Network administrators rely on reconnaissance tools such as Nmap to analyze network structures and gather critical information. In addition to support for Profinet and HART-IP protocols, The German Federal Office for Information Security (BSI) recognizes the importance of IEC 61850 in power networks and has therefore commissioned the Fraunhofer Institute, IOSB, Karlsruhe to develop a specialized plug-in for Nmap. The plug-in greatly facilitates the extraction of relevant data, such as nameplate details and network specifics.

Headquarters of The German Federal Office for Information Security (BSI)
© Adobe Stock

OMICRON’s Contribution

During the development phase, we provided practical insights and addressed key challenges encountered during laboratory testing. With seven years of expertise in extracting nameplate data from protection, automation, and control devices in the power grid, we have gained extensive experience in navigating the variations that exist in the IEC 61850 standardization. Then, despite the standardized format outlined in IEC 61850, there are variations in how vendors interpret and store this data within their IED data models. Over time, we have built up a database of these exceptions and contributed to the enhancement of the scripts accordingly. In addition, we have provided detailed information how to handle complex cases like devices with nested logical devices, providing potential solutions for future implementation.

 

The BSI, in collaboration with the Fraunhofer Institute, proactively addressed the identified issues by incorporating the valuable insights and recommendations of our OT protocol and cybersecurity experts. This collaborative effort resulted in significant improvements to the plug-in, ensuring optimized functionality across all OT networks.* As a thank you, our colleagues Christoph Rheinberger, Burak Tahincioglu and André Komes are explicitly mentioned in the corresponding README file.

Help for Network Administrators

Available to all network administrators, Nmap remains a versatile and free network analysis tool. By taking advantage of the enhanced functionality of the new plug-in, administrators can drive improved network management and security for a deeper insight into their IEC 61850 networks.

For more details and access to the official GitHub page, visit github.com/DINA-community/ot-nmap-scripts.

*While OMICRON dedicated resources to reviewing the scripts' concepts, extensive testing was limited to the devices listed in the README.md. Consequently, exercise caution when deploying these scripts in live energy facilities. Variances in MMS implementations within the IEDs may result in different responses to queries from this script.

 

Resources

09. April 2024

State of the Art in Vulnerability Management

In the world of network and energy utility operators, cybersecurity is not just a priority but a legal obligation. With the German IT Security Act and the Energy Industry Act, these operators are required to adhere to the "state of the art" to manage cyber risks effectively.

Read this story
26. March 2024

OMI­CRON Con­tributes to Nmap Plug-In

We collaborated with the BSI and the Fraunhofer Institute to develop an nmap plug-in for OT networks, enhancing tools for power grid administrators with our IEC 61850 expertise.

Read this story
13. February 2024

Chances & Risks of Operational Technology in the Energy and Aviation Sectors

In this episode, Andreas Klien, discusses the differences and similarities of using OT technology in the aviation and electrical power industry sectors with his guest, Ron Brash, a renowned vulnerability researcher in the aviation industry.

Read this story
11. January 2024

Building trust in digital products used in the power grid

In this episode, Andreas Klien, discusses the security engineering of digital products used in the power grid with his guest, Sarah Fluchs.

Read this story
OMICRON EnergyTalks - Podcast episode
10. January 2024

Experiences & Innovations in Developing Cybersecurity Products

In this episode, Anastasiya and Jaques share their experiences, challenges, and innovations in developing our cybersecurity products.

Read this story
StationGuard Receives Security Certificate from the BSI
17. December 2023

StationGuard Receives Security Certificate from the BSI

The German Federal Office for Information Security (BSI) has tested our StationGuard and awarded us the IT security certificate (BSZ) as a result.

Read this story
06. November 2023

Solving Cybersecurity Problems in Electrical Power Networks

OMICRON cybersecurity analysts Christoph Rheinberger and Eric Heindl share their personal experiences for IT and OT security officers.

Read this story
OMICRON Podcast Episode with Thomas Wolf and Ozan Dayanc
04. October 2023

Why do OT networks need an IDS?

Discover the challenges faced by power providers and practical recommendations for enhancing OT network security.

Read this story
02. October 2023

StationGuard 2.30 – Improved Efficiency for Intrusion Detection

With StationGuard 2.30, you will be able to make your workflows even more efficient.

Read this story
Podcast Episode 2, OMICRON
07. September 2023

Digital Transformation in the Power Industry

In this podcast episode, learn how to successfully implement cybersecurity into critical power system infrastructures with OMICRON cybersecurity experts.

Read this story
Podcast, Andreas Klien, OMICRON
07. September 2023

Vulnerability Management in Substations

Learn how vulnerability management tools ensure a more effective cybersecurity in power grids.

Read this story
Podcast Episode 1, OMICRON
01. September 2023

Bridging the gap between IT and OT

OMICRON cybersecurity expert Benjamin Teudeloff talks about the increasing necessity for power providers to improve their cybersecurity practices.

Read this story
OMICRON Magazine: Security Assessment Findings
29. August 2023

Security Assessment Findings in Substations and Power Plants

Our cybersecurity expert, Ozan Dayanc, reveals insights from global substation security assessments.

Read this story
Video: STW-Kempen
29. August 2023

Cybersecurity from the Control Center to the Substation

Cybersecurity from the Control Center to the Substation

Read this story
StationGuard Feature: Search In ZeroLine
18. August 2023

Feature Preview: Device Search in ZeroLine

StationGuard has a a new search feature that makes it easy to find all equipment information in your network.

Read this story
StationGuard Feature: Automatic Device Classification
18. August 2023

Feature Preview: Automatic Device Classification

StationGuard 2.30 will include a new feature that makes it easier than ever to assess and secure your OT network.

Read this story