IRMA keeps watch

Big Bro­ther is watching you. Even more so if it’s actual­ly a mem­ber of your own fami­ly and not an unknown intru­der. The public uti­li­ties in Bad Pyr­mont the­re­fo­re tend to rely on a “big sis­ter,” name­ly IRMA.

Thors­ten Hamann and Frank Jakob (v.l.)

F rank Jakob and Thors­ten Hamann can only be ap- proa­ched if the gen­tle­men want to be: their empi­re is sepa­ra­ted from the rest of the Bad Pyr­mont public util- ities by a secu­ri­ty door. For good rea­son, becau­se the two of them work in the public uti­li­ty company’s Con­trol Engi­neer- ing depart­ment. This is whe­re infor­ma­ti­on on the sup­ply lines for elec­tri­ci­ty, water, was­te­wa­ter, and gas all comes tog­e­ther, is che­cked and repair or ser­vice work is initia­ted if necessa­ry. It’s not exac­t­ly an area whe­re visi­tors should be able to come and go as they plea­se. “That’s pre­cise­ly a part of the first sta­ge of our secu­ri­ty con­cept.”

Health resort with tra­di­ti­on

In this con­trol room, we moni­tor the sup­ply for around 18,000 resi­dents of our metro­po­li­tan area,” says Frank Jakob, Head of the Con­trol Engi­nee­ring depart­ment. “In addi­ti­on to the elec- tri­ci­ty, water, and gas net­works, we also moni­tor the sup­ply of district hea­ting to key accounts. Bad Pyr­mont is a spa town rich in tra­di­ti­on with nume­rous public faci­li­ties and a wealth of histo­ry, inclu­ding the local sta­te spa with the Stei­gen­ber­ger Hotel, the con­cert hall, and the pump room.”

In the con­trol sys­tem of the Bad Pyr­mont public uti­li­ty

The sen­sor tech­no­lo­gy with which we moni­tor the sup- ply is almost com­ple­te­ly con­nec­ted by cop­per cable,” exp­lains Thors­ten Hamann. “Of cour­se, we too are rely­ing more and more on the digi­ta­li­za­ti­on of our sys­tems in order to act fas­ter and more reli­ab­ly. Not only do we install them, but we also assem­ble our own con­trol cabi­nets and pro­gram our own con- trol sys­tems, which pro­vi­de remo­te main­ten­an­ce on site.” The tech­ni­ci­an is not only well-ver­sed in the nume­rous spe­cial cases that ari­se from the mix of topics invol­ving gas, water, and elec­tri­ci­ty.

Instal­la­ti­on and com­mis­sio­ning are car­ri­ed out under our own direc­tion

Hamann is also respon­si­ble for moni­to­ring sur­veil­lan­ce, par­ti­cu­lar­ly for IRMA. “As an ener­gy pro­vi­der, we are sub­ject to the requi­re­ments for what is often cal­led cri­ti­cal infra­st­ruc­tu­re. The law­ma­kers requi­re us to take par­ti­cu­lar­ly strict mea­su­res to pro­tect and secu­re the sys­tems.”

This is whe­re IRMA hides, in its own 17″ rack

The­se mea­su­res are con­ti­nuous­ly moni­to­red by experts who ana­ly­ze the faci­li­ties and their struc­tures in detail during regu­lar visits to the Bad Pyr­mont public uti­li­ties. The­se visits are cal­led audits. If a sup­plier pas­ses this audit, it recei­ves the requi­red cer­ti­fi­ca­ti­on to con­ti­nue ope­ra­ting, regu- lated by DIN 27001. “During the last audit, it was deter­mi­ned that our cen­tral fire­wall no lon­ger met the cyber­se­cu­ri­ty requi­re­ments,” Frank Jakob tells us.

Moni­to­ring in the back­ground

So it was urgent­ly time to dive deep into the issue. And in such a way that we will be able to car­ry out our own admi­nis­tra­ti­ve work here in the future. And that’s when we beca­me awa­re of IRMA.” So what does this abbre­via­ti­on mean? Hau­ke Käs­ting, one of Phoe­nix Contact’s secu­ri­ty experts, exp­lains: “IRMA stands for Indus­tri­al Risk Manage­ment Auto­ma­ti­on, and is based on a case-har­den­ed Linux app­li­ca­ti­on instal­led on an indus­tri­al PC from Phoe­nix Con­tact. The sys­tem works in the back­ground and inde­pendent­ly moni­tors all par­ti­ci­pants and com­mu­ni­ca­ti­on con­nec­tions.”

It is not the con­tent of the com­mu­ni­ca­ti­on that is moni­to­red, but the data traf­fic. Data is con­stant­ly buz­zing back and forth in the Pyr­mont public uti­li­ty net­work; con­trol sys­tems trans­mit mea­su­red values, smart meters report power con­sump­ti­on, sen­sors send water levels. This data com­mu­ni­ca­ti­on is first recor­ded and “lear­ned” by IRMA. “This is the real work for us,” says Thors­ten Hamann. “We have to ‘teach’ IRMA the indi­vi­du­al com­mu­ni­ca­ti­on part­ners and vir­tual­ly regis­ter them. Once IRMA is smart enough, the sys­tem knows which activi­ties are nor­mal. And most import­ant­ly, she’ll know if the­re are any ano­ma­li­es. For examp­le, when a con­trol­ler starts to com­mu­ni­ca­te not just with the con­trol room but also with other con­trol­lers in the net­work. Or a net­work par­ti­ci­pant estab­lishes a con­nec­tion to the Inter­net that isn’t one of their tasks. “Then IRMA will sound the alarm and alert us to any mal­func­tions. But IRMA always stays in the back­ground. She’s a pure­ly a moni­to­ring sys­tem, and the­re­fo­re has no impact on our active sys­tems.”

We get to know our net­work

For Frank Jakob and his col­leagues, this is one of the main advan­ta­ges of the sys­tem. But the­re is also a very plea­sant side effect, as Thors­ten Hamann descri­bes: “With IRMA, we’ve got­ten to know our own net­work in a com­ple­te­ly new way. Only IRMA has shown us who actual­ly com­mu­ni­ca­tes with whom. And from this know­ledge, IRMA con­ju­res up a con­stant­ly updated net­work plan for us, which is important for the upco­m­ing round of cer­ti­fi­ca­ti­on. At the push of a but­ton.”

This post is also avail­ab­le in: Deutsch

Back to top button