StationGuard
Cybersecurity and Functional Monitoring for the Power Grid
Content cannot be displayed as the plugin requires cookies to be executed.
Detect cyber attacks promptly
The Intrusion Detection System (IDS) StationGuard monitors Ethernet networks in the power grid and identifies cyber threats, prohibited activity, and malfunctions.
With this combination of cybersecurity and functional monitoring, not only can new threats and as yet unknown attack scenarios be identified, but different kinds of malfunctions in the power utility automation system too.
Protects all kinds of utility automation and SCADA systems
IEC 60870-5-104, DNP3, Modbus TCP or IEC 61850: no matter what protocol your utility automation or SCADA system is based on, StationGuard monitors all communication in detail and detects cyber threats and communication errors.
Tailor-made for utility automation and SCADA systems
StationGuard and the RBX1 platform have been specially developed for use in utility automation and SCADA systems. StationGuard knows how every device in the network should behave. With this new and patented approach, StationGuard reliably identifies anomalies in the station network.
Easy to configure
No learning phase is needed for the configuration of StationGuard. All you require are some user inputs to describe the purpose of the devices in the network. StationGuard can also import engineering files to speed up the configuration process.
Speaks the language of protection and control engineers
The user interface has been designed to match the diagrams and terminology used in utility automation and SCADA systems. The clear and understandable alarm messages can be easily traced back to events, making cooperation between engineers and security officers simple and efficient.
Immediate protection
StationGuard uses a unique whitelisting approach to protect networks right from the very first minute and without any learning phase whatsoever. Even threats or communication problems that existed prior to its installation are immediately identified.
Identify malfunctions
Not only are threats identified, but also communication errors, device failures, or time synchronization problems are detected.
Fewer false alarms
StationGuard knows the processes in utility automation and SCADA systems and can therefore distinguish between legitimate events and potentially dangerous activities. With StationGuard's maintenance mode, fewer false alarms are triggered during maintenance work and a high degree of security is ensured.
StationGuard - designed for the energy system
Regardless of whether your system is based on IEC 60870-5-104, DNP3, Modbus TCP, or IEC 61850, StationGuard deeply inspects all communication to find cyber threats, prohibited activity, and errors.
Based on our 25+ years’ of experience in power utility automation systems, StationGuard truly understands the communication in power utility automation and SCADA systems. With its unique system model approach, this knowledge is used to determine between legitimate traffic and malicious activity.
With its built-in support for maintenance activities, you are in full control of which devices communicate what and when. StationGuard helps documenting all assets and their protocols and services used.
"StationGuard impressed us with its simple configuration and commissioning options. StationGuard identifies cyber attacks and possible threat scenarios just as thoroughly as malfunctions in our station control technology thanks to the symbiosis of IT and OT. As a result, our expectations regarding the IT security of our systems are fully met and our plants are already protected in accordance with the requirements of IT-SIG 2.0."
Reinhard Bretzke
Head of Power Supply
Stadtwerke Kempen GmbH
"StationGuard is really easy to use. I'm presented with all the information I need clearly in a familiar layout – with only few IT jargon. And all this in the OMICRON quality that we are used to."
Yann Gosteli
Head of Substation Automation Systems
Centralschweizerische Kraftwerke AG
"The team behind StationGuard comprises cybersecurity specialists, working together with protection and control experts. It is this pooling of expertise from both worlds that makes StationGuard so successful."
Andreas Klien
Product Manager
Key features
- Deep packet inspection of IEC 60870-5-104, DNP3, IEC 61850, Modbus TCP, PRP/HSR, and many more
- Better cooperation between IT and OT through unique visualization matching OT engineering diagrams
- Save time in alarm analysis supported by built-in OT knowledge
- Analyzes substation protocols in depth
- Full protection during routine testing thanks to maintenance mode function
- Easy integration of alarm messages due to binary contacts and Syslog interface
Learn more about cybersecurity in the power grid
Cybersecurity in Substations 1 - Important Basics for Protection and SCADA Engineers
Cybersecurity requirements are increasingly becoming part of the daily work of protection and control engineers. Gain some important basic knowledge of cybersecurity in substations.
Cybersecurity in Substations 2 - Attack Vectors on Substations and their Countermeasures
Get a concise overview of cyber threats on substations and their countermeasures. Learn on which paths attackers could reach substation networks and how adversaries could use this to even influence protection and control devices.
Cybersecurity in Substations 3 – StationGuard Live in Action
In this webinar, we will show a live simulation of cyber attacks and communication errors on the station bus and how the Intrusion Detection System (IDS) StationGuard can detect these threats and malfunctions.
Live-Hack of a Substation
In this webinar recording, we demonstrate in a fictional scenario how attackers can reach into the network in a substation via the Internet, place malware on an RTU, and then switch circuit breakers. We also present security measures which could have prevented this fictional attack.
Support for commissioning and maintenance
Engineering protocols and IED web interfaces have many known vulnerabilities and new ones are being released all the time. These interfaces are however needed in the commissioning phase and during routine maintenance. To protect your substations against attacks on these ports, you should generally prohibit engineering activity and only allow it when needed. The "Maintenance Mode" enables a high security level by prohibiting engineering activities during normal operation, while providing a low level of false alarms during maintenance phases.
In contrast to baseline or learning based IDS, StationGuard supports the different phases in the lifecycle of a substation with high selectivity in the alerts.
We make life easy for you – Expert Support
If an alarm indicates prohibited or non-standard-compliant behavior, the StationGuard experts are on hand to help you evaluate the cause. A profile of your substation can also be created on request to offer an alarm analysis targeted specifically for your site and its devices.
In addition to our Technical Support team, who are available 24/7, StationGuard Expert Support helps you to evaluate alarms and perform network capture analyses.
Download
Submit the form to download our latest paper on the topic "Detecting cyber intrusions in substation networks".
Related Products
Screenshots of our StationGuard Software
At a glance it is discernible which device caused the alert in which bay.
The Event Log stores the history of all alerts and also records important events like switchgear operations and setting changes.
Alert messages are clearly understandable and can be attributed to events in the substation.
The whitelist permissions can be reviewed and audited for each device in the network.
All devices communicating in the network are recognized and can be exported together with the type plate and firmware version.
Asset information is aggregated from network traffic and from SCL files.
Solutions for:
Documents
Papers & Articles
Detecting Cyber Instrusions in Substation Networks (758 KB)
This whitepaper teaches the reader how to apply Intrusion Detection Systems (IDS) at the substation level. It describes the unique approach used by StationGuard, its advantages in asset discovery and incident response, and the difference to other IDS.
Design and Commissioning of a Secure Substation Network Architecture (382 KB)
Case study about a new, cyber-secure substation network architecture designed and commissioned by the Swiss distribution and generation utility CKW (Centralschweizerische Kraftwerke AG). The security measures include multiple firewall zones, secure remote access, and intrusion detection on the station bus.
Detecting Cyber Intrusions in the Digital Substation (2 MB)
Article in PAC World Magazine, March 2019 issue, about intrusion detection on the station and process bus. This article explains the security in IEC 61850 substations, why encryption is not the silver bullet, and the IDS requirements in substations.
Cybersecurity of the RBX1 and MBX1 Platforms (556 KB)
This whitepaper examines the individual cybersecurity measures introduced into the design and ongoing development of the RBX1 and MBX1.
Content cannot be displayed as the plugin requires cookies to be executed.
Videos
Content cannot be displayed as the plugin requires cookies to be executed.
StationGuard – Cybersecurity tailor-made for substations
Content cannot be displayed as the plugin requires cookies to be executed.