We offer solutions in station control technology in medium and high voltage, both to centralised and decentralised traction networks – spanning simple 15 kV switching posts to complex substations with double busbars and multiple bus couplers in the 110 kV range. Here, the station bus forms the highly available functional basis of the entire system in accordance with IEC 61850.
We have developed extensive expertise through the provision of the complete secondary technology for converter stations from 50 Hz to 16.7 Hz. This ranges from implementing the busbar protection system at both frequency levels to protecting the converters that we integrate into our control technology. Our solution is completed by the visualisation and management of operating points, the recording and evaluation of characteristic curves as well as the logical input of target values.
With the capacity to realise as redundant the gateways and visualisation in hot-standby function, we provide a highly available overall system.
Today, we need more than just the function of station control technology alone. For critical infrastructure operators, it is vital that the functionality itself be protected through adequate measures. The measures derived from various international standards (IO27001, IEC62443) and numerous comprehensive industry standards (e.g. BDEW-Whitepaper) need a sophisticated solution to meet the necessary requirements in the context of IT and OT security. A good solution consists of interrelated mechanisms which, despite their complexity, are easy to handle. This approach takes centre stage in the solution we have developed, creating an environment based on standard technology that can be expanded in stages:
- Hardening and configuration based on the Center for Internet Security (CIS)
- Use of CIS controls for secure system configuration
- Protection against unauthorised access and defence against denial-of-service attacks
- User/role management and secure authentication
- Integration of external components into the secure environment
Measures are required that go beyond the actual communications technology to ensure encrypted communication via cryptographic methods. With our cryptOHBguard® system, we ensure the safeguarding of connections to control centres via the IEC 60870-5-104 protocol through the application layer firewall. This also allows the genua firewall, which is certified by the German Federal Office for Information Security (BSI), to be used. The cryptOHBguard® hardware is also BSI-certified, which significantly increases basic protection. We offer:
- Central management of all security components
- Logging of all relevant events
- Central update management
- Authentication and user/role management
- Anomaly detection and automatic shutdown
In order to remain functional in the event of a communication failure, we offer an alternative radio route. This increases system availability and enables the quick, flexible and also temporary connection of stations to control centres. We also provide an alternative and reliable remote maintenance option, safeguarded by the high-quality components of our cyberOHBguard series.
SECURE OHB C³ – THE HIGHLY SECURE COMMUNICATION SOLUTION FOR CRITICAL INFRASTRUCTURES
OHB Teledata’s Secure OHB C³ (Control Center Connector) is a highly secure communication solution designed specifically for the reliable exchange of data between central control centers and decentralized components in critical infrastructure.
Maximum security through encryption
The Control Center Connector (C³) supports the standardized IEC 60870-5-104 protocol and ensures tamper-proof, encrypted transmission of control and sensor data up to Layer 7 of the ISO-OSI layer model. As a result, it reliably protects critical infrastructure from cyberattacks and unauthorized access.
Easy retrofitting into existing systems
A major advantage of the C³ is its seamless integration into existing infrastructures—without requiring any adjustments to the communication endpoints. It acts as a substation for the central office and as a substation for the central office. This prevents direct TCP connections and enhances the security of the entire communication structure.
Secure wireless data transmission with the radiOHBguard 10scs
By integrating a radio module for 1800/1900 MHz and 450 MHz, data can also be transmitted to the control center via alternative communication channels—ideal for locations without a fixed or stable network connection. In collaboration with 450connect, the C³ enables secure communication over the fail-safe 450 MHz network, which is specifically available to critical infrastructure. Optional data switch that allows the data flow to be transmitted via radio communication as an alternative.
Flexibility and interoperability
- Automatic verification of the protocol components of the IEC 104 protocol for fault detection and alarm signaling
- Replication of IEC 60870-5-104 connections to enable seamless migration of control centers
- Flexible filtering options to reduce data volumes and control command directions
- Protocol conversion from IEC 60870-5-101 (serial) to IEC 60870-5-104 (TCP/IP) for connecting serial interfaces
- Restriction of type identifiers approved by the operator and defined in the interoperability listFlexibility and interoperability
Central Administration
Settings, updates, and changes can be rolled out quickly and securely via a central management platform. Thanks to plug-and-play functionality, replacing components is particularly easy. The operating system is based on OpenBSD and offers maximum protection thanks to its BSI certification. A zero-touch rollout concept is available as an option.
Ideal for operators of critical infrastructure
The Secure OHB C³ offers a secure, flexible, and future-proof communication solution for operators of critical infrastructure. With the highest security standards, easy integration, and comprehensive management options, it ensures reliable control and monitoring of sensitive systems.