Cyber security and functional monitoring for substations
The Intrusion Detection System StationGuard can monitor Ethernet networks in substations and detects suspicious behavior, unauthorized actions and malfunctions on the IEC 61850 station or process bus.
StationGuard uses the substation's SCL file to create a complete system model of the IEC 61850 SAS and substation and then compares each individual packet in the network with the live system model. StationGuard performs a detailed verification of all data traffic. StationGuard is configured without a learning phase, using only the SCL description of the system and a few manual entries.
With this worldwide unique and patented approach, a combination of cyber security and functional monitoring, it's not only new threats and still unknown attack scenarios that can be detected, but also different types of malfunctions in the system, such as communication errors in GOOSE, MMS, or Sampled Values and problems with time synchronization.
Made for substations: From the RBX1 hardware platform to the user interface, StationGuard has been specifically designed for substations.
Simple configuration: StationGuard is easily configured by importing the plant's SCD file. Then the IT equipment that was not included in the SCL can be assigned a respective role such as engineering PC or test PC.
Simple visualization: The StationGuard user interface is adapted to the diagrams and terminology used in substations and is based on the plant schematic. Separate detailed views support IT security experts in the deeper analysis of alarms.
Clear alarm messages: Alarm messages are not listed in IT jargon, but are summarized and traced back to the causal processes in the substation. The alarm display and descriptions allow protection and control technicians to work together with the IT security officers in the analysis of alarms.
Maintenance mode: StationGuard's maintenance mode feature allows you to avoid false alarms during maintenance and routine protection tests, while still providing full security.
IEC 61850 analysis in detail: For all data traffic over IEC 61850 communication protocols, not only is the protocol structure analyzed, but also all transmitted signal values and their time stamps. This also permits more complex measurements, such as the transmission times of telegrams, synchronization errors or critical states of the IEC 61850 quality bits.
Extremely hardened platform: The IDS works with a crypto chip that protects against software manipulation. It uses a secure boot chain, full encryption of all data and communication, and a specially hardened Linux operating system.
StationGuard expert support: StationGuard experts are familiar with the network behavior and the known security vulnerabilities of most manufacturers' protection and control devices. Our experts can help you assess alarms and analyze your network records for detectable threat situations.