Schutzschild vor Weltkarte

Cyber Security in decentralized power generation plants

Challenge and Motivation

Increasing connectivity poses major challenges for the operational security of decentralized power generation plants, especially in critical infrastructures (CRITIS). Previously isolated areas must be secured against cyber attack possibilities and secure environments for Industry 4.0 products and control systems must be created in accordance with the EU Cyber Security Act.

The complexity in the area of IT security is also constantly increasing due to the digitization of industrial control systems, rapidly growing technology for Industrie 4.0, and increasing interconnectivity between industrial data networks (OT) and enterprise data networks (IT).

Hacker attacks on the power suppy of critical infrastructures, such as large hospitals, are on the rise and in the past have already led to a temporary loss of emergency power supply with devastating consequences. Companies and facilities, which by definition are not yet part of the CRITIS applications, such as smaller hospitals, are also being affected by cyberattacks at a sharply increasing rate.

Industrial control systems (IACS), 20% of which are used in the energy sector, are increasingly showing vulnerabilities with regard to cyber security.

Kuhse – Your Cyber Security Partner

As a specialist for control systems for Power Plants, Prime Power and Hybrid Power /Microgrid applications, Kuhse is your competent partner for "cyber secure" and CRITIS-compliant control solutionsacc. to IEC 62443. For existing plants we provide a Cyber Security Check.

Depending on your needs we support you as

  • Partner in the selection of compliant cyber security components for your control systems
  • Integrator on subsystem level for the electrical equipment of your power plant
  • Consultant for compliant plant operation and
  • Maintenance partner for your control systems


Generator control Panel (GCP) mit Cyber Secure Logo

Systems (cyber secure based on IEC 62443)

  • Control Systems / switchboards for prime power applications
  • Control Systems / switchboards for emergency power systems
  • Control Systems / switchboards for hybrid power applications
Servicemitarbeiter bedient Touch Panel


  • Secure commissioning & maintenance of the system
  • Training of the operator and maintenance personnel
  • Review of effectiveness and up-to-dateness of cyber security measures
  • Performing of security updates
  • Remote support at cyber attacks
Puzzle aus Datenpunkten


  • Cyber security awareness training considering relevant standards
  • Evaluation of needed technical measures and processes
  • Determination of suitable technical measures and processes
  • Process manual for integration, operation, maintenance, backup/restore, disaster recovery and for dealing with cyber attacks

Global set of rules for manufacturers, integrators and operators

The basis for a CRITIS-compliant environment of control systems is provided by a global set of rules that regulates international cyber security requirements and defines a uniform certification framework for manufacturers, integrators and operators.

EU Cyber Security Act:

Establishment of a secure, cyber security-compliant environment (for manufacturers, integrators and asset owners / operators) concerning Industry 4.0 products and systems

IEC 62443:

Rules and guidelines for mandatory security in OT environments (for manufacturers, integrators and asset owners / operators)

IT- Security Law 2.0:

The 2nd German Security Act to increase the security of IT systems for the protection of the federal administration, critical infrastructures and companies of public interest.

IEC 62443 Certification

The IEC 62443 international standard serves as an essential guide for manufacturers, integrators and operators in secure product development, integration and selection. The scope for cybersecurity of control systems includes network-enabled devices, industrial sectors and critical infrastructure.


  • Wide range of applications for cyber security of industrial control systems in decentralized power generation systems covering critical infrastructures, facilities of public interest and many industrial areas

  • Standardized cyber security of control systems and system solutions on an international level based on proven and new IT security concepts such as "Defense in Depth" and "Zones & Conduits"

  • Certification as a key argument for customers and as an answer to the question of how to ensure the secure introduction of Industry 4.0

  • Scalability of cyber security with regards to the respective requirements and priorities of the control system

§In the standard, the evaluation of the effectiveness and quality of measures is differentiated by roles and levels. The following applies to Kuhse as an integrator of control systems for decentralized power generation plants:

Security Level

"for companies that develop and implement clear cyber security objectives and effective, but cost-conscious technical countermeasures to cyber attacks"

Maturity Level

"for companies that develop and implement their organization and documented processes according to the cyber security objectives"

Kuhse News

We would be pleased to inform you about current products and developments from our company with our topic-specific newsletters.