Hackers demonstrated in America in May how risky it is when infrastructure is connected to the Internet.
After a cyber attack, the country's largest gasoline pipeline had to be taken offline for days.
The result: supply bottlenecks and panic buying.
Isn't such an event likely to cause sleepless nights for energy managers in Germany as well?
Thiemo Heeg
Editor in business.
Follow I follow
Katherina Reiche was once a CDU politician and state secretary until she switched to business. Since 2020 she has headed the E.ON subsidiary Westenergie, the largest regional energy service provider and infrastructure provider in Germany. With 10,000 employees, the company has a turnover of five billion euros and serves 6.6 million people in North Rhine-Westphalia, Rhineland-Palatinate and Lower Saxony. The power grid is 175,000 kilometers long, the gas grid 24,000 kilometers and the water grid 5,000 kilometers.
So Reiche knows what is at stake.
And still feels confident.
Of course, energy providers are a goal that both state and non-state actors are constantly targeting, says the 47-year-old very matter-of-factly in an interview with the FAZ.
But considering electricity and the Internet as incompatible opposites because of this risk is out of the question for them, on the contrary.
Rather, Reiche operates according to the motto of forward defense.
It is important to ensure that, despite the negative aspects, one is well prepared: “With every euro that we invest in digitization, we therefore also have to invest in digital security.
And that's what we do. "
Practice cyber defense in the “war room”
Activities include a project called “CyberRange-e”. Launched exactly two years ago, it is the first training center in the German-speaking region where attacks on the network and countermeasures can be trained. Not only Westenergie employees train there, the offer is also open to other energy providers and infrastructure operators. The training plan, which lasts over a week, looks like a school timetable. The only difference is that the curriculum does not include German, math or sports lessons, but IT system tests, “incident response processes” and, in a practical part, “operation, hacking, reaction, reflection”.
The whole thing takes place in a "war room": cyber defense as a virtual war game, like in a military exercise.
Company participants from network control centers, IT or management form the “Blue Team”.
Professional hackers from the “CyberRange-e” act as a “red team” and attack the infrastructure from a room separate from the participants.
“You can experience the anonymous threat of a cyber attack in real life,” advertises the training center.
The attackers can even turn up the heating in the defenders' room in order to make the threat physically perceptible.
The aim of the exercises: not to panic in the event of an attack and to react correctly.
Experienced trainers from the “White Team” assist and coach the participants.
Attackers specifically look for vulnerabilities
The Federal Office for Information Security (BSI), the federal cybersecurity authority, knows how important such exercises are. In the latest report on the IT security situation in Germany, the BSI states that it is clear, especially for the electricity industry, "how much attackers focus on it and how they try to penetrate internal IT systems". The attackers actively searched for existing vulnerabilities in the systems that were directly connected to the Internet.