2.0 (“IT-Sicherheitsgesetz 2.0” in German)

Using these frameworks as a guide,

Stadtwerke Kempen’s cybersecurity
program improved significantly. The
program adopted and recognized
several key processes and technol-
ogies that efficiently defend and
respond to various cyber-attack
vectors.
At Stadtwerke Kempen, OMICRON’s
StationGuard in action team of digital substation and
cybersecurity specialists guided the
team through the project and helped them achieve their SAS audit and
Digital substation specialist on-site
cybersecurity goal.
OMICRON
Protecting OT and IT for energy utilities
A proactive, risk-based approach to cybersecurity Our OT cybersecurity experts have a
wealth of experience in OT security and
SAS applications gained from working
with OT security systems.
The challenge
More generally, our Application Services
Lack of visibility into OT-specific threats and how to respond to them in
team works with utilities and service
modern and traditional substations
providers around the world to share
knowledge and best practices related
The most common challenges faced by Stadtwerke Kempen are ones that to digital substations and innovative
our team continuous to see at utilities across the industry. These challenges grid automation projects. We also
stem from a lack of visibility into OT assets and threats that specifically actively participate in the development
target the OT network, and a lack of knowledge about how to address of international standards to ensure
them in modern and legacy substations. mulit-vendor interoperability. To foster
industry dialogue, we actively encourage
utilities from around the world to share
best practices and help facilitate the
exchange of best practices.

Learn more about our innovative products. Visit omicronenergy.com or contact us at [email protected] 2
 Case Study

Our solution
Gain insight with StationGuard’s innovative approach to asset management
and threat detection

Stadtwerke Kempen selected OMICRON’s

StationGuard solution for its unique approach
to detecting cyber assets communicating in IEC
60870-5-104 and IEC 61850 control centers,
substations, and power plants using engineering
file import and the SCL. StationGuard is a pur-
pose-built IDS for utility automation and SCADA
systems that closely monitors all communications
and detects cyber threats and communication
StationGuard desktop application
errors. With this new approach, StationGuard
reliably identifies anomalies in these networks
with very few false positives.
Since most of the network traffic in a modern substation is based on
IEC 60870-5-104 and IEC 61850, we first used the detailed allow-listing
approach. The function of each device was determined based on the SCL
file or the engineering documentation. Unlike baseline or learning-based
IDS, StationGuard supports the different phases of a substation's lifecycle Stadtwerke Kempen headquarters
with high selectivity in alerts.
Stadtwerke Kempen GmbH profile
With built-in support for commissioning and maintenance activities, the
When building a new 10 kV medi-
Stadtwerke Kempen team was able to control:
um-voltage substation, the energy
a) What the devices are communicating and when. supplier Stadtwerke Kempen GmbH
b) Which assets, protocols, and services are used. (Germany) not only wanted to meet the
highest possible safety standards, but
One of OMICRON’s recommended
also to be prepared for future operating
hardware setups for StationGuard
conditions. To meet this requirement,
is the 19" RBX1 IDS sensor platform.
the company opted for modern digital
It offers several benefits: The RBX1
substation communication according to
provides real-time visibility into OT
the IEC 61850 standard.
networks for continuous cybersecuri-
ty monitoring and reliability in harsh
power grid environments. Combined
with our software, it provides
RBX1 hardware powerful intrusion detection and
visualization capabilities. The system
can operate autonomously without being connected to a central server.
StationGuard combines cybersecurity monitoring with functional monitor-
ing of the Substation Automation System (SAS) itself. With this intrusion
detection system, the team at Stadtwerke Kempen was able to correctly
identify cyber threats, prohibited activities, and various malfunctions in the
SAS and were able to respond to them in the most effective manner.
The RBX1 platform's binary output contacts were used to signal alerts and
the software’s different statuses.

Learn more about our innovative products. Visit omicronenergy.com or contact us at [email protected] 3
 Case Study

Customer goals achieved

The Stadtwerke Kempen team conducted validation tests that certified that
StationGuard met their cybersecurity control requirements in conventional
and modern substations.
They also gained a compliance advantage by implementing the digital
station bus in compliance with regulations, such as the German IT-Security
Act 2, which requires intrusion detection systems to be installed by May
2023.

Security risk assessment

With our IDS in place, we also commissioned a full OT cybersecurity risk

assessment. This allowed us to provide the Stadtwerke Kempen team with
insight into the cybersecurity and functional aspects of the automation
system. The assessment was designed to identify security risks, such as
attack surfaces, vulnerabilities, and functional issues in networks or automa-
tion devices.
At the end of the security assessment process, we provided Stadtwerke “Our partnership with OMICRON has
Kempen with the following information: changed the way we view and manage
our network. OMICRON’s StationGuard
> Network diagram showing the location of IDS sensors.
solution has dramatically improved our
> Graphical visualization of OT networks and their zones. security posture and shed light on our
> Asset inventory of all devices communicating on the network. operating environment, third-party
> Protocols and services active on the network. systems, and more.”

> Overview of cyber risks.

> List of external connections. Reinhard Bretzke
> List of unnecessary services installed. Head of Power Supply
Stadtwerke Kempen GmbH
> Overview of functional problems.

The in-depth security assessment, vulnerability detection, and operational

visibility led to the full implementation of the newly developed substation
at Stadtwerke Kempen.

Learn more about our innovative products. Visit omicronenergy.com or contact us at [email protected] 4
 Case Study

The road ahead:

A leading-edge approach to vulnerability management for greater
visibility into power grids

While the team at Stadtwerke Kempen had a good understanding of

the types and quantities of devices in their infrastructure, they were still
concerned about remaining cyber risks. Stadtwerke Kempen wanted to
continuously monitor its OT network for vulnerabilities that could disrupt
power operations and quickly remediate any issues that were discovered.
However, reconciling vulnerabilities reported for protection and automation
devices with those installed in the field using existing vulnerability manage-
ment tools was a difficult task.
The team at Stadtwerke Kempen was very excited to learn that GridOps,
“The team behind StationGuard is made
StationGuard's central management system, was in development.
up of cybersecurity experts working
GridOps is developed in response to the requests from many StationGuard side by side with protection and control
customers over time. The GridOps platform will be released in 2023 and experts. This combination of know-how
unfortunately wasn't available during the time we were working on the from both worlds is what makes
Stadtwerke Kempen substation. StationGuard successful.”
The first release of GridOps consists of four main modules:
> Asset Inventory Management Andreas Klien
Product Manager
> Vulnerability Management
OMICRON
> Event and Alerts Management
> Reporting

Using Stadtwerke Kempen as an example, GridOps can overcome the

challenges that arise in the substation. GridOps’ vulnerability management
addresses all of the above needs and concerns.

Control Center SOC

Data Center
Purdue Level

Grid Level

StationGuard Sensor GridOps

3

RBX1

RTU HMI Engineering PC GridOps RTU HMI Engineering PC GridOps

Station Level
Purdue Level
2

StationGuard Sensor StationGuard Sensor

RBX1 RBX1
Purdue Level

Bay Level
1

IED IED IED PLC PLC PLC

Substation Power Plant

StationGuard deplyoment architecture

Learn more about our innovative products. Visit omicronenergy.com or contact us at [email protected] 5
 Case Study

The challenge:
Identifying vulnerabilities in OT devices to increase cybersecurity resilience
and maturity

Security management and mainte-

nance is complex. It can sometimes
be difficult to determine whether
vulnerabilities pose a real risk to the
system. In addition, patches and
upgrades for OT devices are limited
and many security advisories are
inaccurate.
There is also an undeniable shortage
GridOps dashboards of experienced OT cybersecurity “The StationGuard solution has helped
professionals. It is also likely that us establish our cybersecurity baseline
IT security does not have the resources or the experience to adequately for OT networks and has given us the
augment OT security. confidence to develop a security maturity
level that demonstrates compliance with
the German IT-Security Act 2.0.”
Our solution:
GridOps addresses multiple OT security needs with a single platform for
unprecedented transparency and efficiency Michael Schottner
Control Center Technician
Stadtwerke Kempen GmbH
The GridOps deployment at Stadtwerke Kempen will enable the team to
achieve the following goals:
> With GridOps, Stadtwerke Kempen’s IT and OT teams can collaborate to
quickly identify and respond to threats in a timely manner.
> Efficient asset identification processes reduce staff workload, which
translates into lower financial costs.
> Thorough asset identification facilitates compliance by allowing
Stadtwerke Kempen’s team to classify and track critical information.
> By prioritizing assets and budgets and developing action plans to
mitigate unexpected incidents, the Stadtwerke Kempen team can plan
efficient and effective incident response strategies.
> By correctly identifying OT assets and their vulnerabilities, the Stadtwerke
Kempen team can allocate resources to ensure that critical data,
processes, and systems are optimally protected and resilient.

Learn more about our innovative products. Visit omicronenergy.com or contact us at [email protected] 6
 Case Study

New confidence to accelerate the adoption of new technologies

This case study examines how the StationGuard OT cybersecurity solution

enables utilities to comprehensively identify OT assets and vulnerabilities,
detect threats, address poor visibility of OT assets and environments, and
provide purpose-built OT security solutions to gain a deeper understand-
ing of cyber threats.

Summary of achieved objectives:

> Addressing multiple needs of OT security with a comprehensive solution.
> Implementing a proven solution that “significantly improves the security
profile.”
> Improved operational efficiency by reducing time spent on OT
management and cybersecurity.
> Improved cybersecurity to help Stadtwerke Kempen extend the useful
life of its control systems.
> Maintaining 24/7 visibility and cybersecurity monitoring of operational
networks.
> Instantly identify, investigate, and respond to cybersecurity risks and
incidents.
> Accurate mapping of the OT network and robust inventory of connected
assets.
> A complete security risk assessment that leads to vulnerability discovery
and operational visibility.

As a result, the team at Stadtwerke Kempen received an overview of all the

threats specific to the electrical industry and recommendations on how best
to identify and respond to them.

Learn more about our innovative products. Visit omicronenergy.com or contact us at [email protected] 7