Cyber attacks are constantly increasing, and their methods are becoming more deceptive. When it comes to critical infrastructures, the potential damage from an attack can be fatal, which is why it is more important than ever to focus on them. For the first time in Germany, using Intrusion Detection Systems at electric utilities will be regulated by law. With the new 2.00 release of StationGuard, we’re offering you a tailormade solution for all types of substations that works, regardless of the communication protocols you’re using. We talked to Thomas Friedel, Sales Manager Cybersecurity at OMICRON, about how facilities can operate securely with minimum effort.
Thomas, most substation operators may be aware of the importance of protecting their systems against cyber attacks. Is a firewall sufficient?
The global cyber attacks that became public in the past few years showed us that, unfortunately, a firewall is not enough anymore. Nowadays, attacks on critical infrastructures occur in a targeted and organized manner, for example, when state-sponsored cyber attackers carry them out. For these hackers, a firewall is not an obstacle. They use diverse methods to bypass these security defenses. In substations, for example, hackers can gain access via compromised notebooks from maintenance staffers that are regularly working on site. A firewall is useless if a security breach that’s unknown to the public is exploited on such a device. In this case, the attack has to be recognized within the substation network.
With the new IT security law in Germany, the “IT-Sicherheitsgesetz 2.0”, we expect that new legislation for the use of Intrusion Detection Systems in critical infrastructures will be implemented for the first time.
How can operators protect their facilities in accordance with these statutory provisions?
With an Intrusion Detection System (IDS), that reliably identifies cyber attacks and alerts the operator immediately. This can be difficult for utilities with several facilities based on diverse system standards. Simply protecting single plants is not the right approach.
Therefore, our IDS StationGuard supports all of the common communication protocols in substations – and the older ones as well. Migrating all of your plants to new standards can take place over a long period of time. It’s quite common to have some facilities that have already been adapted to the newer IEC 61850 standard. In contrast, others may still operate with DNP3/IEC 104 or are even based on serial connections with IEC 101 or Modbus. The link to the control room is still often based on DNP3/IEC 104 as well.
“With StationGuard, operators can rely on a single Intrusion Detection System for all of their facilities. It monitors substation communication in-depth with Deep Packet Inspection and reliably identifies both cyber attacks and functional failures. This decisively reduces overhead.”
The system itself is located within a critical environment. Doesn’t this create operation risks? For example, by delaying processes?
We designed StationGuard to be used in substations from the ground up. It monitors the entire communication in a nonreactive way. If an issue has been identified, it automatically alerts the operator in real-time.
A circuit breaker needs to open immediately in a worst-case scenario. The signal cannot first be analyzed and then forwarded to the breaker with a delay.
With StationGuard, the operation is straightforward. Figuratively, it speaks the language of substation engineers. In doing so, the system gives a considerable boost to troubleshooting and reduces coordination efforts with other departments. With a dedicated Maintenance Mode, it takes the real operational procedure of substations into account. Specific protocols that are frequently being used for maintenance tasks are not present during regular operations. Due to these unknown factors, an IDS would usually send several alerts during this phase, unnecessarily interrupting the operation. When it’s in Maintenance Mode, StationGuard records all activities during maintenance. However, it does not interrupt the operation by sending alerts. This is how we’re able to cover the established processes in substations perfectly.
Thank you very much for the interview.