The high bar it sets for security standards was another convincing advantage of the joint solution from WAGO and NIVUS: NivuLink Control meets cybersecurity requirements for critical infrastructure applications. MQTT and integrated IPsec encryption ensure ironclad IoT communication. Connection with the e!Cockpit programming software also allows remote diagnostics. “Although the legal requirements don’t apply – since as of now we’re not considered critical infrastructure – we used critical infrastructure criteria to select the system. If we tackle this issue now, then we’re better positioned for the future,” says Wolfgang Hönighausen. The security package had been growing for years, starting when Stadtbetrieb Bornheim took over the waterworks. “Since then, we have used a specialized service provider for IT security, together with which we are continuously developing and establishing security requirements, culminating in the implementation of the current measures.” All relevant project partners were involved, from the electric instrumentation and control engineering planning firm to suppliers like NIVUS and WAGO. Besides continuous availability, secure remote access for operation and monitoring, as well as secure maintenance access to the waterworks, were mandatory requirements. All employees have laptops that are integrated into the IT security concept so they can access the system at any time, from anywhere there is an Internet connection. In the lead-up phase, nothing was left to chance: Failure tests of individual systems and a disaster recovery test were carried out, and a patch management process was established, supported and safeguarded by the central services. “Critical infrastructure issues were also a challenge for us, because they were new to us, at least to the extent required in this case,” recalls Andreas Bosel of NIVUS. Control required encryption based on security standards for servers, which would not have been feasible for the controllers used due to their complexity – at the beginning, this led to connection failures. The problem was caused by the high computing power demanded by the decryption. “But we found a future-proof standard solution for this too, which fully meets critical infrastructure requirements without requiring the customer to have their own software.”
In addition, to meet the stricter availability requirements, two server rooms were installed; this provides sufficient redundancy in the technical infrastructure to cover individual failures. “Our redundancy approach is based on two communication channels: If the connection for one channel is lost, the other takes over. If both channels are lost or the hardware fails, the waterworks systems run in emergency mode,” says Hönighausen. In this mode, the process data is buffered and then updated in the process control system when communication is reestablished. A cloud-based solution was not an option for the waterworks manager: “That might have been conceivable for the wastewater station, but definitely not for the waterworks.” They wanted to remain at the helm themselves: “If I’m the one responsible, I want to retain control, not outsource it.”
“What’s ultimately crucial for us is that data is transferred and we receive alerts in the event of limit violations or aggregate failures. That needs to work!” This data transfer works straightforwardly in all the substations. So far, there have been no failures caused by the system. “We’re satisfied, since, in addition to the benefits I already mentioned, we can take advantage of additional functions we didn’t have before. For example, we introduced escalation levels, which make message receipt more secure. Overall, this system has worked reliably so far,” explains Hönighausen.