Substations and power plants offer a large target for cyber attacks on the European electricity grid. These facilities each contain dozens of critical protection and control devices, and the number of security vulnerabilities is rising sharply.

Reported Vulnerabilities OT Vendors

Figure 1: Number of reported vulnerabilities (OMICRON / GridOps)

At the same time, patching such systems is problematic as they have to be permanently in operation for reasons of security of supply and pre-testing of security updates is impractical due to the lack of an identical test environment. This puts the focus on effective vulnerability management for these systems in order to strengthen the cyber resilience of the power grid. 

In order to reduce the effort and complexity involved in identifying and eliminating vulnerabilities, the process should be largely automated. At the same time, it is important to maximize the precision of the assignment of the vulnerability to the existing assets. In addition to a complete asset inventory, this also requires sufficient quality and usability of the information from the advisories. OMICRON therefore proceeds as follows when creating the vulnerability database for StationGuard GridOps:

Process for creating the GridOps vulnerability database:

Gathering of Advisories

OMICRON uses automated web crawlers to collect the latest security advisories directly from the manufacturers' websites. These crawlers are programmed to regularly check for updates and recognize new entries. Once an advisory is captured, it is time-stamped and categorized in our database. However, not all manufacturers (all) publish their security advisories on their website. We therefore also expand our database manually from other sources.

Update of the GridOps 
vulnerability database

In the next step, our GridOps team updates the vulnerability database with the latest information from the advisories. To do this, we use CSAF, a standardized format that makes it possible to make security advisories machine-readable. However, many manufacturers still use proprietary PDF files that cannot be imported directly. These are automatically converted into CSAF format and manually checked by our security analysts in order to raise the quality of the information to the level required for automatic assignment to the devices.

Asset inventory and 
vulnerability matching

Precisely identifying which devices and versions are present in an energy supplier's network is one of the biggest challenges. Identical type designations do not mean that the same software versions or components are used in the devices. With StationGuard/GridOps, OMICRON has developed an automated solution that uses both passive and active techniques to collect device information. This also considers device meta-information, for example on device types, their modules, and their firmware versions, but also rules for assigning version numbers in the advisories, through to the brand history of device types. This makes it possible to automatically display only those vulnerabilities that apply to the respective device and its components.

Risk assessment

Risk assessment: Once a match between an advisory and a device has been found, our system assesses the potential risk based on the severity of the vulnerability. Together with the criticality of the affected device or the respective network segment, patch management can be carried out efficiently or further protective measures can be taken.

Managing vulnerabilities in the power grid, especially in protection and control devices, is a complex task. Automated vulnerability management solutions are required and available to ensure cyber resilience. 

More Information

Contact Us!

We’re looking forward to helping you.

  • Have a question?
  • Need more information?
  • Would you like to request a demo?
Send us a message

Resources

CVE-2024-37998
26. July 2024

Critical Vulnerability in Siemens OT Systems

What does this mean for OT security?

Read this story
Advisories and How to Use Them
12. July 2024

Advisories and How to Use Them

In this article, we will explore the diverse world of security advisories and how to use them effectively, and the wealth of experience of our experts in developing our OMICRON advisories.

Read this story
Marcel Ströhle, Podcast Episode, OMICRON
03. July 2024

Minimizing cybersecurity vulnerabilities at the hardware level

This episode investigates why, in addition to software, hardware devices must be secured against cyber threats. OMICRON hardware developer Marcel Ströhle is the guest.

Read this story
Firewalls under Attack, Holger Skaus
21. June 2024

Firewalls Under Attack - How to Protect Your IT/OT Systems

Firewalls are the first line of defense in protecting critical infrastructures in cyberspace. This makes them particularly attractive to attackers.

Read this story
StationGuard 2.40, OMICRON
22. May 2024

StationGuard 2.40 – New Usability Upgrades

The new version brings along many usability upgrades, incl. MMS server availability, improved router behavior, and more …

Read this story
EnergyTalks, Podcast Episode, Part 7
21. May 2024

Cracking the Code: How to Uncover Cyber Attacks on Your System

In this episode, we will learn how an OMICRON team of cybersecurity experts goes about analyzing incoming alarms and how even the smallest indicators can reveal hidden dangers that threaten the safety and operations of an entire system.

Read this story
Vulnerability Management, Andreas Klien
14. May 2024

Vulnerability Management in Practice

Creation of the StationGuard and GridOps vulnerability database

Read this story
NIST - 2024
24. April 2024

NIST Cybersecurity Framework 2.0 at a Glance

On February 26, 2024 the National Institute of Standards and Technology (NIST) published the second version of the Cybersecurity Framework (CSF 2.0).

Read this story
Cybersecurity Regulations
09. April 2024

State of the Art in Vulnerability Management

In the world of network and energy utility operators, cybersecurity is not just a priority but a legal obligation. With the German IT Security Act and the Energy Industry Act, these operators are required to adhere to the "state of the art" to manage cyber risks effectively.

Read this story
OMI­CRON Con­tributes to Nmap Plug-In
26. March 2024

OMI­CRON Con­tributes to Nmap Plug-In

We collaborated with the BSI and the Fraunhofer Institute to develop an nmap plug-in for OT networks, enhancing tools for power grid administrators with our IEC 61850 expertise.

Read this story
EnergyTalks, Podcast Episode, Ron Brash, Andreas Klien
13. February 2024

Chances & Risks of Operational Technology in the Energy and Aviation Sectors

In this episode, Andreas Klien, discusses the differences and similarities of using OT technology in the aviation and electrical power industry sectors with his guest, Ron Brash, a renowned vulnerability researcher in the aviation industry.

Read this story
Sarah Fluchs, Andreas Klien, Podcast Episode
11. January 2024

Building trust in digital products used in the power grid

In this episode, Andreas Klien, discusses the security engineering of digital products used in the power grid with his guest, Sarah Fluchs.

Read this story
OMICRON EnergyTalks - Podcast episode
10. January 2024

Experiences & Innovations in Developing Cybersecurity Products

In this episode, Anastasiya and Jaques share their experiences, challenges, and innovations in developing our cybersecurity products.

Read this story
StationGuard Receives Security Certificate from the BSI
17. December 2023

StationGuard Receives Security Certificate from the BSI

The German Federal Office for Information Security (BSI) has tested our StationGuard and awarded us the IT security certificate (BSZ) as a result.

Read this story
CVE-2023-45871 - Finding and Patching a Critical Vulnerability in Linux, Eric Heindl
04. December 2023

At­ten­tion CVE-2023-45871 - Our Story of Finding and Patching a Critical Vulnerability in Linux

You think your devices are immune to cyber threats just because there's no official security advisory? You might be wrong.

Read this story
EnergyTalks, Podcast Episode
06. November 2023

Solving Cybersecurity Problems in Electrical Power Networks

OMICRON cybersecurity analysts Christoph Rheinberger and Eric Heindl share their personal experiences for IT and OT security officers.

Read this story
OMICRON Podcast Episode with Thomas Wolf and Ozan Dayanc
04. October 2023

Why do OT networks need an IDS?

Discover the challenges faced by power providers and practical recommendations for enhancing OT network security.

Read this story
StationGuard Release 2.40
02. October 2023

StationGuard 2.30 – Improved Efficiency for Intrusion Detection

With StationGuard 2.30, you will be able to make your workflows even more efficient.

Read this story
Podcast Episode 2, OMICRON
07. September 2023

Digital Transformation in the Power Industry

In this podcast episode, learn how to successfully implement cybersecurity into critical power system infrastructures with OMICRON cybersecurity experts.

Read this story
Podcast, Andreas Klien, OMICRON
07. September 2023

Vulnerability Management in Substations

Learn how vulnerability management tools ensure a more effective cybersecurity in power grids.

Read this story
Podcast Episode 1, OMICRON
01. September 2023

Bridging the gap between IT and OT

OMICRON cybersecurity expert Benjamin Teudeloff talks about the increasing necessity for power providers to improve their cybersecurity practices.

Read this story
OMICRON Magazine: Security Assessment Findings
29. August 2023

Security Assessment Findings in Substations and Power Plants

Our cybersecurity expert, Ozan Dayanc, reveals insights from global substation security assessments.

Read this story
Video: STW-Kempen
29. August 2023

Cybersecurity from the Control Center to the Substation

Cybersecurity from the Control Center to the Substation

Read this story
StationGuard Feature: Search In ZeroLine
18. August 2023

Feature Preview: Device Search in ZeroLine

StationGuard has a a new search feature that makes it easy to find all equipment information in your network.

Read this story
StationGuard Feature: Automatic Device Classification
18. August 2023

Feature Preview: Automatic Device Classification

StationGuard 2.30 will include a new feature that makes it easier than ever to assess and secure your OT network.

Read this story