References
Sector: Energy Production and Distribution
Maintain and Continuously Improve IT Security
Development of a cyber security solutionin the automation sector
Support of the certification process according to the IT requirements catalog
Use of remote maintenance solutions
Challenge
Our customer is one of the largest natural gas suppliers in Germany. It also designs and operates highly complex storage systems for this purpose. Security at the highest level onoff was entrusted with the challenging task of establishing a detailed cyber Security solution for the automation network in this sector. In addition, onoff supported the energy company with certi-fication according to IT security criteria. As a result, even as a precautionary measure, the strict guidelines of the BSI KRITIS Regulation – a law of the German „Bundesamt für Sicherheit in der Informationstechnik“ (BSI) for critical infrastructures (KRITIS) – were met in full.
Companionship from the first minute
From the very beginning, onoff was firmly bound in all considerations as the sole supplier of all automation components.
The first step was to set up an IT security management system in preparation for ISO/IEC 27001 and IEC 62443 certification. onoff was able to effectively support the customer in workshops and consultations thanks to its many years of experience in the automation technology sector.
As a result, onoff developed concepts for the implementation of an optimal cyber security solution in the automation sector. To meet the strict requirements for certification, onoff set up secure remote access to the automation network for all service providers. In order to also eliminate known security gaps, the automation components (PCS 7) were brought up to date. For this purpose, continuous vulnerability monitoring was established in cooperation with Siemens as a service level agreement, and the measures derived from this were identified and implemented. In doing so, onoff also supports the customer beyond the actual process of certification.
The consulting services provided by onoff as part of the IT security management system spanned about a year. Including planning and adaptation of the network structure on the customer side, the implementation of the remote access solution took around six months.
The entire certification process was continuously supported by onoff.
„onoff knows our processes inside out. This understanding took our IT security a giant step forward.“
Delivery of the entire process control system (PCS 7)
Update of existing automation components
Creation of secure remote access Service Level
Agreement for IVM (Industrial Vulnerability Management)
InfoCarrier® EMS (Environmental Monitoring System)
Process Information Management System for Cyber security (PIMS)
Security at the highest level
The solutions developed by onoff provide the energy supplier with double security: both in terms of external access and by eliminating existing vulnerabilities through comprehensive updates of the automation components.
In this way, all the prerequisites for certification according to the IT security catalog of the German Federal Network Agency („Bundesnetzagentur“) were met.