Implementing integrated security

Supply networks for critical infrastructure face new challenges due to digitalisation. The German Federal Network Agency’s IT security catalogue helps companies in the energy sector to better protect themselves against vulnerabilities. TÜV SÜD is developing concepts for this purpose that also take operational security into ac-count. One of the first customers is the transmission system opera-tor ONTRAS.

Classic operational technology (OT) and information technology (IT) are increasingly interconnected in the energy industry. To en-sure security of supply, cybersecurity is also gaining in importance. The focus is on operators of critical infrastructure (CRITIS). The Energy Industry Act (EnWG), for example, requires adequate protection of telecommunications and electronic data processing systems that are necessary for secure grid operation. The example of ‘Log4Shell’ shows how real such dangers are: the vulnerability that became known a few months ago was easy to exploit and affected numerous common applications in data centres, servers, and networked systems – including natural gas and coal-fired power plants.

Legislation obliges companies in the energy sector to install a management system for information security and keep it up to date. This is intended to limit the impact of such vulnerabilities. These information security management systems (ISMS) include all applications necessary for secure operation and are specified by further standards – for example DIN ISO/IEC 27001, extended by DIN ISO/IEC 27019. TÜV SÜD supports utilities and operators of critical infrastructures in further developing an ISMS geared to their needs.

Integrated security concept for gas suppliers

ONTRAS Gastransport GmbH is a long-standing customer of TÜV SÜD. Together with the experts, it has developed such an extended safety concept. The Leipzig-based company operates an approximately 7700 km long transmission network in eastern Germany. The digitised control and monitoring of this network with close to 450 coupling points connects its information technology (IT) with the plant level – the operational technology (OT). To protect against unauthorised access (cybersecurity) and to ensure the safety of people and the environment (safety), an adequate safe-ty concept is necessary.

Since the share of digital control and monitoring of supply infra-structures is increasing, it is becoming more important to think about these two security aspects in combination. In the course of their cooperation, TÜV SÜD and ONTRAS GmbH have developed and tested an approach that brings together plant safety and cybersecurity and optimally covers the utility network operator’s needs.

First field of application: gas pressure gauge and regulator system

First, the experts wanted to assess the initial situation: What was the safety status of the plant when the project started? To do this, the TÜV SÜD experts…

To access the full version of this article and get a free trial subscription to World Pipelines, sign up here!

Read the article online at: https://www.worldpipelines.com/special-reports/05122023/implementing-integrated-security/