Intrusion Detection System (IDS) for the Power Grid

Most national security regulations recommend the usage of network intrusion detection systems (IDS) for monitoring the process networks of critical infrastructure. There are many attack vectors in operational technology (OT) networks in power plants and substations, for example via maintenance PCs and remote access connections. The risk is even greater when it comes to the known vulnerabilities of SCADA systems, protection, and control devices.

StationGuard has been tailor-made for control centers, power plant, and substation networks. It continuously monitors network traffic and anomalies to detect cyberattacks, security threats, and prohibited activities. With its deep understanding of the power grid, the intrusion detection software StationGuard provides a very low number of false alarms and actionable alert messages. It performs deep packet inspection (DPI) for an unmatched number of energy system protocols. The IDS provides cybersecurity in power grids without complexity: Its interface is easy to understand for OT and IT participants in the incident response process.

StationGuard integrates easily into many 3rd-party security operations center (SOC) solutions, such as security information and event management (SIEM), asset inventory management (CMDB), and ticketing systems.

We offer more solutions for cybersecurity in energy systems to ease the daily work of Protection and Control Engineers as well as OT/IT security officers:

OT/ICS Asset Inventory Management and Discovery

Different security regulations, such as the EU NIS directive and NERC-CIP, require you to keep an asset inventory as a base for vulnerability management and performing risk analyses.
StationGuard automatically recognizes all devices in the network, creates an asset inventory, and visualizes communication. In addition, it generates detailed information for each asset by combining the actual network analysis with SCL engineering files. This helps to ensure that all the devices from different suppliers meet current regulatory requirements in accordance with your information security management system (ISMS) directive and national security regulations.

Functional Security Monitoring in Substations

StationGuard combines cybersecurity and functional monitoring. This allows you to detect cyber threats and attacks, in addition to different types of malfunctions in the substation automation system (SAS). You can monitor the substation network 24/7 to analyze issues later. This includes configuration errors, interoperability issues, time synchronization problems, incorrect communication, and much more.

Intuitive visualization enables efficient collaboration between OT-engineers and IT-officers

To depict the network, StationGuard uses a visualization similar to the plant documentation of substations and SCADA network diagrams. In the case of IEC 61850 systems, a diagram is automatically created from the SCL engineering files, which directly corresponds to levels 1 to 3 in the Purdue model.

By structuring the network visualization of the higher Purdue levels also similar to your WAN and plant network plans, the StationGuard network view efficiently serves the needs of IT security officers and OT engineers.

Tailor-made cybersecurity solution for the energy sector

s03-intrusion-detection-system-for-the-power-grid-benefit-1

Seamless integration into your systems

With customized connectors and standards like syslog CEF format, StationGuard integrates into any log management system and other SOC applications. We provide many 3rd-party integration apps for various SIEM and ticketing systems.

s03-intrusion-detection-system-for-the-power-grid-benefit-2

Time-saving and actionable alerts

StationGuard fully understands communication in the power grid. Therefore, it can reliably distinguish between legitimate traffic and malicious activities. It provides accurate and actionable alert messages to the SIEM system with hardly any false alarms.

s03-intrusion-detection-system-for-the-power-grid-benefit-3

Highly secure, highly available

Built-in security features like a cryptoprocessor chip ensure that your data is safe, and the IDS stays available during all circumstances. It can operate autonomously without a connection to a central server. StationGuard has been designed for full compliance with IEC 62443 (certification in progress).

s03-intrusion-detection-system-for-the-power-grid-benefit-4

Easy commissioning and implementation

Importing SCD/SCL engineering files ensures rapid configuration and protects your infrastructure almost immediately without time-consuming learning/baselining phases.

StationGuard on the MBX1 platform

StationGuard on the portable MBX1 hardware provides the same, high level of security as the rack-mountable solution. With the mobile version of StationGuard you can perform a quick temporary security check of a particular system. It is also perfectly suited for monitoring during commissioning when external service partners are engaged in engineering activity.

StationGuard

Cybersecurity and Functional Monitoring for the Power Grid

MBX1

Mobile, hardened test set for powerful communication analysis

StationGuard on virtual machine platform

The StationGuard sensors are available on hardware and virtual machine platforms for permanent installation in substation automation and SCADA systems. Using the virtual machine option, the StationGuard sensors can be installed on existing computing platforms in the substation. The StationGuard sensors can run completely independently, even if the connection to the central server is disconnected.