ABB 611 series IEC 2.0, Cyber Security Deployment Instructions

ABB 611 series IEC 2.0, Cyber Security Deployment Instructions

Add to My manuals
40 Pages

advertisement

ABB 611 series IEC 2.0, Cyber Security Deployment Instructions | Manualzz

RELION® PROTECTION AND CONTROL

611 series

Cyber Security Deployment Guideline

Document ID: 1MRS758337

Issued: 2019-04-10

Revision: B

Product version: 2.0

© Copyright 2019 ABB. All rights reserved

Copyright

This document and parts thereof must not be reproduced or copied without written permission from ABB, and the contents thereof must not be imparted to a third party, nor used for any unauthorized purpose.

The software or hardware described in this document is furnished under a license and may be used, copied, or disclosed only in accordance with the terms of such license.

This product includes software developed by the OpenSSL Project for use in the

OpenSSL Toolkit. (http://www.openssl.org/) This product includes cryptographic software written/developed by: Eric Young ([email protected]) and Tim Hudson

([email protected]).

Trademarks

ABB and Relion are registered trademarks of the ABB Group. All other brand or product names mentioned in this document may be trademarks or registered trademarks of their respective holders.

Warranty

Please inquire about the terms of warranty from your nearest ABB representative.

www.abb.com/relion

Disclaimer

The data, examples and diagrams in this manual are included solely for the concept or product description and are not to be deemed as a statement of guaranteed properties.

All persons responsible for applying the equipment addressed in this manual must satisfy themselves that each intended application is suitable and acceptable, including that any applicable safety or other operational requirements are complied with. In particular, any risks in applications where a system failure and/or product failure would create a risk for harm to property or persons (including but not limited to personal injuries or death) shall be the sole responsibility of the person or entity applying the equipment, and those so responsible are hereby requested to ensure that all measures are taken to exclude or mitigate such risks.

This product has been designed to be connected and communicate data and information via a network interface which should be connected to a secure network.

It is the sole responsibility of the person or entity responsible for network administration to ensure a secure connection to the network and to take the necessary measures (such as, but not limited to, installation of firewalls, application of authentication measures, encryption of data, installation of anti virus programs, etc.) to protect the product and the network, its system and interface included, against any kind of security breaches, unauthorized access, interference, intrusion, leakage and/or theft of data or information. ABB is not liable for any such damages and/or losses.

This document has been carefully checked by ABB but deviations cannot be completely ruled out. In case any errors are detected, the reader is kindly requested to notify the manufacturer. Other than under explicit contractual commitments, in no event shall ABB be responsible or liable for any loss or damage resulting from the use of this manual or the application of the equipment.

Conformity

This product complies with the directive of the Council of the European Communities on the approximation of the laws of the Member States relating to electromagnetic compatibility (EMC Directive 2014/30/EU) and concerning electrical equipment for use within specified voltage limits (Low-voltage directive 2014/35/EU). This conformity is the result of tests conducted by ABB in accordance with the product standard EN 60255-26 for the EMC directive, and with the product standards EN

60255-1 and EN 60255-27 for the low voltage directive. The product is designed in accordance with the international standards of the IEC 60255 series.

Table of contents

Table of contents

611 series

Cyber Security Deployment Guideline

Section 1 Introduction.......................................................................3

This manual........................................................................................ 3

Intended audience.............................................................................. 3

Product documentation.......................................................................4

Product documentation set............................................................4

Document revision history............................................................. 4

Related documentation..................................................................4

Symbols and conventions...................................................................5

Symbols.........................................................................................5

Document conventions..................................................................5

Section 2 Security in distribution automation................................... 7

General security in distribution automation........................................ 7

Reference documents........................................................................ 7

Section 3 Secure system setup........................................................9

Basic system hardening rules.............................................................9

Relay communication interfaces.......................................................10

TCP/IP based protocols and used IP ports...................................... 11

Secure communication..................................................................... 12

Certificate handling......................................................................12

Encryption algorithms..................................................................13

Web HMI...........................................................................................13

Section 4 User management..........................................................15

User roles......................................................................................... 15

Password policies.............................................................................16

Setting passwords....................................................................... 17

Section 5 Security logging..............................................................19

Audit trail...........................................................................................19

Section 6 Using the HMI.................................................................23

Using the local HMI.......................................................................... 23

Logging in....................................................................................23

Logging out..................................................................................24

Using the Web HMI.......................................................................... 24

Logging in....................................................................................25

Logging out..................................................................................25

Section 7 Protection of relay and system configuration................. 27

1

Table of contents

Backup files...................................................................................... 27

Creating a backup from the relay configuration...........................27

Creating a backup from the PCM600 project.............................. 27

Restoring factory settings................................................................. 27

Restoring the administrator password.............................................. 28

Section 8 Glossary......................................................................... 29

2 611 series

Cyber Security Deployment Guideline

1MRS758337 B

Section 1 Introduction

1.1

1.2

Section 1

Introduction

This manual

The cyber security deployment guideline describes the process for handling cyber security when communicating with the protection relay. The cyber security deployment guideline provides information on how to secure the system on which the protection relay is installed. The guideline can be used as a technical reference during the engineering phase, installation and commissioning phase, and during normal service.

Intended audience

This guideline is intended for the system engineering, commissioning, operation and maintenance personnel handling cybersecurity during the engineering, installation and commissioning phases, and during normal service.

The personnel is expected to have general knowledge about topics related to cybersecurity.

• Protection and control devices, gateways and Windows workstations

• Networking, including Ethernet and TCP/IP with its concept of ports and services

• Security policies

• Firewalls

• Antivirus protection

• Application whitelisting

• Secure remote communication

611 series

Cyber Security Deployment Guideline

3

Section 1

Introduction

1.3

1.3.1

Product documentation

Product documentation set

1MRS758337 B

4

1.3.2

1.3.3

Quick start guide

Quick installation guide

Brochure

Product guide

Operation manual

Installation manual

Connection diagram

Engineering manual

Technical manual

Application manual

Communication protocol manual

IEC 61850 engineering guide

Point list manual

Cyber security deployment guideline

GUID-0777AFDA-CADF-4AA9-946E-F6A856BDF75E V1 EN

Figure 1: The intended use of manuals in different lifecycles

Product series- and product-specific manuals can be downloaded from the ABB Web site http://www.abb.com/relion .

Document revision history

Document revision/date

A/2016-02-22

B/2019-04-10

Product series version

2.0

2.0

History

First release

Content updated

Related documentation

Product series- and product-specific manuals can be downloaded from the ABB Web site http://www.abb.com/substationautomation .

611 series

Cyber Security Deployment Guideline

1MRS758337 B

1.4

1.4.1

1.4.2

611 series

Cyber Security Deployment Guideline

Section 1

Introduction

Symbols and conventions

Symbols

The caution icon indicates important information or warning related to the concept discussed in the text. It might indicate the presence of a hazard which could result in corruption of software or damage to equipment or property.

The information icon alerts the reader of important facts and conditions.

The tip icon indicates advice on, for example, how to design your project or how to use a certain function.

Although warning hazards are related to personal injury, it is necessary to understand that under certain operational conditions, operation of damaged equipment may result in degraded process performance leading to personal injury or death. Therefore, comply fully with all warning and caution notices.

Document conventions

A particular convention may not be used in this manual.

• Abbreviations and acronyms are spelled out in the glossary. The glossary also contains definitions of important terms.

• Push button navigation in the LHMI menu structure is presented by using the push button icons.

To navigate between the options, use and .

• Menu paths are presented in bold.

Select Main menu/Settings .

• LHMI messages are shown in Courier font.

To save the changes in nonvolatile memory, select Yes and press .

• Parameter names are shown in italics.

The function can be enabled and disabled with the Operation setting.

• Parameter values are indicated with quotation marks.

The corresponding parameter values are "On" and "Off".

• Input/output messages and monitored data names are shown in Courier font.

When the function starts, the START output is set to TRUE.

• This document assumes that the parameter setting visibility is "Advanced".

5

6

1MRS758337 B

Section 2

Security in distribution automation

Section 2 Security in distribution automation

2.1

2.2

611 series

Cyber Security Deployment Guideline

General security in distribution automation

Technological advancements and breakthroughs have caused a significant evolution in the electric power grid. As a result, the emerging “smart grid” and “Internet of

Things” are quickly becoming a reality. At the heart of these intelligent advancements are specialized IT systems – various control and automation solutions such as distribution automation systems. To provide end users with comprehensive real-time information, enabling higher reliability and greater control, automation systems have become ever more interconnected. To combat the increased risks associated with these interconnections, ABB offers a wide range of cyber security products and solutions for automation systems and critical infrastructure.

The new generation of automation systems uses open standards such as IEC

60870-5-104, DNP3 and IEC 61850 and commercial technologies, in particular

Ethernet and TCP/IP based communication protocols. They also enable connectivity to external networks, such as office intranet systems and the Internet. These changes in technology, including the adoption of open IT standards, have brought huge benefits from an operational perspective, but they have also introduced cyber security concerns previously known only to office or enterprise IT systems.

To counter cyber security risks, open IT standards are equipped with cyber security mechanisms. These mechanisms, developed in a large number of enterprise environments, are proven technologies. They enable the design, development and continual improvement of cyber security solutions also for control systems, including distribution automation applications.

ABB understands the importance of cyber security and its role in advancing the security of distribution networks. A customer investing in new ABB technologies can rely on system solutions where reliability and security have the highest priority.

Reporting of vulnerability or cyber security issues related to any ABB product can be done via [email protected].

Reference documents

Information security in critical infrastructure like electrical distribution and transmission networks has been in high focus for both vendors and utilities. This together with developing technology, for example, appliance of Ethernet and IP based communication networks in substations, power plants and network control centers creates a need of specifying systems with cyber security.

7

Section 2

Security in distribution automation

1MRS758337 B

ABB is involved in the standardization and definition of several cyber standards, the most applicable and referred ones are ISO 2700x, IEC 62443, IEEE P1686 and IEC

62351. Besides standardization efforts there are also several governments initiated requirements and practices like NERC CIP and BDEW. ABB fully understands the importance of cyber security for substation automation systems and is committed to support users in efforts to achieve or maintain compliance to these.

8 611 series

Cyber Security Deployment Guideline

1MRS758337 B

Section 3 Secure system setup

Section 3

Secure system setup

3.1 Basic system hardening rules

Today's distribution automation systems are basically specialized IT systems.

Therefore, several rules of hardening an automation system apply to these systems, too. Protection and control relays are from the automation system perspective on the lowest level and closest to the actual primary process. It is important to apply defensein-depth information assurance concept where each layer in the system is capable of protecting the automation system and therefore protection and control relays are also part of this concept. The following should be taken into consideration when planning the system protection.

• Recognizing and familiarizing all parts of the system and the system's communication links

• Removing all unnecessary communication links in the system

• Rating the security level of remaining connections and improving with applicable methods

• Hardening the system by removing or deactivating all unused processes, communication ports and services

• Checking that the whole system has backups available from all applicable parts

• Collecting and storing backups of the system components and keeping those upto-date

• Removing all unnecessary user accounts

• Changing default passwords and using strong enough passwords

• Checking that the link from substation to upper level system uses strong enough encryption and authentication

• Separating public network from automation network

• Segmenting traffic and networks

• Using firewalls and demilitarized zones

• Assessing the system periodically

• Using antivirus software in workstations and keeping those up-to-date

It is important to utilize the defence-in-depth concept when designing automation system security. It is not recommended to connect a device directly to the Internet without adequate additional security components. The different layers and interfaces in the system should use security controls. Robust security means, besides product features, enabling and using the available features and also enforcing their use by company policies. Adequate training is also needed for the personnel accessing and using the system.

611 series

Cyber Security Deployment Guideline

9

Section 3

Secure system setup

1MRS758337 B

GUID-9C3524CC-091F-4333-A707-FAC0A835C1ED V3 EN

Figure 2: Distribution substation example

3.2 Relay communication interfaces

All physical ports dedicated for station bus communication can be opened and closed in relay configuration. Front port is used for engineering and it can be used only for point-to-point configuration access with PCM600 or WHMI. Front port should not be connected to any Ethernet network.

Table 1:

Port ID

X1...X3

X5

X6

Front port

Physical ports on relay's communication cards

Type

RJ-45 or fiber optic

Default state

Open

RS-485

RS-232/RS-485

RJ-45

Closed

Closed

Open

Description

Ethernet station bus

Serial station bus

Serial station bus

LHMI service access

10

If the protection relay is ordered with station bus option, serial ports are closed by default and Ethernet ports are open. All protocol instances except for IEC 61850 are by default off and do not respond to any protocol requests in serial or Ethernet

611 series

Cyber Security Deployment Guideline

1MRS758337 B

Section 3

Secure system setup

3.3

ports.IEC 61850 protocol and rear Ethernet ports are by default activated as those are used for engineering of the protection relay. Front port is segregated from rear ports' station bus communication.

TCP/IP based protocols and used IP ports

IP port security depends on specific installation, requirements and existing infrastructure. The required external equipment can be separate devices or devices that combine firewall, router and secure VPN functionality. When the network is divided into security zones, it is done with substation devices having firewall functionality or with dedicated firewall products. Security zone boundaries are inside the substation or between the substation and the outside world.

The relay supports an option with multiple station communication Ethernet ports. In this case, all ports use the same IP and MAC address regardless of what redundancy option is activated in the relay configuration.

To set up an IP firewall the following table summarizes the IP ports used by the device.

All closed ports can be opened in the configuration. Ports which are by default open are used for configuring the protection relay.

Table 2:

Port number

20, 21

102

80

443

123

502

IP ports used by the relay

Type

TCP

TCP

TCP

TCP

UDP

TCP

Default state

Open

Open

Open

Open

Not active

Closed

Description

File Transfer protocol

(FTP and FTPS)

IEC 61850

Web Server HTTP

Web Server HTTPS

Simple Network Time

Protocol

Modbus TCP

611 series

Cyber Security Deployment Guideline

FTP and IEC 61850 are primary services needed for relay configuration and those cannot be disabled. Additionally, the protection relay uses layer 2 communications in

GOOSE, IEEE 1588 (PTP) and HSR/PRP supervision services, which needs to be taken into account when designing the network.

In addition to the HTTP and FTP protocols, the relay supports the Ethernet-based substation automation communication protocol Modbus. IEC 61850 is always enabled, and the relay can be ordered with one additional station bus protocol.

Additional protocols must be enabled in the configuration, otherwise the communication protocol TCP/UDP port is closed and unavailable. If the protocol service is configured, the corresponding port is open all the time.

See the relay series' technical manual and the corresponding protocol documentation for configuring a certain communication protocol.

11

Section 3

Secure system setup

3.4

3.4.1

1MRS758337 B

In Modbus it is possible to assign the TCP or UDP port number if required and it is also possible to allow connection requests only from configured client IP address.

Secure communication

The protection relay supports encrypted communication according to the principles of

IEC 62351 in secured communication for WHMI and file transfer. If the Secure

Communication parameter is activated in the relay, protocols require TLS protocol based encryption method support from the clients. In this case WHMI must be connected from a Web browser using the HTTPS protocol. In case of file transfer, the client must use FTPS. PCM600 supports FTPS and is able to download and upload configuration files in encrypted format from relay.

The Secure Communication parameter is enabled by default. It can be accessed via

HMI path Main menu/Configuration/Authorization/Security .

Certificate handling

For encryption and secure identification, HTTPS and FTPS protocols in the protection relay use public key certificates that bind together a public key with an identity, that is, information such as the name of an organization, their address and so on. The server certificate used by the protection relay is generated by the relay itself as a self-signed certificate and not issued by any certification authority (CA).

Certificates use encryption to provide secure communication over the network. A selfsigned X.509 certificate and an RSA key-pair with key-length of 1024 bits is generated by the protection relay. The RSA key stored in the certificate is used to establish secure communication.

The certificate is used to verify that a public key belongs to an identity. In case of

HTTPS, the WHMI server in the protection relay presents the certificate to the Web client giving the client the public key and the identity of the server. The public key is one part of an asymmetric key algorithm in which one key is used to encrypt a message and another key is used to decrypt it. The public private key pair (asymmetric key) is used to exchange the symmetric key, which is used to encrypt and decrypt the data that is exchanged between server and client.

Messages encrypted with the public key can only be decrypted with the other part of the algorithm, the private key. Public and private key are related mathematically and represent a cryptographic key pair. The private key is kept secret and stored safely in the protection relay, while the public key may be widely distributed.

Once the protection relay certificate has been manually trusted in a separate dialog box, the certificate is trusted in communication between the relay and PCM600. For

WHMI use, the certificate signed by the protection relay must be accepted in the Web browser when opening the connection to WHMI.

12 611 series

Cyber Security Deployment Guideline

1MRS758337 B

3.4.2

3.5

Section 3

Secure system setup

Web browser displays a warning because WHMI uses self-signed certificates.

Encryption algorithms

TLS connections are encrypted with either AES 256 or AES 128. At start-up a negotiation decides between these two options.

A hashed representation of the passwords with SHA 256 is stored in the protection relay. These are not accessible from outside via any ports. No passwords are stored in clear text within the protection relay.

Web HMI

The WHMI is one of the available user access services in the protection relay. By default the service is enabled and the HTTP and HTTPS TCP ports are open. WHMI can be disabled with the Web HMI mode parameter via LHMI menu path Main menu/

Configuration/HMI .

The relay supports HTTPS protocol to provide encryption and secure identification in the communication to the WHMI. The Secure Communication parameter is active by default, and WHMI access is automatically opened in HTTPS mode. When the Secure

Communication parameter is inactive, both HTTP and HTTPS protocols can be used for WHMI.

The WHMI requires that certain technical features must be supported and enabled by the used Web client.

• HTTP 1.1

• HTML 4 and HMTL 5

• XSLT 2.0

• CSS1 and CSS2.1

• AJAX

• JavaScript 1.2

• DOM 1.0

• HTTP Digest Access Authentication

• HTTP session cookies

• HTTP compression

• SVG 1.1

[1]

In case of HTTPS access the Web client must support HTTPS via TLS 1.0 or TLS

1.1/1.2. The WHMI is verified with Internet Explorer 8.0, 9.0, 10.0 and 11.0.

[1] SVG Viewer is required for Internet Explorer 8.0

611 series

Cyber Security Deployment Guideline

13

Section 3

Secure system setup

1MRS758337 B

The access to the relay's WHMI is protected by the HTTP Digest Access

Authentication (DAA) that requires a user name and password. DAA ensures that the user credentials are encrypted secure before sending over the network. See RFC2617

"HTTP Authentication: Basic and Digest Access Authentication" for detailed information about DAA.

User authentication is always required in WHMI.

If the Internet Explorer is used as Web client the advanced option "Show friendly

HTTP error messages" might be enabled by default. It is recommended to disable this option. If this option is enabled, detailed error information of the WHMI is shown. The option can be found in the "Advanced" tab of the "Internet Options".

14 611 series

Cyber Security Deployment Guideline

1MRS758337 B

Section 4 User management

Section 4

User management

4.1 User roles

Four user categories have been predefined for the LHMI and the WHMI, each with different rights and default passwords.

The default passwords in the protection relay delivered from the factory can be changed with Administrator user rights. Relay user passwords can be changed using

LHMI, WHMI or the IED User Management tool in PCM600 and the user information is stored to the protection relay's internal memory.

User authorization is disabled by default for the LHMI and can be enabled with the Local override parameter via the LHMI path Main

Menu/Configuration/Authorization/Passwords . WHMI always requires authentication. Changes in user management settings do not cause the protection relay to reboot. The changes are taken into use immediately after committing the changed settings on menu root level.

Table 3:

Username

VIEWER

OPERATOR

ENGINEER

ADMINISTRATOR

Predefined user categories

User rights

Read only access

Selecting remote or local state with

Changing setting groups

Controlling

Clearing indications

(only locally)

Changing settings

Clearing event list

Clearing disturbance records

Changing system settings such as IP address, serial baud rate or disturbance recorder settings

Setting the protection relay to test mode

Selecting language

All listed above

Changing password

Factory default activation

611 series

Cyber Security Deployment Guideline

If the Remote override parameter from the Main menu/Configuration/

Authorization/Passwords menu has been disabled, changes have to be made in the

IED's object properties in PCM600. When the protection relay uses remote

15

Section 4

User management

1MRS758337 B authentication, the activated user level and its password are required when the protection relay is configured using PCM600.

Table 4: Object properties to change

Object Properties field

Is Authentication Disabled

Is Password used

Password

Value

False

True

Write the correct password

When communicating with the protection relay with PCM600 tools and with the relay authentication enabled, the relay username and password must be given when prompted. When setting the technical key, the username and password must be given twice.

If the PCM600 authentication has been enabled in PCM600 System

Settings, a relay user can be linked to the current PCM600 user by selecting the Remember me check box in the Login dialog. After that, the user credentials are no longer asked at tool communication as logging in PCM600 also provides the authentication credentials to the protection relay.

When Remote override is disabled, also MMS clients need authentication using correct password.

FTP always requires authentication.

4.2 Password policies

Passwords are settable for all predefined user categories. The LHMI password must be at least four and WHMI password at least nine characters. The maximum number of characters is 8 for the LHMI password and 20 for the WHMI password. Only the following characters are accepted.

• Numbers 0-9

• Letters a-z, A-Z

• Space

• Special characters !"#%&'()*+´-./:;<=>?@[\]^_`{|}~

16 611 series

Cyber Security Deployment Guideline

1MRS758337 B

4.2.1

Section 4

User management

User authorization is disabled by default and can be enabled via the

LHMI or WHMI path Main Menu/Configuration/Authorization/

Passwords .

The protection relays are delivered from the factory with default passwords. It is recommended to change the default passwords.

Table 5:

Username

VIEWER

OPERATOR

ENGINEER

ADMINISTRATOR

Predefined user categories and default passwords

LHMI password

0001

0002

0003

0004

WHMI password User rights remote0001 remote0002 remote0003 remote0004

Only allowed to view

Authorized to make operations

Allowed to change protection relay parameters, but no operation rights

Full access

For user authorization for PCM600, see PCM600 documentation.

Setting passwords

If user authorization is off or the user is logged in as an administrator, user passwords can be set via the LHMI or WHMI or with PCM600.

Local passwords can be changed only via the LHMI. Remote passwords can be changed via the LHMI or WHMI or with PCM600.

1.

Select Main menu/Configuration/Authorization/Passwords .

2.

Select the password to be reset with or .

3.

Press , change the password with or and press again.

4.

Repeat steps 2 and 3 to set the rest of the passwords.

If the administrator password is lost, contact ABB's technical customer support to retrieve the administrator level access.

611 series

Cyber Security Deployment Guideline

17

18

1MRS758337 B

Section 5 Security logging

Section 5

Security logging

5.1

611 series

Cyber Security Deployment Guideline

Audit trail

The protection relay offers a large set of event-logging functions. Critical system and protection relay security-related events are logged to a separate nonvolatile audit trail for the administrator.

Audit trail is a chronological record of system activities that allows the reconstruction and examination of the sequence of system and security-related events and changes in the protection relay. Both audit trail events and process related events can be examined and analyzed in a consistent method with the help of Event List in LHMI and WHMI and Event Viewer in PCM600.

The protection relay stores 2048 audit trail events to the nonvolatile audit trail.

Additionally, 1024 process events are stored in a nonvolatile event list. Both the audit trail and event list work according to the FIFO principle. Nonvolatile memory is based on a memory type which does not need battery backup nor regular component change to maintain the memory storage.

Audit trail events related to user authorization (login, logout, violation remote and violation local) are defined according to the selected set of requirements from IEEE

1686. The logging is based on predefined user names or user categories. The user audit trail events are accessible with IEC 61850-8-1, PCM600, LHMI and WHMI.

Table 6: Audit trail events

Audit trail event

Configuration change

Firmware change

Firmware change fail

Attached to retrofit test case

Removed from retrofit test case

Setting group remote

Setting group local

Control remote

Control local

Test on

Test off

Reset trips

Setting commit

Table continues on next page

Description

Configuration files changed

Firmware changed

Firmware change failed

Unit has been attached to retrofit case

Removed from retrofit test case

User changed setting group remotely

User changed setting group locally

DPC object control remote

DPC object control local

Test mode on

Test mode off

Reset latched trips (TRPPTRC*)

Settings have been changed

19

Section 5

Security logging

20

1MRS758337 B

Audit trail event

Time change

View audit log

Login

Logout

Password change

Firmware reset

Audit overflow

Violation remote

Violation local

Description

Time changed directly by the user. Note that this is not used when the protection relay is synchronised properly by the appropriate protocol (SNTP, IRIG-B, IEEE 1588 v2).

Administrator accessed audit trail

Successful login from IEC 61850-8-1 (MMS), WHMI, FTP or

LHMI.

Successful logout from IEC 61850-8-1 (MMS), WHMI, FTP or

LHMI.

Password changed

Reset issued by user or tool

Too many audit events in the time period

Unsuccessful login attempt from IEC 61850-8-1 (MMS),

WHMI, FTP or LHMI.

Unsuccessful login attempt from IEC 61850-8-1 (MMS),

WHMI, FTP or LHMI.

PCM600 Event Viewer can be used to view the audit trail events and process related events. Audit trail events are visible through dedicated Security events view. Since only the administrator has the right to read audit trail, authorization must be used in

PCM600. The audit trail cannot be reset, but PCM600 Event Viewer can filter data.

Audit trail events can be configured to be visible also in LHMI/WHMI Event list together with process related events.

To expose the audit trail events through Event list, define the

Authority logging level parameter via Configuration/

Authorization/Security . This exposes audit trail events to all users.

Table 7:

Audit trail event

Configuration change

Firmware change

Firmware change fail

Attached to retrofit test case

Removed from retrofit test case

Setting group remote

Setting group local

Control remote

Control local

Test on

Table continues on next page

Comparison of authority logging levels

None

Configurati on change

Authority logging level

Setting group

Setting group, control

● ●

● ●

Settings edit

All

611 series

Cyber Security Deployment Guideline

1MRS758337 B

Audit trail event

Test off

Reset trips

Setting commit

Time change

View audit log

Login

Logout

Password change

Firmware reset

Violation local

Violation remote

Section 5

Security logging

Authority logging level

611 series

Cyber Security Deployment Guideline

21

22

1MRS758337 B

Section 6 Using the HMI

6.1

6.1.1

Section 6

Using the HMI

Using the local HMI

To use the LHMI, logging in and authorization are required. Password authorization is disabled by default and can be enabled via the LHMI.

To enable password authorization, select Main menu/

Configuration/Authorization/Passwords . Set the Local override parameter to “False”.

Logging in

1.

Press or or to activate the login procedure.

2.

Press or to select the user level.

GUID-7B40EC73-2324-4E9A-9DF7-CC742744EC1B V1 EN

Figure 3: Selecting access level

3.

Confirm the selection with .

4.

Enter the password when prompted digit by digit.

Activate the digit to be entered with

Enter the character with and .

and .

611 series

Cyber Security Deployment Guideline

GUID-C8BDDF55-EB8B-42AD-8184-3939BF51B4C4 V1 EN

Figure 4: Entering password

5.

Press to confirm the login.

• To cancel the procedure, press .

23

Section 6

Using the HMI

1MRS758337 B

6.1.2

6.2

24

GUID-39601B65-8E32-49F7-AE8A-C16B71770D69 V1 EN

Figure 5: Error message indicating wrong password

The current user level is shown on the display's upper right corner in the icon area.

Logging out

An automatic logout occurs 30 seconds after the backlight timeout.

1.

Press for three seconds in the main menu.

2.

To confirm logout, select Yes and press .

GUID-65BD2160-B3FF-4FD0-8028-C5F0CB67FE54 V1 EN

Figure 6: Logging out

• To cancel logout, press .

Using the Web HMI

WHMI is enabled by default. As secure communication is enabled by default, the

WHMI must be accessed from a Web browser using the HTTPS protocol.

If the WHMI was previously disabled, it can be enabled again via the LHMI.

1.

To enable the WHMI, select Main menu/Configuration/HMI/Web HMI mode via the LHMI.

2.

Reboot the relay for the change to take effect.

3.

Log in with the proper user rights to use the WHMI.

611 series

Cyber Security Deployment Guideline

1MRS758337 B

6.2.1

Section 6

Using the HMI

To establish a remote WHMI connection to the protection relay, contact the network administrator to check the company rules for IP and remote connections.

Disable the Web browser proxy settings or make an exception to the proxy rules to allow the protection relay's WHMI connection, for example, by including the relay's IP address in Internet Options/

Connections/LAN Settings/Advanced/Exceptions .

Logging in

1.

Open Internet Explorer.

2.

Type the protection relay's IP address in the Address bar and press ENTER.

3.

Type the username with capital letters.

4.

Type the password.

6.2.2

A070923 V5 EN

Figure 7: Entering username and password to use the WHMI

5.

Click OK .

The language file starts loading and the progress bar is displayed.

Logging out

The user is logged out after session timeout. The timeout can be set in Main menu/

Configuration/HMI/Web HMI timeout .

• To log out manually, click Logout on the menu bar.

611 series

Cyber Security Deployment Guideline

25

26

1MRS758337 B

Section 7

Protection of relay and system configuration

Section 7 Protection of relay and system configuration

7.1

7.1.1

Backup files

Backups are not directly part of the cyber security but they are important for speeding up the recovery process, for example, in case of failure of the protection relay.

Backups need to be updated when there are changes in configuration.

Creating a backup from the relay configuration

1.

Use the “Read from IED” function from the IED context menu in PCM600 to back up the relay configuration.

User authorization is needed before using the tool.

7.1.2

7.2

2.

Enter the user credentials if the default administrator password has been changed.

Administrator or engineer credentials are needed for authorization.

Creating a backup from the PCM600 project

Backup from the PCM600 project is made by exporting the project.

1.

On the File menu, click Open/Manage Project to open the project management.

2.

Select the project from the Currently available projects dialog box.

3.

Right-click the project and select Export Project to open the Create target file for the project export dialog box.

4.

Browse the target location and type the name for the exported file.

All project related data is compressed and saved to one file, which is named and located according to the definitions.

Restoring factory settings

611 series

Cyber Security Deployment Guideline

In case of configuration data loss or any other file system error that prevents the protection relay from working properly, the whole file system can be restored to the

27

Section 7

Protection of relay and system configuration

1MRS758337 B original factory state. All default settings and configuration files stored in the factory are restored. Only the administrator can restore the factory settings.

1.

Select Main menu/Configuration/General/Factory setting and press .

2.

Set the value with or and press .

3.

Confirm by selecting Yes with or and press .

The protection relay restores the factory settings and restarts. Restoring takes 1...3

minutes. Confirmation of restoring the factory settings is shown on the display a few seconds, after which the relay restarts.

Avoid the unnecessary restoring of factory settings, because all the parameter settings that are written earlier to the relay will be overwritten with the default values. During normal use, a sudden change of the settings can cause a protection function to trip.

Restoring factory settings also resets the IP address for the rear port and the corresponding subnet mask to the factory default settings.

7.3

To restore factory settings from bootloader mode, press ESC + simultaneously for 5 seconds.

Restoring the administrator password

If authentication is enabled in the protection relay and the administrator password is lost, it is no longer possible to change passwords or operate the relay with full access rights.

• Contact ABB technical customer support to retrieve back the administrator level access to the protection relay.

28 611 series

Cyber Security Deployment Guideline

1MRS758337 B

Section 8 Glossary

Section 8

Glossary

611 series

Cyber Security Deployment Guideline

BDEW

CA

DAA

DNP3

Bundesverband der Energie- und Wasserwirtschaft

Certification authority

HTTP Digest Access Authentication

A distributed network protocol originally developed by

Westronic. The DNP3 Users Group has the ownership of the protocol and assumes responsibility for its evolution.

Binary output module, four channels DOM

DPC

EMC

Ethernet

Double-point control

Electromagnetic compatibility

A standard for connecting a family of frame-based computer networking technologies into a LAN

First in, first out FIFO

FTP

FTPS

GOOSE

HMI

HSR

HTML

HTTPS

File transfer protocol

FTP Secure

Generic Object-Oriented Substation Event

Human-machine interface

High-availability seamless redundancy

Hypertext markup language

Hypertext Transfer Protocol Secure

IEC International Electrotechnical Commission

IEC 60870-5-104 Network access for IEC 60870-5-101

IEC 61850

IEC 61850-8-1

International standard for substation communication and modeling

A communication protocol based on the IEC 61850 standard series

IED

IEEE

IEEE 1686

IP

IP address

Intelligent electronic device

Institute of Electrical and Electronics Engineers, Inc.

Standard for Substation Intelligent Electronic Devices'

(IEDs') Cyber Security Capabilities

Internet protocol

A set of four numbers between 0 and 255, separated by periods. Each server connected to the Internet is assigned

29

Section 8

Glossary

1MRS758337 B

IRIG-B

ISO

LHMI

MMS

Modbus

NERC CIP

PCM600

PRP

PTP

RJ-45

RS-232

RS-485

SNTP

TCP

TCP/IP

UDP

VPN

WHMI a unique IP address that specifies the location for the TCP/

IP protocol.

Inter-Range Instrumentation Group's time code format B

International Standard Organization

Local human-machine interface

1. Manufacturing message specification

2. Metering management system

A serial communication protocol developed by the

Modicon company in 1979. Originally used for communication in PLCs and RTU devices.

North American Electric Reliability Corporation - Critical

Infrastructure Protection

Protection and Control IED Manager

Parallel redundancy protocol

Precision Time Protocol

Galvanic connector type

Serial interface standard

Serial link according to EIA standard RS485

Simple Network Time Protocol

Transmission Control Protocol

Transmission Control Protocol/Internet Protocol

User datagram protocol

Virtual Private Network

Web human-machine interface

30 611 series

Cyber Security Deployment Guideline

31

ABB Distribution Solutions

Distribution Automation

P.O. Box 699

FI-65101 VAASA, Finland

Phone +358 10 22 11 www.abb.com/mediumvoltage www.abb.com/relion

© Copyright 2019 ABB. All rights reserved.

advertisement

Related manuals