OMICRON Magazine

The process and support networks are logically and physically separated. Communications using the IEC 61850 Ed. 2 protocol are implemented on a different interface from that used to access devices for engineering or maintenance purposes. The entire process network is segmented, with each segment being separated from the others by a redundant firewall. We decided to use a data diode to handle the transfer of data from the installation to higher levels of the network. A data diode ensures that no external network traffic can access the installation. Hacker monitoring within the installation All of these measures provide a high degree of security, but they cannot prevent a cyberattack with 100% certainty. To cover this eventuality, we were looking around for a monitoring system that recognizes any non-conforming behavior in the network and immediately outputs an alarm. The StationGuard intru- sion detection system (IDS) from OMICRON was the perfect solution for our requirements. This IDS has been specifically developed for use in substations and comprises a software solution running on a specially hard- ened operating system and a simi- larly hardened hardware platform called RBX1, which we can install directly in the substation, thanks to its rack-compatible dimensions. During setup, StationGuard creates a system model by automatically reading out the station-specific SCL file (Substation Configuration Language) and then continuously compares it with the events in the substation. Should this monitoring process throw up any anomalies such as unauthorized access or malfunc- tions in IEC 61850 communications, the IDS can output an alarm in the control center and initiate a series of response actions. All events and alarms are visualized graphically in a way that is familiar to both control and protection engineers and IT specialists. In order to prevent false alarms during maintenance activities, the engineer will inform the IDS in advance about the used test equip- ment and switch StationGuard to maintenance mode for that session. With its comprehensive monitoring functions and minimal set-up and support requirements, StationGuard gives us a significant increase in subsation security. Should this monitoring process throw up any anomalies such as unauthorized access or malfunctions in IEC 61850 communications, the IDS can output an alarm in the control center and initiate a series of response actions. Engineering PC WAN Control Center Firewall Gateway Station Bus StationGuard Bay 1 Bay 2 Bay 3 Test PC 8