StationGuard Solution

Intrusion Detection, Vulnerability Management, Asset Inventory

and Functional Monitoring for the Power Grid

Certificate Number:
BSI-DSZ-BSZ-0006-2023
Valid to: 27.09.2025
Updates to: 27.09.2025
The StationGuard Solution

Visibility

Make your communication

and risks visible.
Intrusion and
Threat Detection

Use the innovative allow-list

approach for superior analysis
and an efficient response.

Vulnerability Management

Investigate real threats to your

assets with oversight and
insight.

Asset Inventory

Work with the most precise

and detailed asset list.

Functional Monitoring

Detect device malfunctions,

communication issues, and
configuration errors.

2
 StationGuard Sensors
Our innovative allow list (whitelist) approach
minimizes false alarms and enhances collaboration
between IT and OT engineers by providing actionable
alarm messages based on a deep understanding of
power utility automation system events.

p. 4–11

Functional Monitoring
StationGuard not only detects cyber threats and
prohibited actions in utility automation and SCADA
system networks; it also records and logs critical
events, such as device failures, configuration errors,
interoperability issues, and network problems for later
analysis.

p. 12–13

Asset Inventory and

Vulnerability Management
The powerful central management system GridOps
provides comprehensive alert analysis and threat
investigation. Use the ability to integrate partner
SIEMs and improve your vulnerability management for
complete network visibility and control.

p. 14–21

Platform Options
Choose from three different platform options to
meet your specific needs. Whether mobile, virtual, or
stationary, we offer support to help you find the right
platform for your application.

p. 22–23

3
 IT security in the power grid

In recent years, there has been an increase in cyber attacks

against critical control systems in production facilities and
energy supply companies. Therefore, many utilities are
introducing processes to reduce the risk of cyber attacks.
These measures have mainly focused on IT networks and
control centers. However, substations, power plants, and
networks represent critical attack vectors. Consequently,
these plants’ operation and maintenance processes must
also be included in the cybersecurity risk assessment.
To ensure that the power grid is thoroughly protected
against cyber attacks, the security strategy has to address Firewall
each level. A security concept extends from physical
Firewalls ensure that only specific endpoints
access control to digital access monitoring to monitoring
can communicate with the devices behind it,
suspicious or forbidden activities in the network. This
using only permitted protocols. However, there
requires systems that offer a high level of security with
are ways of circumventing firewalls.
low maintenance in the long term. Moreover, it should be
easy to integrate them into operational and maintenance
workflows.

Attack points
circumventing firewalls:
Remote access Testing PCs
for maintenance connected to
and control. the station bus.

Maintenance PCs Files transferred

connected to the network to the PCs used in
or directly to IEDs. the substation.

The unprotected core

> Critical systems, whose communication must
work reliably.
> Unpatched IEDs: Updates cannot be installed
fast enough due to the effort involved.
> Legacy devices with security vulnerabilities
that can no longer be updated.

4
Firewalls do not provide in-depth protection Defense-in-Depth
There are many ways of circumventing a firewall. Many sites The Defense-in-Depth principle, as set out in IEC 62443,
employ remote access for retrieving fault records or for not only recommends applying measures that „harden the
maintenance. These connections provide a route by which shell“ but also introduces several layers and fallback levels
malware can find its way into a substation’s devices. that help provide a zoned level of security.
Maintenance and testing PCs provide another attack One such measure is the provision of security updates for
vector. These PCs are connected to the entire network IEDs. However, the effort and cost involved are high, so
or directly connected to individual protection or control updates cannot always be installed quickly enough. Not
devices. being able to update Legacy devices is common if the
vendor is not providing updates.
Therefore, these systems must be monitored to ensure
that attacks are detected early, and their consequences are
minimized.

Countermeasure: network monitoring

The unprotected core of the power grid is suscep-
tible to attacks. However, almost all attacks take
months to prepare and can be detected before
damage is inflicted. If a device has been infected
or is no longer working as it should, this often
becomes apparent by its behavior in the network.
Thus, measures are required that will help identify
the tell-tale signs of attacks. This can be achieved by
using an Intrusion Detection System (IDS).

5
 How Intrusion Detection Systems (IDS) work

Intrusion Detection Systems are typically based on one of

these two approaches:

1. Signature-based approach (blocklist)

The IDS scans for patterns of known attacks. Virus
scanners also use this approach. Systems like these
have a lower false alarm rate than learning-based ap- StationGuard does not apply
proaches. The main disadvantage is that few attacks on artificial intelligence but uses
protection and control devices have been known until 30+ years of Omicron’s expert
now. Yet even the first occurrence of an attack can have knowledge paired with
serious consequences, which means there is little benefit information from standards
in adopting the signature-based approach for intrusion and engineering files.
detection in the power grid.

2. Baseline / learning approach

During the learning phase, certain protocol markers
are observed and the usual pattern of behavior
within that network is learned accordingly. After the initial
learning phase, the system raises an alarm as soon as one
of the protocol markers behaves uncharacteristically. Any
actions that did not occur during the learning phase, such
as, switching operations or maintenance activities, will raise
an alarm.
Additionally, the system only knows the protocol mark-
ers, but does not understand what is happening in the
substation. This means that the alarm messages produced
can only be interpreted by IT specialists that have utility
automation knowledge. Therefore, there are a high
number of alarms that require a lot effort for analysis.

6
StationGuard learns all the
communication paths by
3. The StationGuard approach
Power utility automation and SCADA systems are
deterministic, which means their behavior is clearly
evaluating the SCL files.
defined, even in exceptional situations, e.g., during
protection events.
By building on this feature, a completely new approach
can be applied for detecting cyber-attacks.
Since it knows the function of each device, StationGuard
creates a system model of the entire automation system
and then compares every single network packet with this
live system model. This corresponds with an allow
list (whitelist) approach, where all allowable behavior
is described and everything deviating from it sets off
an alarm. Completely new types of attacks can also be
detected when using this approach.
StationGuard’s allow list goes into detail at a granular
level. Even the signal values in the messages are evalu-
ated using the system model. This not only allows it to
detect cyber threats and prohibited activity, but issues in
the automation and SCADA functions can be detected as
well. This is why we named the combination of intrusion
detection and functional monitoring „Functional Secu-
rity Monitoring“. We’ve been researching this approach
since 2010. Combining power system and security
knowledge is what makes StationGuard so effective.

A learning phase is not necessary to configure Station-

Guard. Only a few user inputs for describing the purpose
of each device are required. When it comes to IEC 61850
StationGuard contains the
systems, this process can be sped up drastically by
know-how from decades
importing SCL files.
of international experience
in SCADA and substation
communication.

Benefits
> Low number of false alarms, as
StationGuard knows the processes in
energy systems
> Alarms are understandable without
protocol knowledge
> Reliable detection of unauthorized
actions
7
The allow list (whitelist) approach of StationGuard

Security at the granular level

The fact that all network traffic is monitored and validated
in great detail means that it not only detects threats to IT
security, such as illegal encoding and unauthorized control
operations. StationGuard also identifies communication
errors, time synchronization problems, and hence, different
kinds of malfunctions in the substation. If the IDS also
applies the single-line diagram, then there is virtually no
limit to the depth of monitoring that can be carried out.
For example: StationGuard currently recognizes 35 differ-
ent alarm codes for GOOSE, ranging from simple sequence
number errors to complex measurements, such as exces-
sively long message transmission delays. In the latter case,
the arrival times of the packets are measured and com- If a device does not behave
pared with the event time stamps within the messages. If as specified according to
the measured transmission time is longer than IEC 61850-5 the allow list, an alarm will
permits, StationGuard raises an alarm which indicates that be raised.
there may be a problem with sending the IED, the network,
or with time synchronization.
The same degree of detail is analyzed for the IEC 60870-5-
104 protocol. Station-Guard also reports critical states and
encoding errors for dozens of other OT protocols.

StationGuard measures packet

transmission times. If the
time is longer than IEC 61850
permits, StationGuard raises an
alarm.

8
 MMS, IEC 60870-5-104 and DNP3
communication
StationGuard is aware of which data points control which
functions. For example, the same command may be used to
control a circuit breaker, a tap changer and to change the
test mode setting of a device. The effect in the substation
is markedly different in each case. StationGuard is able
to make this distinction and knows which device should
control what and in which situation. These fine-tuned
permissions are documented and can be reviewed in
StationGuard.

Other protocols
StationGuard performs deep packet inspections on
dozens of power systems and classical IT protocols. By
using this, StationGuard not only detects encoding viola-
tions in these protocols, but is also aware if port numbers
e.g., of remote connections are hijacked by unexpected
applications (port spoofing).

Supported protocols (deep packet inspection)

•, IEC 61850 • FTP, HTTP
• IEC 60870-5-104 • RDP
• DNP3 • NTP
• PRP/HSR • ARP, DHCP, ICMP
• Modbus TCP • MySQL, MS SQL,
• Synchrophasor PostgreSQL
• DLMS/COSEM • HTTPS, SSH (application
detection, without
StationGuard • AMI
decryption)
knows the behavior • TASE.2/ICCP
• telnet
of each device in • S7
• RIPv2
the network. • EtherCAT
• SSDP
• Profinet
• ...
• ...

Benefits
> Every single packet is compared to the
system model (allow list)
> Functional and communication
problems are detected in addition to
cyber threats
> StationGuard supervises the secure
function of all communication in the
substation and SCADA system
9
Faster responses with understandable alert messages

To set up, operate, and maintain conventional Intrusion Detection Systems (IDS), IT specialists and automation and control
engineers are required. Both types of specialists must be on call around the clock to help analyze the cause of alarms. The
costs involved with this are unacceptable for many utilities. StationGuard offers utilities a new, low maintenance alternative.
StationGuard is aware of the typical functions in substations and how the IT equipment, such as engineering PCs and test
PCs, are expected to be used. As all this information is automatically available, StationGuard is set up quickly and ready to
protect the network – no learning phase is required.

Reliably identifying the cause of alerts

The alerts triggered by a security system should assist the operator, not cause further confusion. Therefore, the Station-
Guard alerts not only appear in an event list but are shown graphically in the overview diagram. The power system events
behind the network packets are identified and displayed in clear terminology.
Let us consider the following example: A testing PC attempts to control the circuit breaker using the MMS protocol. The
associated alert message is not displayed using protocol terms but is interpreted according to what happened in the substa-
tion. It contains information such as: What exactly happened? Which device is responsible?
This allows IT security officers as well as SCADA- and protection engineers to collaborate efficiently to determine the cause
of an alert. Substation engineers can understand IDS alert messages as if they were studying an operating log, an event list,
or a warning list in their HMI or station controller.

Clearly understandable
alarm messages
attributed to events in
the plant.

“It is really easy to work with StationGuard. All neces-

sary information is displayed clearly and without any
IT slang. And it all comes with the high level of quality
that we’ve come to expect from OMICRON.”
At a glance, it is clear
Yann Gosteli
which device caused the Head of Substation Automation Systems
alarm and in which bay. CKW AG, Switzerland

10
Normal operation Maintenance and commissioning
StationGuard analyzes all communication and knows Testing and maintenance is important and must not result
precisely which information may or may not be transmitted in any false alarms, yet a high level of security still has to be
at any given moment. Which devices are allowed to be ensured. To satisfy these requirements, StationGuard offers
active now? Which control commands are permitted and a „maintenance mode“. Maintenance and testing activity
does the response to them make sense? Which measured will only be permitted when this mode is activated.
values are being transmitted? Is the timing of the messages In many attack scenarios, vulnerabilities in vendor protocol
correct? This enables any likely problems with the IEDs or or web interfaces are exploited. Therefore, StationGuard
the network to be detected at an early stage, even before can issue an alarm if communication with manufacturer’s
they fail. tools occurs during normal operation and only permit it
This comprehensive functional and security monitoring is while in maintenance mode. The engineering PCs and test
unique and offers advantages that go well beyond those sets can be registered in StationGuard before they are
normally expected of an intrusion detection system (IDS). used so that authorized tasks can be performed without
The graphical user interface allows protection and control triggering false alarms.
engineers to quickly get to grips with StationGuard, as it This has no adverse impact on the security while testing: If
matches the documentation diagrams and the event view an infected testing PC communicates suspiciously, an alarm
in the station controllers. will be raised.

Certain actions are

only allowed during
maintenance mode.

Advantages
> Alarms are understood by IT
security officers as well as SCADA &
protection engineers
> Fewer false alarms during routine
testing while maintaining a high
level of security
> No learning phase, immediate
protection

11
Detecting malfunctions and configuration errors

Functional Monitoring
StationGuard not only detects cyber threats and prohibited actions in utility automation and SCADA networks; it also
notifies you of critical events and malfunctions, such as failures of intelligent electronic devices (IEDs), configuration errors,
and network issues, and then logs them for later analysis. In addition, all file transfers are logged with file names, for
example, when disturbance records are downloaded.
In the following, there are some examples of functional issues that can be detected:

IED configuration changes

If a device’s configuration changes, StationGuard issues an alarm.

StationGuard monitors the configuration revision fields from messages in the network 24/7 to detect changes in
device configurations.
For example, it detects the common commissioning error that the configRevs are different on the sender and
receiver sides of the communication.

Configuration errors

If a device’s configuration is incorrect, StationGuard raises an alarm. It will detect mistakes immediately.
StationGuard continuously compares the IEC 61850 configuration parameters with the specifications of your prior
input or SCL files.
Typical misconfigurations like incorrect VLAN configuration, erroneous GOOSE parameters, or incorrect datasets are
detected.

Event log with various malfunctions detected

12
Network and time synchronization problems

StationGuard detects slowed down (GOOSE) message transmissions and failed time synchronization.
StationGuard measures the transmission time of messages by comparing sender timestamps with packet arrival
timestamps. An alarm is triggered if this measurement reveals an error.
In most cases time synchronization issues cause such alarms. Using the same method, StationGuard also detects
if an IED’s response time is slowed down due to overload, a denial-of-service-attack, or due to the network being
unreasonably slow.

IEC-104 and IEC 61850 control commands

StationGuard detects and records failed control commands and interoperability issues.
StationGuard logs all IEC 60870-5-104 and MMS control commands. If a command fails, it creates warnings and
records network traces for later analysis. Furthermore, it detects protocol and interoperability issues in MMS, IEC
60870-5-104, DNP3, Modbus, Synchrophasor, and many more.

Recording of file transfers

StationGuard records file downloads and uploads, such as disturbance records.

All file transfers in IEC-104 and MMS are logged along with file names and a network recording. You will see who
accessed files on IEDs and when the event occurred.

13
Alert analysis and threat investigation

Alert investigation (GridOps)

The GridOps Alerts Dashboard was designed to provide a compre-
hensive picture of your power grid security posture by having access
to security-related data combined with operational data that make GridOps -
network operations and security concerns more visible. Central management
GridOps allows you to analyze the combined event log from all sensor system for StationGuard
locations and it visualizes all events from different perspectives,
looking at various indicators. It enables you to see alert patterns and Unified platform
trends for specific device types or locations.
> Reduces false positives and
Alert logs can be reviewed and analyzed,which is essential for identify- focuses on essential matters
ing security incidents, policy violations, operational issues, and more.
> Full visibility 24/7 for security
Its analysis capabilities can also be used to aid with audits and forensic
incidents, functional issues,
analyses and identifying current operational and long-term problems.
and more.
Real-time insights into all grid operation networks support multiple
> Accelerates and simplifies
teams; security officers can enforce security policies that protect
responses to incidents.
the networks without disrupting operation, and they benefit from
communication monitoring to drive network segmentation.
Protection and control engineers will gain visibility and insights that
ensure the availability of utility automation networks.

With GridOps you can ...

... understand how a threat

appeared, what created it, if it
made a connection, and more.

... seamlessly collaborate with

IT security teams and OT teams
for optimized handling of
incidents and vulnerabilities.

... reduce operational risks by

being prepared for handling
Dashboard with alert statistics for multiple sites security incidents.

... look for anomalies in the typical

behavior of your grid to detect all
types of threats.

... visualize every attempted

attack and behavior deviation, no
matter how subtle.

14
 Control Center SOC
Data Center
Purdue Level

Grid Level
StationGuard Sensor GridOps
3

RBX1

RTU HMI Engineering PC GridOps RTU HMI Engineering PC GridOps

Station Level
Purdue Level
2

StationGuard Sensor StationGuard Sensor

RBX1 RBX1
Purdue Level

Bay Level
1

IED IED IED PLC PLC PLC

Substation Power Plant

StationGuard Deployment Diagram

What does our StationGuard Solution include?

The StationGuard sensors can be installed in control centers,

power plants, and substations for implementing intrusion
detection, network visualization, asset discovery, and for
monitoring the correct function of power utility automation
systems. The StationGuard sensors allow for flexible
deployment:
> RBX for a permanent installation
Certificate Number:
> VBX for a virtual platform
BSI-DSZ-BSZ-0006-2023
> MBX for temporary usage or permanent installation* Valid to: 27.09.2025
Updates to: 27.09.2025

GridOps is the central management system for

StationGuard. It provides functions for event analysis and StationGuard (v.2.21) on the RBX1 has been awarded the IT
alerts, asset inventory and vulnerability management, security certificate (BSZ) by the German Federal Office for
and for managing the sensors. Its main feature is a single Information Security (BSI).
platform for visualizing cybersecurity risks, threats and This certificate confirms compliance with all IT security
monitoring assets and events (cybersecurity as well as criteria for an intrusion detection system (IDS).
functional) across the grid.
GridOps can be installed at a control center or at a
Security Operations Center (SOC) to centrally manage all
StationGuard IDS sensors from a single location.

*via available DIN rail mounts 15

Network Visibility

Network Visibility from Grid to Station

There are pressing questions that IT security officers and
SCADA and OT network engineers face: What is the overall
threat and risk state of our critical OT networks right now?
What is the structure of these network zones and how are
they interconnected? How are the devices communicating
within and across these boundaries?
These questions and more demand a versatile tool that
empowers users to drill down with a bird’s eye view into
the plant network perspective, and even further into the
communication details between individual assets.
Our StationGuard solution offers this high level of system
transparency.

1 Grid level picture

Different Dashboards allow you to oversee the status of all grid
automation networks from a bird’s eye view. Threats, functional
issues, or vulnerabilities that need immediate action can be seen
at a glance.

16
 2 Station network diagram
Diving one level deeper allows you to observe the networks using our unique view which com-
bines aspects of the Purdue Model diagram with single line diagrams well known to protection
and SCADA engineers. This combination enables optimal collaboration between both worlds.
These diagrams can be generated automatically from SCL engineering files. They can also be
improved manually and plant documentation spreadsheets can even be imported to improve
equipment names.

3 Communciation relationships between devices

Eventually, the insight from the communication and protocols between
devices comes to the forefront. Asset details and type plate information can
be observed there. IT specialists can determine the bay and voltage level
of each asset and can deliberate efficiently with OT protection engineers
through the shared terminology.

17
Automatically collect data for enhanced vulnerability detection

An asset inventory database with precise details about each Receive detailed information about your assets
protection and control IED is crucial to successful vulner-
Using this aggregation of passively observed information
ability and risk management. The more information you
with imported engineering files and spreadsheets, gives
have about each asset, the more accurate your vulnerability
you the most precise asset information possible. It includes
analysis and prioritization will be. Our StationGuard solution
engineering descriptions, type, hardware configuration,
supports you throughout the entire workflow from creating
product ordering codes, and firmware version.
and updating the asset inventory to vulnerability and risk
management. You can export the inventory and import it into asset and
configuration management systems, ERP systems, and
StationGuard automatically discovers all assets in the
spreadsheets. By importing spreadsheets (CSV-files) into
network, creates a global asset inventory database, and
StationGuard, you can close the loop and synchronize it
alerts you to new assets in your networks. It collects
with any other source. You can optionally enable Station-
accurate information for each asset by combining network
Guard’s Active Asset Identification to automatically read
analysis with imported SCL engineering files and plant
device configuration and firmware version information on
documentation spreadsheets. The asset inventory can be
the network.
updated by importing information from external sources.
As a result, our StationGuard solution compiles an asset
inventory with in-depth information from multiple sources
to provide the best possible foundation for vulnerability
management.

GridOps Asset Overview

18
Vulnerability Management
Security regulations for critical systems, such as the EU NIS directive and NERC-CIP, stipulate vulnerability management as a
vital aspect of any cybersecurity program for the power grid. Only with an optimal vulnerability management in place, you
can determine and implement an appropriate mitigation strategy by mapping officially known vulnerabilities to your system
infrastructure.
You can only protect, what you see
Our vulnerabilities dashboard gives you a better understanding of the network’s critical points and your overall security
vulnerability exposure. It also informs users about recently discovered vulnerabilities by continuously auditing these assets
for any potential threats. The more information users have about each asset, the more accurate the detection, analysis, and
prioritization will be.
A decisive advantage: Users may only look at the vulnerabilities which are relevant to them. It only takes a few clicks – using
OMICRON’s custom-built vulnerability database for power grid automation and network devices. The system quickly
identifies which assets are vulnerable to a particular CVE (Common Vulnerability Exposure).
Additionally, the compilation of comprehensive and meaningful reports for management, auditors, and regulators for
assisting in risk prioritization and mitigation is simpler than ever before. Stakeholders will welcome increased visibility and
the system’s highlighted security posture and risk.

GridOps Vulnerabilities Dashboard

19
Beneficial integrations and partnerships

The StationGuard Solution provides plugins for ticketing Simple integration into your network
systems, like ServiceNow, for automatically creating work
An effortless way to integrate StationGuard sensors into
tickets that respond to IDS alerts. By importing the asset
legacy systems is by using the binary outputs from the
inventory from StationGuard, tickets are automatically
RBX1 platform. The presence of an unacknowledged alarm
assigned to the engineer responsible for the asset or site
is signaled in the binary outputs, which can be wired to
involved in the alert.
an RTU (Remote Terminal Units) and integrated into the
SCADA signal list.
Access control for protecting data and networks
Integration into LDAP/ ActiveDirectory can be configured Alternatively, our easy-to-understand alert messages
via the central management system. It has different user can also be forwarded using the syslog protocol. Various
roles for controlling access to the various functions for plugins are available for integrating StationGuard sensors
viewing and configuring your StationGuard instances. For into security information and event management (SIEM)
example, only authorized users can change the configura- systems and ticketing systems of different vendors.
tion or activate the Maintenance Mode. If all networks are
down, StationGuard sensors can also be accessed individu-
ally using the StationGuard local client user interface.
Insider threats can be reduced and even eliminated using
RBAC (Role-Base Access Control). It improves the security
of the system and networks. It also enhances efficiency by
minimizing the need for password changes and human
error in privilege assignment.

ServiceNow integration

StationGuard for Splunk App

FortiSIEM integration

20
Our Partners for secure power grids

Technology partners
Fortinet
Fortinet’s Open Fabric Ecosystem provides you with integrated solutions
for comprehensive end-to-end security.

Integrating StationGuard Solution into FortiSIEM:

Improves security, compliance, and business agility.

Splunk
Splunk captures, indexes, and correlates real-time data in a searchable
repository from which it generates graphs, reports, alerts, interfaces, and
visualizations.

Explore the StationGuard for Splunk App on Splunkbase:

On-demand reports with statistical analysis.

Content and sales partners

NTS
Together with high-end manufacturers, NTS assumes digital responsibility
and creates IT solutions with reliable services for the areas of network,
security, collaboration, cloud, and data center.

Combine the StationGuard Solution with NTS Threat Detection Service:

Deliver rich analytical reports that support risk identification and improve
security posture.

ALSEC
Their cybersecurity experts support you with proficient and individual
services: Starting with training, the development of processes and
evaluation of products to their implementation.

Combined knowledge of OMICRON and ALSEC:

Risk Reporting & Business Security Intelligence for planning & preparing
for the future.

Explore more of our partners and communities,

such as EE-ISAC, on our homepage:

https://www.omicronenergy.com/en/cybersecurity-partners/

21
Three different platform options

The StationGuard sensors are available on three different platforms. Depending on your needs, you can choose to use
StationGuard on the RBX or MBX hardware platform or on a virtual machine (VBX). Since all of StationGuard’s intelligence is
contained in the sensors, the sensors run autonomously - a permanent connection to a central server is not required.

StationGuard on RBX platform

Running StationGuard on the RBX hardware is a tailor-made IDS
solution for protecting utility automation and SCADA systems
against cyber threats and zero-day attacks. The 19”-rack-mount-
able RBX platform is made for harsh power grid environments. It
has enough performance and memory to record all events and
associated traffic, even though the event may have occurred a
long time ago.

The RBX comes with unmatched security features like full disk
encryption, an ISO/IEC 11889 compliant cryptoprocessor chip
and a customized secure (UEFI BIOS). It also includes Binary
outputs that easily integrate IDS alerts into the SCADA signal list.

StationGuard on VBX platform

The StationGuard sensors are also available as a virtual appliance
that can be installed on existing computing platforms.

Like the hardware platforms, the virtual variant can also run
completely independently, recording and logging events even
without a permanent connection to the central server. Please
note that on virtual machines, there may be technical limitations
when it comes to functional monitoring of process bus
applications, compared with StationGuard on the RBX and MBX
platforms.

StationGuard on MBX platform

With the mobile version of StationGuard you can perform a
quick security assessment of a plant network, or quickly gener-
ate an asset inventory list from all devices in the network.
During the commissioning or maintenance phases, many
engineers and external service providers connect their
equipment to the vulnerable plant network. StationGuard
on the MBX is perfectly suited for temporarily monitoring the
network during this period to alert you to prohibited behavior
and to record critical actions during commissioning and
maintenance.
Optionally, the portable MBX hardware unit can also be
installed peramently via the included DIN rail mounts.
22
Technical specifications of the RBX1 platform

Environmental conditions Standards

Operating temperature -20 °C ... +55 °C / Product standards IEC 61850-3

-4 °F ... +131 °F IEEE 1613
Storage temperature -25 °C ... +70 °C / Severity Level: Class 1
-13 °F ... +158 °F EMC standards IEC 61326-1
Relative humidity 5 % ... 95 % IEC 60255-26
(non-condensing) IEC 61000-6-5

Ingress protection according to IEC 60529 IP30 Safety EN 60255-27

EN 61010-1
EN 61010-2-030

See further details in the technical data sheet.

RBX1 platform back view

Performance
Secure cryptoprocessor
Binary outputs
Passive cooling
8 outputs in 2
potential groups Quad-core processor
250 V / 8 A with 16 GB ECC memory
512 GB storage
(~450 GB free)

Fault contact Binary inputs

4 inputs in 2 potential
groups, CAT III 250 V

Network Supply
4x 1 Gbit/s SFP + RJ45 as combo ports 100 ... 240 V DC and AC (±10%)
4x 1 Gbit/s SFP Display 48 ... 60 V DC (± 10 %)
Supports hardware time stamping for IEEE 1588 PTP 1x HDMI (redundant supply opt.)

RBX1 platform front view

USB Network
4x USB 3.0 1x 1 Gbit/s RJ45
Supports hardware time
stamping for IEEE 1588 PTP

23
We create customer value through ...

Quality
We always want you to be able to rely on our
testing solutions. This is why our products
have been developed with experience, passion
and care and are continually setting ground-
breaking standards in our industry sector.

ISO 9001

You can rely on the

highest safety and security Superior reliability
standards with up to
%

72
hours burn-in tests
before delivery

More than

30.000
automated software ISO 9001
tests executed 24/7 TÜV & EMAS
ISO 14001
OHSAS 18001

Compliance with international

standards
Innovation
Thinking and acting innovatively is something
that’s deeply rooted in our genes. Our compre-
hensive product care concept also guarantees
that your investment will pay off in the long
run – e.g. with free software updates.
Save up to

70%
of time
More than in set-up and operation

200
developers keep
our solutions up-to-date

I need...

... a product portfolio

More than tailored to my needs

15%
of our annual sales is
reinvested in research and
development
We create customer value through ...

Support
When rapid assistance is required, we’re
always right at your side. Our highly-qualified
technicians are always reachable to ensure
minimized downtimes.

Professional technical support

at any time

25
offices worldwide for local
contact and support

Cost-effective and straight-

forward repair

Cybersecurity experts provide

solutions quickly and easily
Knowledge
We maintain a continuous dialogue with users
and experts. Customers can benefit from our
expertise with free access to application notes
and professional articles. Additionally, the
OMICRON Academy offers a wide spectrum of
training courses and webinars.
More than

300
???

Academy and numerous

hands-on trainings per year

Frequently OMICRON hosted

user meetings, seminars and
conferences

Free
access

to thousands of technical
papers and application notes

Extensive expertise in
commissioning and
consulting
OMICRON is an international company that works passionately on ideas for making electric power systems safe and
reliable. Our pioneering solutions are designed to meet our industry’s current and future challenges. We always go
the extra mile to empower our customers: we react to their needs, provide extraordinary local support, and share
our expertise.

Within the OMICRON group, we research and develop innovative technologies for all fields in electric power
systems. When it comes to electrical testing for medium- and high-voltage equipment, protection testing, digital
substation testing solutions, and cybersecurity solutions, customers all over the world trust in the accuracy, speed,
and quality of our user-friendly solutions.

Founded in 1984, OMICRON draws on their decades of profound expertise in the field of electric power engineering.
A dedicated team of more than 1.100 employees provides solutions with 24/7 support at 24 locations worldwide
and serves customers in more than 170 countries.

The following publications provide further information on the solutions

described in this brochure:

IEC 61850: Thematic introduction and StationScout IEDScout

testing solutions Substation Automation System Testing Versatile software tool for working with IEC 61850 devices

IEC 61850 StationScout IEDScout

Brochure Brochure Brochure

For more information, additional literature, and detailed contact information

of our worldwide offices please visit our websites.

www.omicronenergy.com © OMICRON, 06 2024

www.omicroncybersecurity.com Subject to change without notice.