Cybersecurity and functional monitoring for substations
Detect cyber attacks promptly
The Intrusion Detection System (IDS) StationGuard monitors Ethernet networks in the power grid and identifies cyber threats, prohibited activity, and malfunctions.
With this combination of cybersecurity and functional monitoring, not only can new threats and as yet unknown attack scenarios be identified, but different kinds of malfunctions in the power utility automation system too.
StationGuard - designed for the engergy system
Regardless if your system is based on IEC 60870-5-104, DNP3, Modbus TCP or IEC 61850, StationGuard deeply inspects all communication to find cyber threats, prohibited activity and errors.
Based on our 25+ years’ of experience in power utility automation systems, StationGuard truly understands the communication in substation automation and SCADA systems. With its unique system model approach, this knowledge is used to determine between legitimate traffic and malicious activity.
With its built-in support for maintenance activities, you are in full control of which devices communicate what and when. StationGuard helps documenting all assets and their protocols and services used.
"StationGuard is really easy to use. I'm presented with all the information I need clearly in a familiar layout – with only few IT jargon. And all this in the OMICRON quality that we are used to."
Head of Substation Automation Systems
Centralschweizerische Kraftwerke AG
"The team behind StationGuard comprises cybersecurity specialists, working together with protection and control experts. It is this pooling of expertise from both worlds that makes StationGuard so successful."
- Deep packet inspection of IEC 61850, IEC 60870-5-104, DNP3, Modbus TCP, PRP/HSR, and many more
- Easy to understand alarms thanks to ZeroLine™ diagram
- Save time in alarm analysis
- Analyzes substation protocols in depth
- Full protection during routine testing thanks to maintenance mode function
- Easy integration of alarm messages due to binary contacts and Syslog interface
Support for commissioning and maintenance
Engineering protocols and IED web interfaces have many known vulnerabilities and new ones are being released all the time. These interfaces are however needed in the commissioning phase and during routine maintenance. To protect your substations against attacks on these ports, you should generally prohibit engineering activity and only allow it when needed. The "Maintenance Mode" enables a high security level by prohibiting engineering activities during normal operation, while providing a low level of false alarms during maintenance phases.
In contrast to baseline or learning based IDS, StationGuard supports the different phases in the lifecycle of a substation with high selectivity in the alerts.
We make life easy for you – Expert Support
If an alarm indicates prohibited or non-standard-compliant behavior, the StationGuard experts are on hand to help you evaluate the cause. A profile of your substation can also be created on request to offer an alarm analysis targeted specifically for your site and its devices.
In addition to our Technical Support team, who are available 24/7, StationGuard Expert Support helps you to evaluate alarms and perform network capture analyses.
Submit the form to download our latest paper on the topic "Detecting cyber intrusions in substation networks".
StationGuard – Cybersecurity tailor-made for substations
Why should you use an Intrusion Detection System in every substation?
Intrusion Detection in Energy Systems – An Important Building Block in OT Security Processes
Papers & Articles
- Detecting Cyber Instrusions in Substation Networks 758 KB This whitepaper teaches the reader how to apply Intrusion Detection Systems (IDS) at the substation level. It describes the unique approach used by StationGuard, its advantages in asset discovery and incident response, and the difference to other IDS.
- Design and Commissioning of a Secure Substation Network Architecture 382 KB Case study about a new, cyber-secure substation network architecture designed and commissioned by the Swiss distribution and generation utility CKW (Centralschweizerische Kraftwerke AG). The security measures include multiple firewall zones, secure remote access, and intrusion detection on the station bus.
- Detecting Cyber Intrusions in the Digital Substation 2 MB Article in PAC World Magazine, March 2019 issue, about intrusion detection on the station and process bus. This article explains the security in IEC 61850 substations, why encryption is not the silver bullet, and the IDS requirements in substations.
Download the latest software version for StationGuard in our Customer Portal.