Anomaly detection in production plants

Standards and specifications do not always fill the heart of an operator with joy. The Federal Office for Information Security named BSI announced the standard BSI CS 134. With the BSI CS 134, however, an important step was taken in the right direction of IT/OT security. The core topics are described in the BSI CS 134. These include monitoring – the systemic surveillance and observation of communication, anomaly detection in communication with corresponding archiving, logging and analysis, as well as attack detection (intrusion detection) with alarming in case of need.

In the course of digitalisation, companies are striving for an ever higher degree of networking with devices and systems related to automation. The consequence is an increasing dependence on their availability. The number of Ethernet participants is increasing significantly, as is the communication itself.

However, hardly anyone knows who is communicating with whom – authorized or not. The situation is further complicated by the fact that several system components are often installed by different suppliers. The increasing complexity in the network and the implementation of devices that do not always fully conform to IP standards repeatedly leads to side effects in the network that are not noticed at first and can eventually turn into an incident. This would have been noticed and avoidable with a continuous monitoring of the network traffic.

You can find the complete article here (German): Monitoring und Erkennung von Anomalien in Anlagen, 09|2019

Published in etz, Issue 8/2019, VDE Verlag, p. 40-41