The protection engineering and SCADA technology or the station automation system (SAS) belong to the critical infrastructure of utilities. They make an essential contribution to maintaining the energy supply. These infrastructures must, therefore, be protected against unauthorized access or illogical switching actions that cause disruptions to the energy supply or the destruction of equipment.
OMICRON’s IDS (Intrusion Detection System) StationGuard protects these critical infrastructures against almost all conceivable cyber attacks or unauthorized actions. It contains the accumulated know-how from many decades of worldwide engineering work in switchgear as well as research on IEC 61850 network analysis.
With its unique approach, a combination of cyber security threat monitoring and functional monitoring, StationGuard not only detects unauthorized activity on the substation network, but also identifies problems in the IEC 61850 communication, enabling it to detect different types of malfunctions in the substation to allow a quick response.
To achieve this, StationGuard imports the SCL (Substation Configuration Language) file of the substation to create a complete system model of the automation system and the substation and then compares each individual network packet with the live system model. This process works without a learning phase and independently through the SCL description with just a few additional manual inputs.
An essential feature of StationGuard is its ease of use. Its user interface is adapted to the diagrams and terminology in substations and does not use special IT terminology. Therefore, all information is easily understood by protection and control engineers.
Because verification of the network traffic contains such a high level of detail, not only are illegal packet encoding and unauthorized control commands detected, but also errors in the sequence numbers and more complex measurements such as message transmission times, or critical states of the IEC 61850 quality bits. StationGuard emits very few false alarms because it knows the typical maintenance operations and considers them in a specialized maintenance mode.
The IDS itself is protected by a secure measured boot chain (via a crypto chip), encryption of data and communication, and a specially hardened Linux operating system. In addition, OMICRON's StationGuard experts assist users with questions about alarms reported by the IDS. To do this, they can analyze the network recordings of StationGuard to assess whether a potential threat situation exists.