Energy provider

Branchen Icon

Energy provider

IT security in the energy sector

The protection of process control systems is currently in the focus of the latest projects we are carrying out for our customers in the energy sector. This especially includes network security that we ensure, for example, through network segmentation. In this case the implementation of remote maintenance access also plays an important role.

Another significant topic is the IT-security catalog for electricity- and gas operators and our developed solution approach. The technical effectiveness of the ISMS is put into focus to ensure that the control documents to be produced, serve their purpose of increasing the security level of the network control system and permanently guaranteeing effective IT security. For this purpose, around two dozen projects have already been opened.

A general topic for companies in the energy supply company sector, even without the requirements of the IT security law, is security monitoring. In order to ensure the earliest possible detection of problems and ideally to rectify them before they are impaired.

Our solutions for energy providers

  • Design ISMS according to DIN ISO/IEC 27001:2015
    • Organizational and technical gap analyses
    • Creation of security guidelines, -processes and -procedures
    • ISMS implementation at organizational level according to ISO/IEC 27001:2013 and the BSI-100 series (basic protection)
    • Security concepts / controls according to ISO/IEC 27002:2013 and ISO/IEC TR 27019:2013
  • ISMS- operationalization
    • We implement the organizational measures from the security management (e. g. ISMS) in a technically effective manner.
  • Assumption of mandate IT security contact person according to IT security catalogue
  • ISO/IEC 27001 certification support
  • Implementation and support for secure operation of centrally controlled basic services (malware prevention / antivirus, patch management, directory services / Active Directory, backup and recovery, security monitoring and account management)
  • Integrated IT security concept (ICS Security Guideline)
  • Network security
    • To increase security, we optimize your network by reducing complexity, increasing reliability through redundancy and coupling networks with network segmentation.
    • Protection of remote maintenance access for own service employees and third party access
  •  System hardening
    • System hardening of all systems leads to a minimization of the attack vectors
  • Security Monitoring for the earliest possible detection and elimination of problems
  • Incident Response
    • Establishment of an Incident Response Team (CSIRT/CERT)
    • Establishment of a Security Operating Center (SOC)
  • We take over the incident response for you with our CSIRT.
    • The CSIRT service is provided 24/7 and covers all technical, organizational and procedural aspects.
    • A high degree of specialization in different technologies enables a wide range of applications. It goes without saying that standardized procedures and methods are used. Even more: We help shape the standards around the Digital Evidence Process.
  • Support of gas suppliers in the technological conversion of dial-up connections to modern network technologies
  • Secondary control power
    • Technically safe setup, in which we pay particular attention to redundancies.
  • Physical Security
    • Physical evaluation and auditing of your infrastructures
    • The upgrading, planning and realization of data center and technical rooms
    • We support companies and organizations with the goal of data center certification
    • Another focus is the intelligent video monitoring of downstream alarms
    • In order to guarantee holistic security of physical infrastructures, the trade interfaces are designed and coordinated as a whole
  • Risk Management
    • Risk assessments taking into account the results of the security tests, the company risk strategy and the core business processes
    • Integration of IT risk management into corporate risk management
    • Technical ICS audits with regard to the security measures of the control systems

Your contact person


Andreas Eichmann

Senior account manager
Tel. +49 2173 20363-0

Reference projects

  • Fuse protection control system open-cast mining
    • Large energy supplier
  • Implementation IT-Security catalogue
    • Transmission & Area Network Operators
  • Network segmentation and implementation of central security services
    • Power stations of a large municipal utility

more reference projects...

Committee work

  • Mirror committee NA 043-01-27
    • DIN
  • ISO IEC JTC1 SC27 (WG3 und WG4)
    • ISO
  • KITS Advisory board
    • KITS

more committee work...


  • Operationalization of network operator ISMS
    • Working group IT-Security officers EVU
    • Nov 2016
  • Practical report - Development of an ISMS at an area network operator
    • VDE Symposium
    • Sep 2016
  • Continuous security management with the help of central services
    • IT security requirements for the energy industry
    • May 2014

more lectures...


  • Integral protection of process control technology
    • BWK Energie trade magazine
    • Feb 2016
  • Technical tests for ICS-systems
    • 14. German IT Security Congress
    • May 2015
  • ISMS: Pure paperwork or technically effective?
    • EW
    • Apr 2015

more publications...