Michael Georgi: TWL AG - Rebuilding IT after hacker attack

Interview with Michael Georgi, Head of IT at Technische Werke Ludwigshafen am Rhein AG, on digitization in the energy industry and the consequences of a hacker attack.

Digitalization has become an important topic in the energy industry, and not just since the Corona pandemic. In areas such as the transmission and distribution of energy, it has long been standard practice. Other areas have yet to follow suit. Michael Georgi, Head of IT at Technische Werke Ludwigshafen am Rhein AG, confirms this in an interview and appears to be both open and relaxed about the pressure to digitize.

Detecon: Mr. Georgi, studies on the degree of digitization in individual industries are a dime a dozen, and the results differ significantly in some cases. How do you assess the current status of digital transformation in the energy industry? 

Michael Georgi: That can't be given a blanket answer of good or bad, because the energy business is very complex. You therefore have to distinguish between the many business areas in the energy industry, i.e., generators, distributors, traders, large or regional companies, and the individual processes. If you take transmission and distribution or the generation of energy, for example, I think the energy industry is already very far along with digitization. Without energy management systems or intelligent network control, no energy company would be competitive today. The use of classic business software such as ERP systems is also standard. So when is a company digital?

But there still seems to be room for improvement. According to the results of the Digital@EVU study published by BDEW at the beginning of October 2020, 85 percent of energy suppliers are planning to invest more in digitization. What should these companies invest in?

If you were to ask this question in our divisional managers' roundtable, we would have at least as many opinions as there were people in the room. Because everyone sees it from their own perspective and therefore differently. In general, however, the German energy sector is subject to an extensive regulatory framework. As a result, we have to digitize a great deal on a permanent basis. The Federal Network Agency alone obliges us to automate certain processes, for example the exchange between market partners such as network operators, sales and metering point operators. In addition to the energy transition and the resulting need for flexibility, more recent legal requirements such as the IT Security Act or the Act on the Digitization of the Energy Transition also play a decisive role and have a lasting impact on digitization in the energy industry.

According to Digital@EVU, more than three quarters already have or are planning a digital strategy.

This addresses a sore point: strategy. Because there is a big difference between having and planning. However, I believe it is essential to first define and adopt a digitization strategy. Otherwise, the individual measures will not fit together in the end. And then the benefits of digitization fizzle out. Sometimes, however, external circumstances force you to take the next steps in digitization.

What exactly do you mean by that? New regulatory requirements?

By that, I mean the Corona pandemic, for example. With the first lockdown in spring 2020, we had to react quickly so that employees could continue to work. Within a very short time, we had to equip everyone with mobile technology for whom home office was an option. Which wasn't easy, because the run on hardware was huge from one moment to the next. And I have to admit that I made a strategic mistake just before the pandemic. We rolled out Windows 10 in 2019, and instead of going for laptops, everyone who had desktops before also got a desktop again. But laptops would have made more sense. There you see how important a strategy is. In the second wave, this was no longer an issue.

But digitization remains an ongoing task.

Absolutely. It will never end, and what also makes a difference is that it's getting faster and faster, and even a company like TWL, which currently still operates mainly regionally, has to adapt some decision-making and implementation processes to the new pace. That's why in 2020, together with a working group of employees, I pushed ahead with the restructuring of our division. In doing so, it was important to me that our division develops into a small nucleus for modern, agile forms of working. Even though I am aware that our company cannot simply flip the switch due to its long history. And there is now a group of young colleagues who want to drive the topic of digitization forward as part of a strategy.

What does your current IT landscape look like?

We are currently putting a number of things to the test. You could almost say forced to. SAP and the IS-U industry solution currently form the core of our software landscape. Support is due to end in a few years' time. We are currently talking about 2027. That's why we're also looking at how we're going to continue in the future? With the successor system from SAP? Or will we switch to other systems? Nothing has been decided yet, especially since we first have to solve other problems after the hacker attack in April 2020. That's why we are currently laying our cards on the table for a comprehensive realignment of automation.

Does that also apply to cloud services?

I take a very unemotional view of cloud. There will be no either or. We have our own Tier IV-certified data center operated by TWL-KOM. This is where we run our on-premise systems. But we are also already using individual solutions in the cloud. If we continue to rely on SAP in the future, we will also obtain certain applications from the SAP Cloud here. In short: Where it fits, we go to the cloud. Where it doesn't fit, we'll stay on-premise.

Improving the interface to customers is often voiced as an urgent project. What does that look like for you?

We already wanted to improve the digital customer interface last year and had budgeted for a customer portal. One wish is to build a digital product configurator, as we currently find it difficult to configure and offer cross-divisional products. We would like to offer our customers bundles tailored to their needs, perhaps gas, electricity, water and telecommunications in one package. At present, we can hardly map this, let alone bill them together. But we won't be tackling that this year, as we first have to get the new IT infrastructure up and running.

Why is the new IT infrastructure necessary?

We were the victim of a hacker attack in April 2020 that was all over the media. We took immediate measures shortly after the hacker attack, which we discovered on April 20. The BSI also supported us with technology. All of this was necessary because the contamination was so extensive that, after discussions with the police authorities, the BSI, as well as an independent expert and our security service provider, we saw no other option but to completely rebuild. By that I really mean completely new. This starts with the Internet line, continues with the firewall, core switch, the complete sheet metal for servers and storage, and ends with decentralized switches for the sites or individual floors at the sites.

Personal details: Michael Georgi


Michael Georgi has been head of IT at Technische Werke Ludwigshafen am Rhein AG since July 2019. Previously, the business graduate was IT manager at ZEAG Energie AG and held responsible positions at Watt Synergia, Tideum Deutschland and Vobis.

But they have to remain operational, don't they?

We set up protective mechanisms with our security service provider so that we could keep the contaminated environment running for the time being. In the contaminated environment, we have combined applications into silos. A silo should have a minimum number of interfaces to the outside world. And we are still partially operating in this environment today, although the new infrastructure is now up and running. Now the applications are being implemented piece by piece in the new environment.

And what about the data?

We decontaminate and clean the data from each of these silos. Then the virus-free data goes into the new environment. So users work in both the new and old environments for a while. Meaning, they can't bring data from the contaminated site to the new site. When all silos have been transferred from old to new, we will shut down the old environment completely.

Why is Detecon advising you on this rebuild?

Because Detecon brings a great deal of know-how in the energy sector. I don't have to explain to the consultants what is going on at ISU or that I can't look at individual parts of the whole on my own but have to see the big picture. Therefore, we can exchange ideas at eye level and the consultants bring new ideas to the table. 

After your experience with the serious hacking attack, what advice do you have for other utilities? How should they protect themselves?

It is important to exchange ideas with other companies. In the Ludwigshafen area, we regularly exchange information among IT managers. That helps to stay up to date. Otherwise, I recommend that companies take a close look at their individual processes and assess their risks. This starts, for example, with such a simple process as the onboarding of external and internal employees. Here, you might find a weak point in the system.

Then the organizational and technical aspects need to be checked regularly. And last but not least, awareness among all employees is extremely important. This includes regular training, because the weak point in many attacks is still the people. We had these training sessions. But unfortunately, the hackers still successfully penetrated the system via the human vulnerability.

Technische Werke Ludwigshafen am Rhein AG (TWL) is a municipal utility company based in Ludwigshafen am Rhein. TWL has been supplying the city of Ludwigshafen with electricity, natural gas, cooling, drinking water and district heating for over 100 years. The subsidiaries offer, among other things, plant management, operational management and contracting, energy efficiency concepts and solutions for bundled customers, as well as classic communications systems and telecommunications solutions in the high-availability TIER-IV data center and various hosting services. TWL AG employed a total of more than 600 people at the end of 2019 and had revenues of €503.8 million in 2019. The sole shareholder is the city of Ludwigshafen.

The interview was conducted by