Are you an operator of an electrical energy network and need to meet the challenges presented by the BSI KRITIS-Regulation? With over 40 years of experience in the field of energy automation and communications technology, OHB Teledata is an excellent partner when it comes to tackling complex issues from a holistic perspective. The integration of a wide variety of manufacturers and device generations is one of our areas of expertise. Over 400 systems installed and in operation are proof of that.
We offer solutions in station control technology in medium and high voltage, both to centralised and decentralised traction networks – spanning simple 15 kV switching posts to complex substations with double busbars and multiple bus couplers in the 110 kV range. Here, the station bus forms the highly available functional basis of the entire system in accordance with IEC 61850.
We have developed extensive expertise through the provision of the complete secondary technology for converter stations from 50 Hz to 16.7 Hz. This ranges from implementing the busbar protection system at both frequency levels to protecting the converters that we integrate into our control technology. Our solution is completed by the visualisation and management of operating points, the recording and evaluation of characteristic curves as well as the logical input of target values.
With the capacity to realise as redundant the gateways and visualisation in hot-standby function, we provide a highly available overall system.
Today, we need more than just the function of station control technology alone. For critical infrastructure operators, it is vital that the functionality itself be protected through adequate measures. The measures derived from various international standards (IO27001, IEC62443) and numerous comprehensive industry standards (e.g. BDEW-Whitepaper) need a sophisticated solution to meet the necessary requirements in the context of IT and OT security. A good solution consists of interrelated mechanisms which, despite their complexity, are easy to handle. This approach takes centre stage in the solution we have developed, creating an environment based on standard technology that can be expanded in stages:
- Hardening and configuration based on the Center for Internet Security (CIS)
- Use of CIS controls for secure system configuration
- Protection against unauthorised access and defence against denial-of-service attacks
- User/role management and secure authentication
- Integration of external components into the secure environment
Measures are required that go beyond the actual communications technology to ensure encrypted communication via cryptographic methods. With our cryptOHBguard® system, we ensure the safeguarding of connections to control centres via the IEC 60870-5-104 protocol through the application layer firewall. This also allows the genua firewall, which is certified by the German Federal Office for Information Security (BSI), to be used. The cryptOHBguard® hardware is also BSI-certified, which significantly increases basic protection. We offer:
- Central management of all security components
- Logging of all relevant events
- Central update management
- Authentication and user/role management
- Anomaly detection and automatic shutdown
In order to remain functional in the event of a communication failure, we offer an alternative radio route. This increases system availability and enables the quick, flexible and also temporary connection of stations to control centres. We also provide an alternative and reliable remote maintenance option, safeguarded by the high-quality components of our cyberOHBguard series.