Thomas, most substation operators may be aware of the importance of protecting their systems against cyber attacks. Is a firewall sufficient?
The global cyber attacks that became public in the past few years showed us that, unfortunately, a firewall is not enough anymore. Nowadays, attacks on critical infrastructures occur in a targeted and organized manner, for example, when state-sponsored cyber attackers carry them out. For these hackers, a firewall is not an obstacle. They use diverse methods to bypass these security defenses. In substations, for example, hackers can gain access via compromised notebooks from maintenance staffers that are regularly working on site. A firewall is useless if a security breach that’s unknown to the public is exploited on such a device. In this case, the attack has to be recognized within the substation network.
With the new IT security law in Germany, the “IT-Sicherheitsgesetz 2.0”, we expect that new legislation for the use of Intrusion Detection Systems in critical infrastructures will be implemented for the first time.
How can operators protect their facilities in accordance with these statutory provisions?
With an Intrusion Detection System (IDS), that reliably identifies cyber attacks and alerts the operator immediately. This can be difficult for utilities with several facilities based on diverse system standards. Simply protecting single plants is not the right approach.
Therefore, our IDS StationGuard supports all of the common communication protocols in substations – and the older ones as well. Migrating all of your plants to new standards can take place over a long period of time. It’s quite common to have some facilities that have already been adapted to the newer IEC 61850 standard. In contrast, others may still operate with DNP3/IEC 104 or are even based on serial connections with IEC 101 or Modbus. The link to the control room is still often based on DNP3/IEC 104 as well.