Cyber security deployment guideline - ABB Group · The cyber security deployment guideline...

RELION® REB500

Distributed busbar protection REB500Version 8.3 IECCyber security deployment guideline

/t1ainm1:nu

Events

Measurements

Disturbance records

Settings

2013-03-3010:53:.10 j$superUser joi,jectname

a

/Mainmenu

=

I ;

D

D

i!9?

J;;:::et�,�

SettirlgS

confi�ation

rua,gr,ostics

rests

O•�

L¥19"39f�

-

I D I

; = D =

/t1ainm1:nu

Events

Measurements

Disturbance records

Settings

2013-03-3010:53:.10 j$superUser joi,jectname

a

/Mainmenu

=

I ;

D

D

i!9?

J;;:::et�,�

SettirlgS

confi�ation

rua,gr,ostics

rests

O•�

L¥19"39f�

-

I D I

; = D =

Document ID: 1MRK 511 453-UENIssued: May 2019

Revision: BProduct version: 8.3

© Copyright 2019 ABB. All rights reserved

Copyright

This document and parts thereof must not be reproduced or copied without writtenpermission from ABB, and the contents thereof must not be imparted to a third party, norused for any unauthorized purpose.

The software and hardware described in this document is furnished under a license and maybe used or disclosed only in accordance with the terms of such license.

This product includes software developed by the OpenSSL Project for use in theOpenSSLToolkit. (http://www.openssl.org/) This product includes cryptographicsoftware written/developed by: Eric Young ([email protected]) and Tim Hudson([email protected]).

Trademarks

ABB and Relion are registered trademarks of the ABB Group. All other brand or product namesmentioned in this document may be trademarks or registered trademarks of their respectiveholders.

Warranty

Please inquire about the terms of warranty from your nearest ABB representative.

Disclaimer

The data, examples and diagrams in this manual are included solely for the concept or productdescription and are not to be deemed as a statement of guaranteed properties. All personsresponsible for applying the equipment addressed in this manual must satisfy themselves thateach intended application is suitable and acceptable, including that any applicable safety orother operational requirements are complied with. In particular, any risks in applications wherea system failure and /or product failure would create a risk for harm to property or persons(including but not limited to personal injuries or death) shall be the sole responsibility of theperson or entity applying the equipment, and those so responsible are hereby requested toensure that all measures are taken to exclude or mitigate such risks.

This document has been carefully checked by ABB but deviations cannot be completely ruledout. In case any errors are detected, the reader is kindly requested to notify the manufacturer.Other than under explicit contractual commitments, in no event shall ABB be responsible orliable for any loss or damage resulting from the use of this manual or the application of theequipment.

This product is designed to be connected to and to communicate information and data via anetwork interface. It is the users’ sole responsibility to provide and continuously ensure asecure connection between the product and to the users’ network or any other network (as thecase may be). The users shall establish and maintain any appropriate measures (such as butnot limited to the installation of firewalls, application of authentication measures, encryptionof data, installation of anti-virus programs, etc) to protect the product, the network, itssystem and the interface against any kind of security breaches, unauthorized access,interference, intrusion, leakage and/or theft of data or information. ABB Ltd and its entitiesare not liable for damages and/or losses related to such security breaches, any unauthorizedaccess, interference, intrusion, leakage and/or theft of data or information.

Conformity

This product complies with the directive of the Council of the European Communities on theapproximation of the laws of the Member States relating to electromagnetic compatibility(EMC Directive 2004/108/EC) and concerning electrical equipment for use within specifiedvoltage limits (Low-voltage directive 2006/95/EC). This conformity is the result of testsconducted by ABB in accordance with the product standards EN 50263 and EN 60255-26 forthe EMC directive, and with the product standards EN 60255-1 and EN 60255-27 for the lowvoltage directive. The product is designed in accordance with the international standards ofthe IEC 60255 series.

Table of contents

Section 1 Introduction.................................................................................................... 31.1 This manual....................................................................................................................................31.2 Intended audience........................................................................................................................31.3 Product documentation.............................................................................................................. 31.4 Symbols and conventions...........................................................................................................41.4.1 Symbols........................................................................................................................................41.4.2 Document conventions............................................................................................................. 4

Section 2 Safety information.........................................................................................5

Section 3 Secure access.................................................................................................. 73.1 Secure system setup....................................................................................................................73.2 Ethernet ports............................................................................................................................... 73.2.1 Ethernet ports used................................................................................................................... 73.2.2 Data rate of the station bus connection............................................................................... 83.3 Encryption algorithm...................................................................................................................9

Section 4 Design principles.......................................................................................... 114.1 Account information...................................................................................................................114.2 User roles and account permissions....................................................................................... 114.3 User accounts.............................................................................................................................. 134.3.1 Default user................................................................................................................................134.3.2 User credentials handling....................................................................................................... 144.3.3 Recovery of lost passwords................................................................................................... 14

Section 5 Security configuration................................................................................. 155.1 Enabling security menu............................................................................................................. 155.2 Security options.......................................................................................................................... 15

Section 6 Local user account management................................................................176.1 Enabling the local user account management......................................................................176.2 User accounts..............................................................................................................................186.3 User roles......................................................................................................................................196.4 Password policies....................................................................................................................... 216.5 Exporting and importing user credentials............................................................................ 236.6 Change password.......................................................................................................................236.7 Password reset to factory default.......................................................................................... 23

Section 7 Central user account management............................................................257.1 Central user account management........................................................................................ 257.2 Enabling the central user account management................................................................. 257.3 User roles..................................................................................................................................... 287.4 Troubleshooting central account management.................................................................. 28

Table of contents

Distributed busbar protection REB500 1Cyber security deployment guideline


7.4.1 Errors during activation..........................................................................................................287.4.2 Server not reachable during runtime................................................................................... 287.4.3 Local replication failed............................................................................................................29

Section 8 User activity logging.................................................................................... 318.1 View user activity events...........................................................................................................318.2 External Security log server...................................................................................................... 318.3 Event format................................................................................................................................328.4 Event types.................................................................................................................................. 338.5 User activity events through Syslog.......................................................................................348.6 User activity events through IEC 61850.................................................................................358.7 User activity event during REB500 system start up............................................................37

Section 9 Standard compliance statement................................................................399.1 Applicable standards.................................................................................................................399.2 Reference Title............................................................................................................................ 39

Table of contents

2 Distributed busbar protection REB500Cyber security deployment guideline


Section 1 Introduction

1.1 This manualGUID-BD3A323B-5DCE-4CE6-8F93-36CDCFC7A276 v1

The cyber security deployment guideline describes the process for handling cyber securitywhen communicating with the IED. Certification, Authorization with role based access control,and product engineering for cyber security related events are described and sorted byfunction. The guideline can be used as a technical reference during the engineering phase,installation and commissioning phase, and during normal service.

The main features related to cyber security are:

• UAM - User Account Management

• Role based access control of the device

• CAM - Central Account Management

• LDAP server integration for user account management

• UAL - User Activity Logging

• Logging the activities of user• Capable to send the user activity events to central log server

• SCA - Secure Configuration and communication Access

• Accessing the device in a secure way from the operator tool

1.2 Intended audienceGUID-6900C6AE-B8B4-4718-9849-B68F88A36E47 v1

This guideline is intended for the system engineering, commissioning, operation andmaintenance personnel handling cyber security during the engineering, installation andcommissioning phases, and during normal service. The personnel is expected to have generalknowledge about topics related to cyber security.

1.3 Product documentationGUID-91F0A03F-D1AF-4695-A239-1FC87E7459EE v2

REB500 manuals Document numbers

Product guide 1MRK 505 402-BEN

Application manual 1MRK 505 399-UEN

Technical manual 1MRK 505 400-UEN

Operation manual 1MRK 500 132-UEN

Engineering manual 1MRK 511 452-UEN

Commissioning manual 1MRK 505 401-UEN

Application manual for bay protection functions 1MRK 505 403-UEN

Technical manual for bay protection functions 1MRK 505 406-UEN

Cyber security deployment guideline 1MRK 511 453-UEN

Communication protocol manual IEC61850 1MRK 511 450-UEN

Communication protocol manual IEC60870-5-103 1MRK 511 451-UEN

Getting started guide 1MRK 505 404-UEN

1MRK 511 453-UEN B Section 1Introduction



1.4 Symbols and conventions

1.4.1 SymbolsGUID-4F7DD10A-DEE5-4297-8697-B8AAB5E3262F v2

The electrical warning icon indicates the presence of a hazard which couldresult in electrical shock.

The warning icon indicates the presence of a hazard which could result inpersonal injury.

The caution icon indicates important information or warning related to theconcept discussed in the text. It might indicate the presence of a hazard whichcould result in corruption of software or damage to equipment or property.

The information icon alerts the reader of important facts and conditions.

The tip icon indicates advice on, for example, how to design your project orhow to use a certain function.

Although warning hazards are related to personal injury, it is necessary to understand thatunder certain operational conditions, operation of damaged equipment may result indegraded process performance leading to personal injury or death. Therefore, comply fullywith all warning and caution notices.

1.4.2 Document conventionsGUID-37C3ACF4-BD79-43C6-B37E-24B38EE69301 v2

A particular convention may not be used in this manual.

• Abbreviations and acronyms in this manual are spelled out in the glossary. The glossaryalso contains definitions of important terms.

• Push button navigation in the LHMI menu structure is presented by using the push buttonicons.

For example, to navigate the options, use and .• HMI menu paths are presented in bold.

For example, select Main menu/Settings.• Signal names are presented in bold.

The signal 21120_EXT_TEST_TRIP can be set and reset via the LHMI Test Trip menu.• Parameter names and parameter values are presented in italics.

For example, the default value of the Operation setting is Not inverted.• Section references are presented with the respective section numbers.

For example, see Section 1.4.2 for more details about document conventions.

Section 1 1MRK 511 453-UEN BIntroduction



Section 2 Safety informationGUID-7CDA9FB7-5CD6-4BD5-A1D2-AAB8E7BF87A3 v2

Dangerous voltages can occur on the connectors, even though the auxiliaryvoltage has been disconnected.

Non-observance can result in death, personal injury or substantial propertydamage.

Only a competent electrician is allowed to carry out the electrical installation.

National and local electrical safety regulations must always be followed.

The frame of the IEDs has to be carefully earthed.

Whenever changes are made in the IEDs, measures should be taken to avoidinadvertent tripping.

The IEDs contain components which are sensitive to electrostatic discharge.Unnecessary touching of electronic components must therefore be avoided.

1MRK 511 453-UEN B Section 2Safety information



6

Section 3 Secure access

3.1 Secure system setupGUID-8A6BF582-A631-453C-9C3B-2D56FE7C9864 v1

Access to REB500 is secured by user authorization, protecting the access through HMI500Operator tool and encrypting communication channels used for configuration purposes.

HMI500Local

HMI500Remote

Bay Units

ABB

ESC

REB 500

Ready Start Trip

Clear

HelpMenu

LR

ABB

321I

ABB

ESC

REB 500

Ready Start Trip

Clear

HelpMenu

LR

ABB

321I

ABB

ESC

REB 500

Ready Start Trip

Clear

HelpMenu

LR

ABB

321I

Central Unit

TCP/IP

TCP/IP

TCP/IP

HMI500Local

REB500 Processbus

13000033-IEC18000314-1-en.vsd

IEC18000314 V1 EN-US

Figure 1: REB500 secure system overview

3.2 Ethernet ports

3.2.1 Ethernet ports usedGUID-3D6BF288-B5E6-408B-B67F-3ADB3160B785 v1

To setup an Ethernet firewall, Table 1 summarizes the Ethernet ports used.

Table 1: Status of ports in delivery status

Port Protocol Connector Default Service Comment

22 TCP X0, X1, X1000, X1001,X1002, X1005

Open SFTP Firmware update

67 UDP X0 or LHMI connector Open DHCPServer

80 TCP X1001, X1002 Closed HTTP Embedded WebServer

Table continues on next page

1MRK 511 453-UEN B Section 3Secure access



Port Protocol Connector Default Service Comment

102 TCP X1001, X1002 Closed IEC61850 Communicationprotocol

123 UDP X1001, X1002 Closed SNTP Time Synchronization

443 HTTPS X1001, X1002 Closed HTTPS Embedded WebServer

8401 TCP X1001, X1002 Open HMI (DACprotocol)

Remote HMI500

8401 TCP X0 or LHMI connector Open HMI (DACprotocol)

HMI500

Ports that are marked as Closed, by default, can be opened by activation of software featuresin the product configuration (for example, IEC61850 station communication).

3.2.2 Data rate of the station bus connectionGUID-CC14750D-5E51-42BB-BEFC-D4D3F9B630C5 v1

The port on the switch which is connected to REB500 station bus (CU-connector X1001/1002)should be rate limited to 2000 packages per second.

IEC18000628-IEC18000628-1-en.vsdx


Figure 2: Package rate of station bus connection (switch)

Section 3 1MRK 511 453-UEN BSecure access



If the package rate exceeds the limit of 2000 packages per second, this canhave an impact on the REB500 process bus and thereby lead to a deactivationof the Busbar Protection function. It is recommended to verify this packagerate in actual operation of the system-communication.

3.3 Encryption algorithmGUID-364EEA27-64F8-43DA-9D07-A327A2460A79 v1

Encryption algorithms are used to encode the user credentials file. The encryption algorithmsand hash functions are:

• AES (Advanced Encryption Standard), a block cipher based on a symmetric key algorithmto encrypt and decrypt information. The effective key length used is 128 bits.

• SHA1 (Secure Hash Algorithm), a cryptographic hash function with a 160 bit hash value

1MRK 511 453-UEN B Section 3Secure access



10

Section 4 Design principlesGUID-CBA68D6D-4394-4119-988E-5CD18B9A4CF3 v1

The User Account Management outlines the functionality to administrate the persons thataccess the REB500. Its key features are:

• User authentication based on roles and permissions• Support of password policies• Secure transmission of passwords from HMI500• Secure storing of passwords on file system• Import and Export of user credentials

4.1 Account informationGUID-58405492-34AD-4CEF-8033-0E1BC4E977D1 v1

There are user accounts, account permissions and user roles:

• The user account represents a person that should access the REB500. The person isidentified by a user name and a password.

• Account permissions are actions that a user could perform and requires authorization.• User roles are groups of account permissions that could be assigned to users.

The relationship between user, role and permission is shown in the figure below.

n nUser Account

User Role Account Permission


Figure 3: Relationship user, role and permission

A user role can contain several permissions and a user account can be assigned to several userroles. The user credentials are stored in a file on the flash file system. The permissionsavailable are predefined and cannot be changed. The users, roles and assignments can bechanged according to the needs.

When operating with central account management, the roles are fixed by thestandard. Mapping of permissions remains possible.

4.2 User roles and account permissionsGUID-B7FC0D63-7DC5-4E37-A14E-4BD6F9934208 v2

The user roles that group several account permissions could be changed according to theneeds. Table 2 lists the predefined user roles at delivery:

Table 2: Default user roles

Default User Role Description

Viewer Permissions only allowing read-only use of the product

Operator Permissions allowing to operate the product

Installer Permissions allowing the modification of product


1MRK 511 453-UEN B Section 4Design principles



Default User Role Description

Engineer Permissions allowing changing protection parameters on product

Administrator Permissions allowing the security administration and audit ofproduct (superset of SECAUD, SECADM, RBACMNT)

SECAUD Permissions allowing the security audit of product

SECADM Permissions allowing the security administration of product

RBACMNT Permissions allowing the change of role assignments

The account permissions available are predefined. Table 3 shows all available permissions andtheir mapping to default roles.

The system boundary for the REB500 security is the access to the actual deviceand the used communication channels. Concepts such as role basedpermissions are available only during active access to the device and do notcover the behavior of HMI500 or an externally stored setfile, that is, access tomenus and changes are possible while they do not require an active interactionwith the device.

Table 3: Permissions and default mappings to user roles

Feature PermissionsV

iew

er

Ope

rato

r

Inst

alle

r

Engi

neer

Adm

inis

trat

or

SEC

AU

D

SEC

AD

M

RBA

CM

NT

View read Eventlist@REB500 ● ● ● ●

readMeasurements@REB500 ● ● ● ● ● ●

readDisturbanceRecords@REB500 ● ● ● ●

Configuration readConfiguration@REB500 ● ● ● ●

writeConfiguration@REB500 ● ●

deleteDatabase@REB500 ● ●

Restart IED restartSystem@REB500 ● ● ●

Reset Indication resetTripRelay@REB500 ● ●

Test IED forceInOutputs@REB500 ● ●

testSequencer@REB500 ● ●

startDebugMode@REB500 ● ●

TimeModification

Time@REB500 ● ● ● ●

FirmwareModification

firmwareUpgrade@REB500 ●

Security Audit audit@REB500 ● ● ●

Factory Reset SecurityOptions@REB500 ● ● ●

User AccessManagement

manageUsers@REB500 ● ● ●

SecurityOptions@REB500 ● ● ●

Security Log SecurityLogServer@REB500 ● ● ●


Section 4 1MRK 511 453-UEN BDesign principles



Feature Permissions

Vie

wer

Ope

rato

r

Inst

alle

r

Engi

neer

Adm

inis

trat

or

SEC

AU

D

SEC

AD

M

RBA

CM

NT

Others writeDisturbanceRecords@REB500 ● ●

clearEventlist@REB500 ● ● ●

readTraceability@REB500 ● ● ●

closeAllSessions@REB500 ● ●

The following permissions are implicitly granted to each user:

• changeOwnPassword@REB500• authenticateSession@REB500• getDeviceInfo@REB500• stopDebugMode@REB500

Administrators can define new roles. The following permission dependencies exist:

• If a write permission is assigned to a user role, the corresponding read permission needsto be assigned:

• writeConfiguration requires readConfiguration• writeDisturbanceRecords requires readDisturbanceRecords• clearEventlist requires readEventList

• deleteDatabase requires restartSystem• readMeasurements is required to run the REB500 test mode• SecurityOptions and ManageUsers are required to enable the security menus in the

HMI500 Operator

To access the WebHMI, users must have the following permissions:

• readEventlist@REB500• readMeasurements@REB500• readConfiguration@REB500• clearEventlist@REB500• readTraceability@REB500

4.3 User accountsGUID-56967A6A-F4D6-4F73-AA96-8FD18F90C44E v1

The user account representing a person is identified by a user name and a password. Username and password are free of choice within defined rules. See Section "Password policies" fordetailed information about the explicit and implicit rules for passwords. The maximumnumber of different user accounts is 20.

4.3.1 Default userGUID-0574FEBF-97A7-4041-9180-46A1654B97A6 v2

In delivery status, one user account is predefined. The default user will be a member of alldefault roles.

Default user name: Admin

1MRK 511 453-UEN B Section 4Design principles



Default password: REB500Admin

It is strongly recommended to change the default user name and password.

4.3.2 User credentials handlingGUID-CE1F7FB4-C39B-4F11-820A-C59525BEC202 v1

Sophisticated protection schemes are implemented to inhibit reading of the user credentialsinformation.

User credentials can also be exported and imported for re-use.

4.3.3 Recovery of lost passwordsGUID-12A247C6-D104-4367-94C8-B44EA1B2276E v1

Lost passwords cannot be recovered. If a user loses the password, then a new password canbe reset by an administrator. If an administrator loses the password, see Section "Passwordreset to factory default".

Section 4 1MRK 511 453-UEN BDesign principles



Section 5 Security configurationGUID-EFE18D4B-AAAD-4A9C-BD2C-390D8268BF45 v1

All security-relevant configuration parameters are defined for the whole REB500; there is nopossibility to configure BUs individually.

5.1 Enabling security menuGUID-D58BADBF-936A-4E85-ADA2-623875B18EE0 v1

The menus Tools/Security account management and Tools/Security options are disabled bydefault. It can be enabled by an administrator under Tools/Settings.

The menus Security account management and Security options are onlyavailable in Online mode. To enable the security menu, the button Apply mustbe clicked after selecting Enable security menu.

5.2 Security optionsGUID-D325ACB4-B898-46D5-884C-09C2EBAC70A2 v1

The menu Tools/Security options allows enabling or disabling of:

• User account management: If enabled all functionality is accessed based on roles.Otherwise, everyone has access to all functionality. A choice can be made between localand central account management.

• Password reset to factory default: If enabled all user account management can be resetto factory defaults on the local HMI.

• LHMI menu clear: If enabled the menu Clear is available on the local HMI.

If password reset to factory default is disabled, then there is no way to accessthe device in case the administrator password is lost.

If LHMI menu clear is disabled, then no modification are possible in themaintenance menu.

Changing any of these security options require a full system restart.

1MRK 511 453-UEN B Section 5Security configuration



16

Section 6 Local user account managementGUID-A6158437-C296-4760-8AB9-A0043D9FFB05 v1

The user account management Tools/Security account management/Manage users isaccessible only to users with permission manageUsers@REB500 andSecurityOptions@REB500.

By default, the Administrator role has these permissions. The following operations areavailable:

• Add new or delete existing user accounts• Change user account passwords• Add new or delete existing user roles• Change assignments of user accounts and permissions to user roles• Export and import user credentials

6.1 Enabling the local user account managementGUID-8CB1AF70-C8D2-463B-AC55-A6A470C9DE96 v2

To enable the local user account management, enable user account management in the Tools/Security Options menu with the selection of Local.

14000059-IEC18000626-1-en.vsdx


Figure 4: Security options menu (local UAM)

Enabling the user account management in local mode from the state of havingno user account management enabled, does not require a setfile download.

1MRK 511 453-UEN B Section 6Local user account management



If user account management was previously used in central mode, a setfiledownload is required to reflect the change in settings.

6.2 User accountsGUID-FA0ECEEC-AD11-4B08-9A22-A82F28BCDFA8 v1

In the first tab of the user account management, details of user accounts are available. Byselecting a user in the list, the assigned roles for the user can be seen. Also, the user could beadded, user details could be changed or the user could be deleted.

13000026-IEC18000629-1-en.vsdx


Figure 5: User account management

Table 4: Items in User accounts tab in User account management dialog box

Item Description

Users List of available User names.

Assigned roles List of roles assigned to a selected user under “Users”

Add user Opens a dialog for adding users (Figure 12)

Delete user Selected user is deleted including all the user credentials like assigned roles,password.

Change password Opens a dialog for changing the selected user’s password (Figure 14)

Changeassignment

Opens a dialog for changing the assigned roles for the selected user. (Figure13)

Section 6 1MRK 511 453-UEN BLocal user account management



13000027-IEC18000630-1-en.vsdx


Figure 6: Add user

Table 5: Items in Add user and change role dialog boxes

Item Description

User Name 1 to 32 characters (letters, numbers, underscore and blank)

Password As defined in password policy. Case-sensitive.

Confirm password Re-enter same value as for password.

Roles List of defined roles for the system.

Assigned roles List of roles assigned to that user.

>> Selected role is assigned to user

<< Selected assigned role is removed from user.

6.3 User rolesGUID-B0CF084F-92DD-4754-9029-CAFBFD3CF3B0 v2

In the second tab of the user account management, user roles and their details are defined.The tab shows in a list the names of the existing user roles. By selecting a role in the list, theassigned permissions of the role could be seen. Also, the role could be added, role permissionscould be modified, or the role could be deleted.




13000028-IEC18000631-1-en.vsdx


Figure 7: User roles

Table 6: Items in User roles tab in User account management dialog box

Item Description

Roles List of available roles

Assigned permissions List of permissions assigned for the selected role

Add role Opens a dialog for adding a role.

Delete role Deletes the selected role including the assigned permissions for thatrole. Be careful, there is no security query when deleting a user role anda once deleted role cannot be restored

Change permissions Opens a dialog for changing the assigned permissions for the selectedrole.




13000029-IEC18000632-1-en.vsdx


Figure 8: Add role

Table 7: Items in Add role and change permissions dialog boxes

Item Description

Role Name 1 to 32 characters (letters, numbers, underscore and blank)

Session timeout Defines the period of inactivity after which a user of this role is loggedout. (applicable when item “Disable” is unchecked). 1 to 1440 minutes,default 15 minutes.

Disable If checked, the session timeout is disabled, that is, the user’s sessionbelonging to this role will never expire. Otherwise, sessions of usersbelonging to this role will expire based on the value in the Sessiontimeout field.

Permissions List of defined permissions.

Assigned permissions List of permissions assigned to this role.

>> Assigns selected permission to role.

<< Removes selected assigned permission is from role.

If Disable is checked a session will last forever in case of communicationinterruptions between HMI500 Operator and IED. The disabling of sessiontimeout is not recommended.

6.4 Password policiesGUID-7F1596F3-38FD-4AE6-8F97-364BC5FF4227 v1

The password policies define rules that a password must fulfill to get accepted. They can bemanaged via Tools/Security account management/Manage policies.

Password policies are only available in local user account management. Whenusing central user account management, password policies are handled by themanaging server.




13000030-IEC18000633-1-en.vsdx


Figure 9: Manage policies

To enable the password policies the check box Enforce password policies must be checked.Changes in the password policies with regards to the password length or password charactersare considered for new passwords only. That means existing passwords are not checkedagainst these policies and the passwords are still valid and usable. If the Password lifetime isenabled, then change in password lifetime has immediate effect on the existing passwordsalso. To be sure that all passwords are compliant the passwords must be changed afterdefining a password policy.

REB500 supports passwords with a maximum length of 32 characters.

Table 8: Items in Manage policies dialog box

Item Description

Enforce passwordpolicies

If enabled password policies are enforced when creating passwords.Otherwise, users can choose any password without any rules.

Minimum passwordlength

6 to 32, default 6.

Password lifetime The number of days after which the password expires. 1 to 1826 days,default 365.

Password mustcontain

If any of the options below is checked, the password must contain atleast one character of the character set defined by that option.

Lower case characters a to z

Upper case characters A to Z.

Numeric characters 0 to 9

Special characters Any other character than the ones from the other options.




6.5 Exporting and importing user credentialsGUID-1EE01FF2-CFD4-42FD-AC09-78065DD79589 v1

User credentials can be exported for reuse via Tools/Security account management/Exportuser credentials. The information is exported in a binary format and cannot be viewed. Theexported user credentials can be imported on another device by using Tools/Security accountmanagement/Import user credentials. In this way, user credentials created in one device canbe reused in the other.

6.6 Change passwordGUID-D12DE1C1-050F-43E9-A21B-1BEA17284A9E v1

Users can change their own password: Tools/Change password. In the dialog box, thepassword must be typed two times to eliminate, unintentional typing errors. When clickingOK, the password is checked against the password policies.

6.7 Password reset to factory defaultGUID-4FBF46F5-45ED-438D-A369-24BD52998959 v1

If the administrator loses the password, it can be reset to factory default manually using thelocal HMI. This is only possible if the password reset to factory default has been enabled inSecurity Options.

After password reset only, the default user with the default password will beavailable. All other users are deleted. An alarm is triggered and logged.

The reset procedure via LHMI maintenance menu is as follows:

1. Switch on the central unit.2. As soon as Press <ENTER> appears on the display, press .3. Navigate to the menu item Password Reset and press .4. Confirm OK with .5. In the main maintenance menu, select Exit to leave this menu as well.6. The central unit will start up with factory default.




24

Section 7 Central user account management

7.1 Central user account managementGUID-BBF3C6F0-64B3-49E2-998E-727193991F46 v1

Central user account management allows easy management of access control across alldevices by maintaining all user credentials on central servers, according to IEC62351-8 pullmodel. When configured and enabled, all access requests are validated by this centralarchitecture. In case of failure, a local replica will be used for authentication. The followingfigure shows a simplified representation of this setup.

ABB

ESC

REB 500

Ready Start Trip

Clear

HelpMenu

L

R

ABB

32

1I

LDAP Server

ABB

ESC

REB 500

Ready Start Trip

Clear

HelpMenu

L

R

ABB

32

1I

Bay UnitBay Unit

Central Unit

ABB

ESC

REB 500

Ready Start Trip

Clear

HelpMenu

L

R

ABB

32

1I

14000060-IEC18000356-1-en.vsd


Figure 10: General CAM setup

7.2 Enabling the central user account managementGUID-2C57DD22-6D05-4E8E-A317-71D63A42A177 v2

The following prerequisites are necessary to use CAM:

• At least one LDAP server (for example, ABB SDM600) is connected to the station-bus• A user has been created to allow LDAP replication (name same as technical key of device)• A device certificate (PKCS12-file) for the REB500 has been issued.

1MRK 511 453-UEN B Section 7Central user account management



To enable CAM, the following steps have to be taken:

1. Set user account management to CAM in security options.2. Configure CAM in the corresponding dialog box.3. Import the device certificate (PKCS12-file).4. Download the configuration.

CAM is enabled by means of Tools/Security Options dialog (see section 5).

14000061-IEC18000634-1-en.vsdx


Figure 11: Security options menu (CAM enabled)

Due to the fact that configuration parameters are necessary, a setfiledownload is required in case of switching from/to central accountmanagement.

Custom role-permission mappings and UAM credentials are always reset whenswitching from UAM to CAM and vice-versa.

The additional CAM parameters are set in Tools/Security Account Management/Managesettings.

Section 7 1MRK 511 453-UEN BCentral user account management



14000062-IEC18000635-1-en.vsdx


Figure 12: Manage CAM settings

Table 9: Items in CAM settings dialog box

Item Description

LDAP server 1/2 URL of the LDAP server(s)

Base DN Base DN (Distinguished name) for querying the LDAP server

Replication interval Interval for synchronizing the local CAM replica with the LDAP server,set in seconds

Replication group LDAP replication group on the server

The CAM settings of Table 9 can be imported via Tools/Security account management/CAMsettings/Import Settings.

When using ABB SDM600 as a CAM server, the corresponding configurationXML file can be created there.

The device certificate (PKCS12 files) can be imported via Tools/Security accountmanagement/CAM settings/Import Device Certificate. The path and password for the filehave to be specified.

When using ABB SDM600 as a CAM server, the corresponding certificate can becreated there.For support of other LDAP servers, please refer to the user documentation ofthat product.

Due to the fact that configuration parameters are necessary to be changedwhen using CAM, a setfile download is required to finish enabling CAM.




Successful CAM activation results in:

• no Alarms on the LHMI• no CAM events in the system event-list• no security alarms

To disable CAM, local or no user account management has to be chosen in theTools/Security Options menu. A setfile download is required to complete thisoperation.

7.3 User rolesGUID-233324EE-FA73-472A-9236-5432ED5189D4 v2

Unlike in the local user account management, CAM does only support the roles specified byIEC62351 plus the ABB-specific role of Administrator. It is therefore not possible to addcustom or remove roles.

It is, however, possible to modify the roles-to-permission mapping in the Tools/Securityaccount management/Manage settings/User roles/Change permissions. For detailedinformation on user permissions, see Section 4.2.

7.4 Troubleshooting central account management

7.4.1 Errors during activationGUID-0B7D55F5-1773-4556-81B2-72AB5E7709E2 v2

Symptoms:

• LHMI Alarm CAM enabling failed and CAM server not available• System events CAM Minor_Error 001 and 002• Security event 3810 CAM server communication failed

Probable causes:

• Wrong configuration parameters (for example, LDAP address…)• Server(s) not reachable during activation

Solution:

• Check REB500 CAM configuration parameters.• Check if servers are reachable and the REB500 is connected• Restart CU

If the initial activation of CAM failed, the CU reverts to local UAM. Access to thedevice is possible using the local default credentials.

7.4.2 Server not reachable during runtimeGUID-D23D6F6D-BAEC-484D-9724-7897FD9051F8 v1

Symptoms:

Section 7 1MRK 511 453-UEN BCentral user account management



• LHMI Alarm: CAM Server not available• System Event: CAM Minor_Error 002• Security Event: 3810 CAM Server communication failed

Probable cause:

• Server(s) not reachable

Solution:

• Check if LDAP server is up and running.• Check REB500 connection.

Authentication will continue to work based on the latest local LDAP replica.After reconnection with the server(s), authentication will again run via the LDAPserver and the local replica will be updated.

7.4.3 Local replication failedGUID-404E3873-E516-4FB5-8DCF-8838BFD8DA61 v1

Symptoms:

• LHMI Alarm: CAM Replication failed• System Event: CAM Minor_Error 003• Security Event: 3810 CAM Server communication failed

Probable cause:

• Server(s) not reachable• Server configuration has changed

Solution:

• Check if LDAP server is up and running.• Verify with system administrator that LDAP settings are still valid.• Check REB500 connection.

Authentication will continue to work based on the latest local LDAP replica.After reconnection with the server(s), authentication will again run via the LDAPserver and the local replica will be updated.




30

Section 8 User activity loggingGUID-3C79838B-7EC7-4BE0-AE99-10944B9788E9 v2

REB500 logs all user activities mentioned in Table 12 and can forward these events via Syslogor IEC61850. The logged events can also be retrieved and viewed in HMI500 Operator.

The persistency of these events is guaranteed to be greater than 48 hours by storing them inthe flash-memory. Integrity of the logs is guaranteed by CRC. If the integrity check fails thenthe event list will be empty.

8.1 View user activity eventsGUID-CFCDAC51-0AED-4A79-BBEB-BD09003AF168 v1

Users with permission audit@REB500 can view the security events in the HMI500 Operator(View/security event list).

13000031-IEC18000636-1-en.vsdx


Figure 13: Security event list

The user can update the view by pressing Refresh, forcing HMI500 to retrieve the events fromREB500.

If the user presses Update cyclically, HMI500 will retrieve the events from REB500 every 4seconds and update the view accordingly.

8.2 External Security log serverGUID-65EABAA7-9432-45DF-9A88-9B10E9F4ECBB v1

The user can set the information about Security log servers to which the user activity logsmust be forwarded (Tools/Security log servers).

The user can configure up to 6 external log servers.

1MRK 511 453-UEN B Section 8User activity logging



13000032-IEC18000637-1-en.vsdx


Figure 14: Security log servers

Table 10: Security Log Servers dialog box

Item Description

Id Identification number (read-only)

Type Type of external log server (None, Syslog UDP, Syslog TCP, Arcsight TCP)

IP Address IP Address of external log server

Port Port of the external log server to which these security logs are to be sent

8.3 Event formatGUID-03B68C1A-05FC-45DB-9421-390DFE03185D v2

The user activity events contain the attributes listed in Table 11.

Table 11: User activity event format

Field Description

Sequencenumber

The sequence of event per source (BU or CU), between 1 and232-1.

Date Date of the event

Time UTC time of the event

Time invalid If the time value of the field Time is valid, the value of thefield Time invalid is empty.If the time value of the field Time is invalid, the value of thefield Time invalid is TIV.

User name Name of the user that causes the event or “Anonymous” ifuser is not known.

Event Id Identifier of the event type (see Section 6.2)


Section 8 1MRK 511 453-UEN BUser activity logging



Field Description

Severity Severity of the event depending on the importance of theevent. Critical events are marked as Alarm, others as Event.

Source Name of the source where user activity event occurs: eitherREB500 CU or REB500 BU. This is not necessarily the devicewhere a button is pressed, but the device where the activityis executed. For example, when choosing Clear/Reset alllatched relays, lists and LED” on a BU, this is executed onthe CPC of the connected CU and therefore the Source willbe REB500 CU(CPC).

Event text See Section 6.2.

8.4 Event typesGUID-1425F278-9CCE-4F66-AA90-DAE99A64BDC3 v1

Table 12: Security event types

ID Name Event Text

1110 LOGIN_OK Log-in successful

1115 LOGIN_OK_PW_EXPIRED Password expired, Log-in successful

1120 LOGIN_FAIL_UNKNOWN_USER Log-in failed - Unknown user

1130 LOGIN_FAIL_WRONG_CR Log-in failed - Wrong credentials

1140 LOGIN_FAIL_WRONG_PW Log-in failed - Wrong password

1150 LOGIN_FAIL_PW_EXPIRED Log-in failed - Password expired

1180 LOGIN_FAIL_SESSIONS_LIMIT Log-in failed too many user sessions

1210 LOGOUT_USER Log-out (user logged out)

1220 LOGOUT_TIMEOUT Log-out by user inactivity (timeout)

1310 CONN_CONFIG_TOOL_OK Connection with configuration toolsuccessful

1322 CONFIG_STORAGE_OK Configuration stored in the devicesuccessfully

1400 DEL_CONFIG_OK Configuration deleted successfully

1410 CONN_CONFIG_TOOL_FAIL Connection with configuration tool failed

1422 CONFIG_STORAGE_FAIL Device configuration update failed

1500 DEL_CONFIG_FAIL Deletion of configuration failed

1720 UAM_RESET_FACTORY_DEF User Accounts reset to factory default

1730 PW_RESET_FACTORY_DEF Admin password reset to factory default

2110 USER_ACCNT_CREATE_OK User account created successfully

2120 USER_ACCNT_DEL_OK User account deleted successfully

2130 USER_ACCNT_CREATE_FAIL User account creation failed

2140 USER_ACCNT_DEL_FAIL User account deletion failed

2160 USER_NEW_ROLE_OK New role assigned to user successfully

2161 USER_PERMISSION_CHANGE_OK Permission changed successfully

2180 NEW_ROLE_CREATE_OK New role created successfully

2190 ROLE_DELETE_OK Role deleted successfully

2210 USER_PW_CHANGE_OK User password changed successfully

2220 USER_PW_CHANGE_FAIL Change of user password failed

2230 USER_NEW_ROLE_FAIL New user role assignment failed





ID Name Event Text

2231 USER_PERMISSION_CHANGE_FAIL Permission change failed

2280 NEW_ROLE_CREATE_FAIL New role creation failed

2290 ROLE_DELETED_FAIL Role deletion failed

3710 CAM_SRV_COMM_OK CAM Server communication successful

3810 CAM_SRV_COMM_FAIL CAM Server communication failed

3820 CAM_REPLICATION_NO_USERS Replication performed. No users replicated!

3830 CAM_REPLICATION_NO_CAPACITY Replication attempted but failed. No capacity.

5120 RESET_TRIPS Reset trips

5140 PROTECTION_SYS_RESTART Protection system restarted

5270 SYS_STARTUP System startup

5272 SYS_STARTUP_FAIL System startup failed

5280 SYS_SHUTTING_DOWN System shutting down

6110 TEST_MODE_START_OK Test Mode started successfully

6112 TEST_MODE_START_FAIL Starting of Test Mode failed

6120 TEST_MODE_END Test Mode ended successfully

6150 TEST_DUMMY_EVENT Test Event - to test routing configuration

6510 DEBUG_MODE_START_OK Debug mode started successfully

6515 DEBUG_MODE_START_FAIL Starting Debug mode failed

6520 DEBUG_MODE_END Debug mode ended

8010 RECOV_PREV_CONFIG_OK Recovery of previous configuration successful

8020 DATE_TIME_SET_OK Date and time set successfully

8210 RECOV_PREV_CONFIG_FAIL Recovery of previous configuration failed

8220 DATE_TIME_SET_FAIL Date and time setting failed

9010 ATT_DET_FLOODING Flooding attack detected

13520 TRANSFER_CERTS_OK Certificates transferred to the devicesuccessfully

13630 ADD_TRUST_ANCHOR_CERT_OK Installed trust anchor certificate successfully

13730 ADD_TRUST_ANCHOR_CERT_FAIL Failed to install trust anchor certificate

14520 TRANSFER_CERTS_FAIL Failed to transfer certificates to the device

15610 IEC61850_INIT_OK IEC 61850 stack initialized successfully

15620 IEC61850_CONFIG_OK IEC 61850 stack configured successfully

15710 IEC61850_INIT_FAIL IEC 61850 stack initialization failed

15720 IEC61850_CONFIG_FAIL IEC 61850 stack configuration failed

8.5 User activity events through SyslogGUID-DF0FF87B-C575-4489-8B4F-C245C1998406 v1

User activity events can be sent to Syslog servers. They can also be sent in Common EventFormat (CEF) for Arcsight Log servers. For the events in Table 13 additional information is sentapart from the information displayed to user in HMI500 Operator.




Table 13: Security events for Syslog with additional information

ID Name Additional information

1110 LOGIN_OK Role Name

1115 LOGIN_OK_PW_EXPIRED Role Name

1120 LOGIN_FAIL_UNKNOWN_USER Role Name

1130 LOGIN_FAIL_WRONG_CR Role Name

1140 LOGIN_FAIL_WRONG_PW Role Name

1150 LOGIN_FAIL_PW_EXPIRED Role Name

1310 CONN_CONFIG_TOOL_OK IP addr. of peer

1410 CONN_CONFIG_TOOL_FAIL IP addr. of peer

2110 USER_ACCNT_CREATE_OK User Account Name

2120 USER_ACCNT_DEL_OK User Account Name

2130 USER_ACCNT_CREATE_FAIL User Account Name

2140 USER_ACCNT_DEL_FAIL User Account Name

2160 USER_NEW_ROLE_OK User Account Name

2161 USER_PERMISSION_CHANGE_OK Role Name

2180 NEW_ROLE_CREATE_OK Role Name

2190 ROLE_DELETE_OK Role Name

2210 USER_PW_CHANGE_OK User Account Name

2220 USER_PW_CHANGE_FAIL User Account Name

2230 USER_NEW_ROLE_FAIL User Account Name

2231 USER_PERMISSION_CHANGE_FAIL Role Name

2280 NEW_ROLE_CREATE_FAIL Role Name

2290 ROLE_DELETED_FAIL Role Name

8020 DATE_TIME_SET_OK New Date/Time

8220 DATE_TIME_SET_FAIL Time not valid

9010 ATT_DET_FLOODING LAN Interface

8.6 User activity events through IEC 61850GUID-11CB0E26-2B1A-4BF2-8240-45BB19BB906C v1

For security related definitions, IEC 61850 contains a logical node GSAL allowing supervision ofsecurity related actions. The mapping of user activity events to GSAL LN is shown in Table 14.

Table 14: Security events mapping to IEC 61850

ID Name IEC 61850 Mapping

1110 LOGIN_OK GSAL.Ina

1115 LOGIN_OK_PW_EXPIRED GSAL.Ina

1120 LOGIN_FAIL_UNKNOWN_USER GSAL.AuthFail

1130 LOGIN_FAIL_WRONG_CR GSAL.AuthFail

1140 LOGIN_FAIL_WRONG_PW GSAL.AuthFail

1150 LOGIN_FAIL_PW_EXPIRED GSAL.AuthFail

1180 LOGIN_FAIL_SESSIONS_LIMIT GSAL.AuthFail

1210 LOGOUT_USER GSAL.Ina






1220 LOGOUT_TIMEOUT GSAL.Ina

1310 CONN_CONFIG_TOOL_OK GSAL.Ina

1322 CONFIG_STORAGE_OK GSAL.Ina

1400 DEL_CONFIG_OK GSAL.Ina

1410 CONN_CONFIG_TOOL_FAIL GSAL.Ina

1422 CONFIG_STORAGE_FAIL GSAL.Ina

1500 DEL_CONFIG_FAIL GSAL.Ina

1720 UAM_RESET_FACTORY_DEF GSAL.Ina

1730 PW_RESET_FACTORY_DEF GSAL.Ina

2110 USER_ACCNT_CREATE_OK GSAL.Ina

2120 USER_ACCNT_DEL_OK GSAL.Ina

2130 USER_ACCNT_CREATE_FAIL GSAL.SvcViol

2140 USER_ACCNT_DEL_FAIL GSAL.SvcViol

2160 USER_NEW_ROLE_OK GSAL.Ina

2161 USER_PERMISSION_CHANGE_OK GSAL.Ina

2180 NEW_ROLE_CREATE_OK GSAL.Ina

2190 ROLE_DELETE_OK GSAL.Ina

2210 USER_PW_CHANGE_OK GSAL.SvcViol

2220 USER_PW_CHANGE_FAIL GSAL.SvcViol

2230 USER_NEW_ROLE_FAIL GSAL.SvcViol

2231 USER_PERMISSION_CHANGE_FAIL GSAL.Ina

2280 NEW_ROLE_CREATE_FAIL GSAL.Ina

2290 ROLE_DELETED_FAIL GSAL.Ina

3710 CAM_SRV_COMM_OK GSAL.Ina

3810 CAM_SRV_COMM_FAIL GSAL.Ina

3820 CAM_REPLICATION_NO_USERS GSAL.Ina

3830 CAM_REPLICATION_NO_CAPACITY GSAL.Ina

5120 RESET_TRIPS GSAL.Ina

5140 PROTECTION_SYS_RESTART GSAL.Ina

5270 SYS_STARTUP GSAL.Ina

5272 SYS_STARTUP_FAIL GSAL.Ina

5280 SYS_SHUTTING_DOWN GSAL.Ina

6110 TEST_MODE_START_OK GSAL.Ina

6112 TEST_MODE_START_FAIL GSAL.Ina

6120 TEST_MODE_END GSAL.Ina

6150 TEST_DUMMY_EVENT GSAL.Ina

6510 DEBUG_MODE_START_OK GSAL.Ina

6515 DEBUG_MODE_START_FAIL GSAL.Ina

6520 DEBUG_MODE_END GSAL.Ina

8010 RECOV_PREV_CONFIG_OK GSAL.Ina

8020 DATE_TIME_SET_OK GSAL.Ina

8210 RECOV_PREV_CONFIG_FAIL GSAL.Ina






8220 DATE_TIME_SET_FAIL GSAL.Ina

9010 ATT_DET_FLOODING GSAL.Ina

13520 TRANSFER_CERTS_OK GSAL.Ina

13630 ADD_TRUST_ANCHOR_CERT_OK GSAL.Ina

13730 ADD_TRUST_ANCHOR_CERT_FAIL GSAL.Ina

14520 TRANSFER_CERTS_FAIL GSAL.Ina

15610 IEC61850_INIT_OK GSAL.Ina

15620 IEC61850_CONFIG_OK GSAL.Ina

15710 IEC61850_INIT_FAIL GSAL.Ina

15720 IEC61850_CONFIG_FAIL GSAL.SvcViol

8.7 User activity event during REB500 system start upGUID-3D43A889-6812-44E1-9BD2-B5FAC74EF4FA v1

Starting up a REB500 system with a connected HMI500 causes a Log-in failed Unknown userentry in the Security event list (see Figure 15). Since the user credentials are not cashed in theHMI500, this can be seen as a normal behavior. To avoid this "log-in failed" information, theHMI500 shall be not connected during start-up phase of the system.

IEC19000214-IEC19000214-1-en.vsdx


Figure 15: Log-in failed-Unknown user




38

Section 9 Standard compliance statement

9.1 Applicable standardsGUID-52CC1B22-2150-418C-B7A9-1924C756BFC9 v1

Cyber security issues have been the subject of standardization initiatives by ISA, IEEE, or IECfor some time and ABB plays an active role in all these organizations, helping to define andimplement cyber security standards for power and industrial control systems.

Some of the cyber security standards which are most important for substation automation arestill under active development such as IEC62351 and IEC62443 (former ISA S99). ABB isparticipating in the development by delegating subject matter experts to the committeeworking on the respective standard. Since these standards are still under development ABBstrongly recommends to use existing common security measures as available on the market,for example, VPN for secure Ethernet Communication.

An overview of applicable security standards and their status is shown in Table 15.

Table 15: Overview of cyber security standards

Standard Main focus Status

NERC CIP v5 NERC CIP cyber securityregulation for North Americanpower utilities

Released, ongoing *

IEC 62351 Data and communicationssecurity

Partly released, ongoing

IEEE 1686 IEEE standard for substationintelligent electronic devices(IEDs) cyber security capabilities

Finalized

*Ongoing: Major changes will affect the final solution.

ABB has identified cyber security as a key requirement and has developed a large number ofproduct features to support international cyber security standards such as NERC-CIP,IEEE1686, as well as local activities like the German BDEW white paper.

The two standards IEC 62351 and IEC 62443 are still under revision. Due to interoperabilityreasons ABB recommend not to implement these standards yet. Nevertheless, ABB considersthese standards already today as a guideline to implement product features or systemarchitectures.

9.2 Reference TitleGUID-DE356B38-53A0-4A76-A3C6-D0D4B6596870 v1

Clause Title Status Comment

5 IED cyber securityfeatures

Acknowledge

5.1 Electronic access control Comply

5.1.1 IED access controloverview

Comply

5.1.2 Password defeatmechanisms

Comply

5.1.3 Number of individualusers

Exceed 20


1MRK 511 453-UEN B Section 9Standard compliance statement




5.1.4 Password construction Comply

5.1.5 IED access control Acknowledge

5.1.5.1 Authorization levels bypassword

Comply

5.1.5.2 Authorization using role-based access control(RBAC)

Exceed Productprovides eightuser- definedroles

5.1.6 IED main securityfunctions

Acknowledge

5.1.6 a) View data Comply Feature isaccessiblethroughindividual useraccounts

5.1.6 b) View configurationsettings

Comply Feature isaccessiblethroughindividual useraccounts

5.1.6 c) Force values Exception Feature isaccessiblethroughindividual useraccounts

5.1.6 d) Configuration change Comply Feature isaccessiblethroughindividual useraccounts

5.1.6 e) Firmware change

5.1.6 f) ID/password or RBACmanagement

5.1.6 g) Audit log

5.1.7 Password display Comply

5.1.8 Access time-out Comply A time-outfeature exists.The time periodis configurableby the user

5.2 Audit trail Acknowledge

5.2.1 Audit trail background Comply

5.2.2 Storage capability

5.2.3 Storage record Acknowledge

5.2.3 a) Event record number Comply

5.2.3 b) Time and date Comply

5.2.3 c) User identification Comply

5.2.3 d) Event type Comply

5.2.4 Audit trail event types Acknowledge

5.2.4 a) Login Comply

5.2.4 b) Manual logout Comply

5.2.4 c) Timed logout Comply


Section 9 1MRK 511 453-UEN BStandard compliance statement




5.2.4 d) Value forcing Comply

5.2.4 e) Configuration access Exception

5.2.4 f) Configuration change Comply

5.2.4 g) Firmware change Exception Firmwarechanges are notcaptured in theaudit trailrecord.

5.2.4 h) ID/password creation ormodification

Comply

5.2.4 i) ID/password deletion Comply

5.2.4 j) Audit-log access Comply

5.2.4 k) Time/date change Comply

5.2.4 l) Alarm incident Comply

5.3 Supervisory monitoringand control

Acknowledge

5.3.1 Overview of supervisorymonitoring and control

Comply Made availablethrough IEC61850 andsyslog.

5.3.2 Events Comply

5.3.3 Alarms Comply

5.3.3 a) Unsuccessful loginattempt

Exception Not Supported

5.3.3 b) Reboot Comply A start-up eventis created everyboot.

5.3.3 c) Attempted use ofunauthorizedconfiguration software

Exception Clientcertificates arenot in use.

5.3.3 d) Invalid configuration orfirmware download

Comply

5.3.3 e) Unauthorizedconfiguration orfirmware file

Exception Not supported.

5.3.3 f) Time signal out oftolerance

Comply

5.3.3 g) Invalid field hardwarechanges

Comply IED send ahardwarechangeddetected alarm.

5.3.4 Alarm point changedetect

Comply

5.3.5 Event and alarmgrouping

Exception One SecurityEvent list.Alarms andEvents can beseparated afterexport.However RoleBase AccessControl issupported.

5.3.6 Supervisory permissivecontrol

Exception Feature is notsupported.






5.4 IED cyber securityfeatures

Acknowledge

5.4.1 IED functionalitycompromise

Comply Services andports used forreal-timeprotocols arelisted in theuserdocumentation.

5.4.2 Specific cryptographicfeatures

Acknowledge

5.4.2 a) Webserver functionality Comply HTTPS

5.4.2 b) File transfer functionality Comply SFTP, SSL

5.4.2 c) Text-oriented terminalconnections

Comply No Terminal

5.4.2 d) SNMP networkmanagement

Exception Not Supported

5.4.2 e) Network timesynchronization

Comply SNTP

5.4.2 f) Secure tunnelfunctionality

Exception No TunnelFunctionality

5.4.3 Cryptographictechniques

Comply Open SSL

5.4.4 Encrypting serialcommunications

Exception No SerialCommunicationfor remoteaccess.

5.4.5 Protocol-specificsecurity features

Comply DAC over SSL

5.5 IED configurationsoftware

Acknowledge

5.5.1 Authentication Exception IED can beconfiguredusingunauthorizedcopies of theconfigurationsoftware. How-everconfigurationdownload ishandled byauthentication.IED signatureare alsoavailable.

5.5.2 Digital signature Exception Feature notSupported

5.5.3 ID/password control Comply Stored in theIED

5.5.4 ID/password controlledfeatures

Acknowledge

5.5.4.1 View configuration data Comply

5.5.4.2 Change configurationdata

Comply

5.5.4.2 a) Full access Comply


Section 9 1MRK 511 453-UEN BStandard compliance statement




5.5.4.2 b) Change tracking Comply

5.5.4.2 c) Use monitoring Comply

5.5.4.2 d) Download to IED Comply

5.6 Communications portaccess

Comply

5.7 Firmware qualityassurance

Exception Quality controlis handledaccording toISO9001 andCMMI.




44

45

ABB ABGrid Automation ProductsSE-721 59 Västerås, SwedenPhone +46 (0) 21 32 50 00

www.abb.com/protection-control

© Copyright 2019 ABB.All rights reserved.

Scan this QR code to visit our website

1MR

K 5

11 4

53-U

EN

Date post:	28-Jun-2020
Category:	Documents
Upload:	others
View:	30 times
Download:	0 times

Cyber security deployment guideline - ABB Group · The cyber security deployment guideline...

Documents