Functional Security Monitoring in Substations

The communication network is the backbone of a modern substation. Many critical functions, such as time synchronization, blocking and interlocking schemes, and even protection functions depend on this network. Therefore, it must work reliably under all circumstances.

StationGuard not only detects cyber threats and prohibited actions in the substation network; it also records critical events like failures of intelligent electronic devices (IEDs), configuration errors, and network problems and then logs them for later analysis.

StationGuard and its user interface are tailor-made for protection, automation, and control engineers in substations. No dedicated IT knowledge is necessary for reliable substation monitoring. It is designed to save precious time when debugging intermittent network and substation automation system (SAS) issues.

Expert recommends

StationGuard on the RBX1 platform

The cybersecurity and functional monitoring system observes communication networks in substations. It reveals communication failures, interoperability issues, failed commands, cyber threats, and prohibited activities. StationGuard detects time synchronization loss, excessive transmission delays, problems with GOOSE messaging and Sampled Values, MMS report issues, as well as erroneous Modbus, IEC 60870-5-104, and DNP3 protocol communication – and much more.

Functional Issues Detected by StationGuard

StationGuard performs an extensive verification of substation traffic for many different protocols. For example, for GOOSE alone it carries out 35 different checks for detecting IED failures, configuration, and interoperability issues.

It logs all critical events for later analysis, like control commands in switchgear and tap changers. In addition, all file transfers are logged with file names, for example when disturbance records are downloaded.

Learn more about which functional issues can be detected:

IED configuration changes

StationGuard monitors the configuration revision fields from messages in the network 24/7 and detects changes in device configurations.

Configuration errors

StationGuard runs continuous comparisons of the IEC 61850 configuration parameters with the specifications in the SCL file. Typical misconfigurations like incorrect VLAN configuration, erroneous GOOSE parameters, or wrong datasets are detected.

Network problems

StationGuard measures the transmission time of each GOOSE message. Besides denial-of-service attacks, this reveals failures and time synchronization issues from IEDs, as well as network problems like overload.

Interoperability problems

StationGuard shows warnings for failed control commands in MMS and IEC 60870-5-104 (function available soon also for DNP3). Furthermore, it detects protocol and interoperability issues in MMS, IEC 60870-5-104, DNP3, Modbus, Synchrophasor, and many more.

Benefits of this solution

StationGuard on the MBX1 platform

The mobile MBX1 platform allows you to use StationGuard and its communication monitoring and diagnostic capabilities for multiple substations.

StationGuard on virtual machine platform

StationGuard running on a virtual machine platform allows to install our functional monitoring solution on existing substation computing platforms which support virtualization.

Please note that on virtual machines, StationGuard will have some technical limitations in the area of functional monitoring of process bus and precision time protocol (PTP) synchronization, compared to StationGuard on the RBX1 and MBX1 platforms.


Content cannot be displayed as the plugin requires cookies to be executed.

StationGuard – Cybersecurity tailor-made for substations

Get in touch

Need more details? Get a quotation?
Request for a demo?

You are using an outdated browser version.
Please upgrade your browser or use another browser to view this page correctly.