Big Brother is watching you. Even more so if it’s actually a member of your own family and not an unknown intruder. The public utilities in Bad Pyrmont therefore tend to rely on a “big sister,” namely IRMA.
F rank Jakob and Thorsten Hamann can only be ap- proached if the gentlemen want to be: their empire is separated from the rest of the Bad Pyrmont public util- ities by a security door. For good reason, because the two of them work in the public utility company’s Control Engineer- ing department. This is where information on the supply lines for electricity, water, wastewater, and gas all comes together, is checked and repair or service work is initiated if necessary. It’s not exactly an area where visitors should be able to come and go as they please. “That’s precisely a part of the first stage of our security concept.”
Health resort with tradition
“In this control room, we monitor the supply for around 18,000 residents of our metropolitan area,” says Frank Jakob, Head of the Control Engineering department. “In addition to the elec- tricity, water, and gas networks, we also monitor the supply of district heating to key accounts. Bad Pyrmont is a spa town rich in tradition with numerous public facilities and a wealth of history, including the local state spa with the Steigenberger Hotel, the concert hall, and the pump room.”
“The sensor technology with which we monitor the sup- ply is almost completely connected by copper cable,” explains Thorsten Hamann. “Of course, we too are relying more and more on the digitalization of our systems in order to act faster and more reliably. Not only do we install them, but we also assemble our own control cabinets and program our own con- trol systems, which provide remote maintenance on site.” The technician is not only well-versed in the numerous special cases that arise from the mix of topics involving gas, water, and electricity.
Hamann is also responsible for monitoring surveillance, particularly for IRMA. “As an energy provider, we are subject to the requirements for what is often called critical infrastructure. The lawmakers require us to take particularly strict measures to protect and secure the systems.”
These measures are continuously monitored by experts who analyze the facilities and their structures in detail during regular visits to the Bad Pyrmont public utilities. These visits are called audits. If a supplier passes this audit, it receives the required certification to continue operating, regu- lated by DIN 27001. “During the last audit, it was determined that our central firewall no longer met the cybersecurity requirements,” Frank Jakob tells us.
Monitoring in the background
“So it was urgently time to dive deep into the issue. And in such a way that we will be able to carry out our own administrative work here in the future. And that’s when we became aware of IRMA.” So what does this abbreviation mean? Hauke Kästing, one of Phoenix Contact’s security experts, explains: “IRMA stands for Industrial Risk Management Automation, and is based on a case-hardened Linux application installed on an industrial PC from Phoenix Contact. The system works in the background and independently monitors all participants and communication connections.”
It is not the content of the communication that is monitored, but the data traffic. Data is constantly buzzing back and forth in the Pyrmont public utility network; control systems transmit measured values, smart meters report power consumption, sensors send water levels. This data communication is first recorded and “learned” by IRMA. “This is the real work for us,” says Thorsten Hamann. “We have to ‘teach’ IRMA the individual communication partners and virtually register them. Once IRMA is smart enough, the system knows which activities are normal. And most importantly, she’ll know if there are any anomalies. For example, when a controller starts to communicate not just with the control room but also with other controllers in the network. Or a network participant establishes a connection to the Internet that isn’t one of their tasks. “Then IRMA will sound the alarm and alert us to any malfunctions. But IRMA always stays in the background. She’s a purely a monitoring system, and therefore has no impact on our active systems.”
We get to know our network
For Frank Jakob and his colleagues, this is one of the main advantages of the system. But there is also a very pleasant side effect, as Thorsten Hamann describes: “With IRMA, we’ve gotten to know our own network in a completely new way. Only IRMA has shown us who actually communicates with whom. And from this knowledge, IRMA conjures up a constantly updated network plan for us, which is important for the upcoming round of certification. At the push of a button.”