Functional Security Monitoring in Substations
The communication network is the backbone of a modern substation. Many critical functions, such as time synchronization, blocking and interlocking schemes, and even protection functions depend on this network. Therefore, it must work reliably under all circumstances.
StationGuard not only detects cyber threats and prohibited actions in the substation network; it also records critical events like failures of intelligent electronic devices (IEDs), configuration errors, and network problems and then logs them for later analysis.
StationGuard and its user interface are tailor-made for protection, automation, and control engineers in substations. No dedicated IT knowledge is necessary for reliable substation monitoring. It is designed to save precious time when debugging intermittent network and substation automation system (SAS) issues.
StationGuard on the RBX1 platform
The cybersecurity and functional monitoring system observes communication networks in substations. It reveals communication failures, interoperability issues, failed commands, cyber threats, and prohibited activities. StationGuard detects time synchronization loss, excessive transmission delays, problems with GOOSE messaging and Sampled Values, MMS report issues, as well as erroneous Modbus, IEC 60870-5-104, and DNP3 protocol communication – and much more.
StationGuard performs an extensive verification of substation traffic for many different protocols. For example, for GOOSE alone it carries out 35 different checks for detecting IED failures, configuration, and interoperability issues.
It logs all critical events for later analysis, like control commands in switchgear and tap changers. In addition, all file transfers are logged with file names, for example when disturbance records are downloaded.
Learn more about which functional issues can be detected:
IED configuration changes
StationGuard monitors the configuration revision fields from messages in the network 24/7 and detects changes in device configurations.
StationGuard runs continuous comparisons of the IEC 61850 configuration parameters with the specifications in the SCL file. Typical misconfigurations like incorrect VLAN configuration, erroneous GOOSE parameters, or wrong datasets are detected.
StationGuard measures the transmission time of each GOOSE message. Besides denial-of-service attacks, this reveals failures and time synchronization issues from IEDs, as well as network problems like overload.
StationGuard shows warnings for failed control commands in MMS and IEC 60870-5-104 (function available soon also for DNP3). Furthermore, it detects protocol and interoperability issues in MMS, IEC 60870-5-104, DNP3, Modbus, Synchrophasor, and many more.
Benefits of this solution
Combined security and communication monitoring
24/7 detection of communication problems
Immediate failure notification
Verifying configuration and interoperability
StationGuard on the MBX1 platform
The mobile MBX1 platform allows you to use StationGuard and its communication monitoring and diagnostic capabilities for multiple substations.
StationGuard on virtual machine platform
StationGuard running on a virtual machine platform allows to install our functional monitoring solution on existing substation computing platforms which support virtualization.
Please note that on virtual machines, StationGuard will have some technical limitations in the area of functional monitoring of process bus and precision time protocol (PTP) synchronization, compared to StationGuard on the RBX1 and MBX1 platforms.