Upload
others
View
78
Download
0
Embed Size (px)
Citation preview
RELION® REB500
Distributed busbar protection REB500Version 8.3 IECCyber security deployment guideline
/t1ainm1:nu
Events
Measurements
Disturbance records
Settings
2013-03-3010:53:.10 j$superUser joi,jectname
a
/Mainmenu
=
I ;
D
D
i!9?
J;;:::et�,�
SettirlgS
confi�ation
rua,gr,ostics
rests
O•�
L¥19"39f�
-
I D I
; = D =
/t1ainm1:nu
Events
Measurements
Disturbance records
Settings
2013-03-3010:53:.10 j$superUser joi,jectname
a
/Mainmenu
=
I ;
D
D
i!9?
J;;:::et�,�
SettirlgS
confi�ation
rua,gr,ostics
rests
O•�
L¥19"39f�
-
I D I
; = D =
Document ID: 1MRK 511 453-UENIssued: May 2019
Revision: BProduct version: 8.3
© Copyright 2019 ABB. All rights reserved
Copyright
This document and parts thereof must not be reproduced or copied without writtenpermission from ABB, and the contents thereof must not be imparted to a third party, norused for any unauthorized purpose.
The software and hardware described in this document is furnished under a license and maybe used or disclosed only in accordance with the terms of such license.
This product includes software developed by the OpenSSL Project for use in theOpenSSLToolkit. (http://www.openssl.org/) This product includes cryptographicsoftware written/developed by: Eric Young ([email protected]) and Tim Hudson([email protected]).
Trademarks
ABB and Relion are registered trademarks of the ABB Group. All other brand or product namesmentioned in this document may be trademarks or registered trademarks of their respectiveholders.
Warranty
Please inquire about the terms of warranty from your nearest ABB representative.
Disclaimer
The data, examples and diagrams in this manual are included solely for the concept or productdescription and are not to be deemed as a statement of guaranteed properties. All personsresponsible for applying the equipment addressed in this manual must satisfy themselves thateach intended application is suitable and acceptable, including that any applicable safety orother operational requirements are complied with. In particular, any risks in applications wherea system failure and /or product failure would create a risk for harm to property or persons(including but not limited to personal injuries or death) shall be the sole responsibility of theperson or entity applying the equipment, and those so responsible are hereby requested toensure that all measures are taken to exclude or mitigate such risks.
This document has been carefully checked by ABB but deviations cannot be completely ruledout. In case any errors are detected, the reader is kindly requested to notify the manufacturer.Other than under explicit contractual commitments, in no event shall ABB be responsible orliable for any loss or damage resulting from the use of this manual or the application of theequipment.
This product is designed to be connected to and to communicate information and data via anetwork interface. It is the users’ sole responsibility to provide and continuously ensure asecure connection between the product and to the users’ network or any other network (as thecase may be). The users shall establish and maintain any appropriate measures (such as butnot limited to the installation of firewalls, application of authentication measures, encryptionof data, installation of anti-virus programs, etc) to protect the product, the network, itssystem and the interface against any kind of security breaches, unauthorized access,interference, intrusion, leakage and/or theft of data or information. ABB Ltd and its entitiesare not liable for damages and/or losses related to such security breaches, any unauthorizedaccess, interference, intrusion, leakage and/or theft of data or information.
Conformity
This product complies with the directive of the Council of the European Communities on theapproximation of the laws of the Member States relating to electromagnetic compatibility(EMC Directive 2004/108/EC) and concerning electrical equipment for use within specifiedvoltage limits (Low-voltage directive 2006/95/EC). This conformity is the result of testsconducted by ABB in accordance with the product standards EN 50263 and EN 60255-26 forthe EMC directive, and with the product standards EN 60255-1 and EN 60255-27 for the lowvoltage directive. The product is designed in accordance with the international standards ofthe IEC 60255 series.
Table of contents
Section 1 Introduction.................................................................................................... 31.1 This manual....................................................................................................................................31.2 Intended audience........................................................................................................................31.3 Product documentation.............................................................................................................. 31.4 Symbols and conventions...........................................................................................................41.4.1 Symbols........................................................................................................................................41.4.2 Document conventions............................................................................................................. 4
Section 2 Safety information.........................................................................................5
Section 3 Secure access.................................................................................................. 73.1 Secure system setup....................................................................................................................73.2 Ethernet ports............................................................................................................................... 73.2.1 Ethernet ports used................................................................................................................... 73.2.2 Data rate of the station bus connection............................................................................... 83.3 Encryption algorithm...................................................................................................................9
Section 4 Design principles.......................................................................................... 114.1 Account information...................................................................................................................114.2 User roles and account permissions....................................................................................... 114.3 User accounts.............................................................................................................................. 134.3.1 Default user................................................................................................................................134.3.2 User credentials handling....................................................................................................... 144.3.3 Recovery of lost passwords................................................................................................... 14
Section 5 Security configuration................................................................................. 155.1 Enabling security menu............................................................................................................. 155.2 Security options.......................................................................................................................... 15
Section 6 Local user account management................................................................176.1 Enabling the local user account management......................................................................176.2 User accounts..............................................................................................................................186.3 User roles......................................................................................................................................196.4 Password policies....................................................................................................................... 216.5 Exporting and importing user credentials............................................................................ 236.6 Change password.......................................................................................................................236.7 Password reset to factory default.......................................................................................... 23
Section 7 Central user account management............................................................257.1 Central user account management........................................................................................ 257.2 Enabling the central user account management................................................................. 257.3 User roles..................................................................................................................................... 287.4 Troubleshooting central account management.................................................................. 28
Table of contents
Distributed busbar protection REB500 1Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
7.4.1 Errors during activation..........................................................................................................287.4.2 Server not reachable during runtime................................................................................... 287.4.3 Local replication failed............................................................................................................29
Section 8 User activity logging.................................................................................... 318.1 View user activity events...........................................................................................................318.2 External Security log server...................................................................................................... 318.3 Event format................................................................................................................................328.4 Event types.................................................................................................................................. 338.5 User activity events through Syslog.......................................................................................348.6 User activity events through IEC 61850.................................................................................358.7 User activity event during REB500 system start up............................................................37
Section 9 Standard compliance statement................................................................399.1 Applicable standards.................................................................................................................399.2 Reference Title............................................................................................................................ 39
Table of contents
2 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Section 1 Introduction
1.1 This manualGUID-BD3A323B-5DCE-4CE6-8F93-36CDCFC7A276 v1
The cyber security deployment guideline describes the process for handling cyber securitywhen communicating with the IED. Certification, Authorization with role based access control,and product engineering for cyber security related events are described and sorted byfunction. The guideline can be used as a technical reference during the engineering phase,installation and commissioning phase, and during normal service.
The main features related to cyber security are:
• UAM - User Account Management
• Role based access control of the device
• CAM - Central Account Management
• LDAP server integration for user account management
• UAL - User Activity Logging
• Logging the activities of user• Capable to send the user activity events to central log server
• SCA - Secure Configuration and communication Access
• Accessing the device in a secure way from the operator tool
1.2 Intended audienceGUID-6900C6AE-B8B4-4718-9849-B68F88A36E47 v1
This guideline is intended for the system engineering, commissioning, operation andmaintenance personnel handling cyber security during the engineering, installation andcommissioning phases, and during normal service. The personnel is expected to have generalknowledge about topics related to cyber security.
1.3 Product documentationGUID-91F0A03F-D1AF-4695-A239-1FC87E7459EE v2
REB500 manuals Document numbers
Product guide 1MRK 505 402-BEN
Application manual 1MRK 505 399-UEN
Technical manual 1MRK 505 400-UEN
Operation manual 1MRK 500 132-UEN
Engineering manual 1MRK 511 452-UEN
Commissioning manual 1MRK 505 401-UEN
Application manual for bay protection functions 1MRK 505 403-UEN
Technical manual for bay protection functions 1MRK 505 406-UEN
Cyber security deployment guideline 1MRK 511 453-UEN
Communication protocol manual IEC61850 1MRK 511 450-UEN
Communication protocol manual IEC60870-5-103 1MRK 511 451-UEN
Getting started guide 1MRK 505 404-UEN
1MRK 511 453-UEN B Section 1Introduction
Distributed busbar protection REB500 3Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
1.4 Symbols and conventions
1.4.1 SymbolsGUID-4F7DD10A-DEE5-4297-8697-B8AAB5E3262F v2
The electrical warning icon indicates the presence of a hazard which couldresult in electrical shock.
The warning icon indicates the presence of a hazard which could result inpersonal injury.
The caution icon indicates important information or warning related to theconcept discussed in the text. It might indicate the presence of a hazard whichcould result in corruption of software or damage to equipment or property.
The information icon alerts the reader of important facts and conditions.
The tip icon indicates advice on, for example, how to design your project orhow to use a certain function.
Although warning hazards are related to personal injury, it is necessary to understand thatunder certain operational conditions, operation of damaged equipment may result indegraded process performance leading to personal injury or death. Therefore, comply fullywith all warning and caution notices.
1.4.2 Document conventionsGUID-37C3ACF4-BD79-43C6-B37E-24B38EE69301 v2
A particular convention may not be used in this manual.
• Abbreviations and acronyms in this manual are spelled out in the glossary. The glossaryalso contains definitions of important terms.
• Push button navigation in the LHMI menu structure is presented by using the push buttonicons.
For example, to navigate the options, use and .• HMI menu paths are presented in bold.
For example, select Main menu/Settings.• Signal names are presented in bold.
The signal 21120_EXT_TEST_TRIP can be set and reset via the LHMI Test Trip menu.• Parameter names and parameter values are presented in italics.
For example, the default value of the Operation setting is Not inverted.• Section references are presented with the respective section numbers.
For example, see Section 1.4.2 for more details about document conventions.
Section 1 1MRK 511 453-UEN BIntroduction
4 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Section 2 Safety informationGUID-7CDA9FB7-5CD6-4BD5-A1D2-AAB8E7BF87A3 v2
Dangerous voltages can occur on the connectors, even though the auxiliaryvoltage has been disconnected.
Non-observance can result in death, personal injury or substantial propertydamage.
Only a competent electrician is allowed to carry out the electrical installation.
National and local electrical safety regulations must always be followed.
The frame of the IEDs has to be carefully earthed.
Whenever changes are made in the IEDs, measures should be taken to avoidinadvertent tripping.
The IEDs contain components which are sensitive to electrostatic discharge.Unnecessary touching of electronic components must therefore be avoided.
1MRK 511 453-UEN B Section 2Safety information
Distributed busbar protection REB500 5Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
6
Section 3 Secure access
3.1 Secure system setupGUID-8A6BF582-A631-453C-9C3B-2D56FE7C9864 v1
Access to REB500 is secured by user authorization, protecting the access through HMI500Operator tool and encrypting communication channels used for configuration purposes.
HMI500Local
HMI500Remote
Bay Units
ABB
ESC
REB 500
Ready Start Trip
Clear
HelpMenu
LR
ABB
321I
ABB
ESC
REB 500
Ready Start Trip
Clear
HelpMenu
LR
ABB
321I
ABB
ESC
REB 500
Ready Start Trip
Clear
HelpMenu
LR
ABB
321I
Central Unit
TCP/IP
TCP/IP
TCP/IP
HMI500Local
REB500 Processbus
13000033-IEC18000314-1-en.vsd
IEC18000314 V1 EN-US
Figure 1: REB500 secure system overview
3.2 Ethernet ports
3.2.1 Ethernet ports usedGUID-3D6BF288-B5E6-408B-B67F-3ADB3160B785 v1
To setup an Ethernet firewall, Table 1 summarizes the Ethernet ports used.
Table 1: Status of ports in delivery status
Port Protocol Connector Default Service Comment
22 TCP X0, X1, X1000, X1001,X1002, X1005
Open SFTP Firmware update
67 UDP X0 or LHMI connector Open DHCPServer
80 TCP X1001, X1002 Closed HTTP Embedded WebServer
Table continues on next page
1MRK 511 453-UEN B Section 3Secure access
Distributed busbar protection REB500 7Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Port Protocol Connector Default Service Comment
102 TCP X1001, X1002 Closed IEC61850 Communicationprotocol
123 UDP X1001, X1002 Closed SNTP Time Synchronization
443 HTTPS X1001, X1002 Closed HTTPS Embedded WebServer
8401 TCP X1001, X1002 Open HMI (DACprotocol)
Remote HMI500
8401 TCP X0 or LHMI connector Open HMI (DACprotocol)
HMI500
Ports that are marked as Closed, by default, can be opened by activation of software featuresin the product configuration (for example, IEC61850 station communication).
3.2.2 Data rate of the station bus connectionGUID-CC14750D-5E51-42BB-BEFC-D4D3F9B630C5 v1
The port on the switch which is connected to REB500 station bus (CU-connector X1001/1002)should be rate limited to 2000 packages per second.
IEC18000628-IEC18000628-1-en.vsdx
IEC18000628 V1 EN-US
Figure 2: Package rate of station bus connection (switch)
Section 3 1MRK 511 453-UEN BSecure access
8 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
If the package rate exceeds the limit of 2000 packages per second, this canhave an impact on the REB500 process bus and thereby lead to a deactivationof the Busbar Protection function. It is recommended to verify this packagerate in actual operation of the system-communication.
3.3 Encryption algorithmGUID-364EEA27-64F8-43DA-9D07-A327A2460A79 v1
Encryption algorithms are used to encode the user credentials file. The encryption algorithmsand hash functions are:
• AES (Advanced Encryption Standard), a block cipher based on a symmetric key algorithmto encrypt and decrypt information. The effective key length used is 128 bits.
• SHA1 (Secure Hash Algorithm), a cryptographic hash function with a 160 bit hash value
1MRK 511 453-UEN B Section 3Secure access
Distributed busbar protection REB500 9Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
10
Section 4 Design principlesGUID-CBA68D6D-4394-4119-988E-5CD18B9A4CF3 v1
The User Account Management outlines the functionality to administrate the persons thataccess the REB500. Its key features are:
• User authentication based on roles and permissions• Support of password policies• Secure transmission of passwords from HMI500• Secure storing of passwords on file system• Import and Export of user credentials
4.1 Account informationGUID-58405492-34AD-4CEF-8033-0E1BC4E977D1 v1
There are user accounts, account permissions and user roles:
• The user account represents a person that should access the REB500. The person isidentified by a user name and a password.
• Account permissions are actions that a user could perform and requires authorization.• User roles are groups of account permissions that could be assigned to users.
The relationship between user, role and permission is shown in the figure below.
n nUser Account
User Role Account Permission
IEC18000313 V1 EN-US
Figure 3: Relationship user, role and permission
A user role can contain several permissions and a user account can be assigned to several userroles. The user credentials are stored in a file on the flash file system. The permissionsavailable are predefined and cannot be changed. The users, roles and assignments can bechanged according to the needs.
When operating with central account management, the roles are fixed by thestandard. Mapping of permissions remains possible.
4.2 User roles and account permissionsGUID-B7FC0D63-7DC5-4E37-A14E-4BD6F9934208 v2
The user roles that group several account permissions could be changed according to theneeds. Table 2 lists the predefined user roles at delivery:
Table 2: Default user roles
Default User Role Description
Viewer Permissions only allowing read-only use of the product
Operator Permissions allowing to operate the product
Installer Permissions allowing the modification of product
Table continues on next page
1MRK 511 453-UEN B Section 4Design principles
Distributed busbar protection REB500 11Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Default User Role Description
Engineer Permissions allowing changing protection parameters on product
Administrator Permissions allowing the security administration and audit ofproduct (superset of SECAUD, SECADM, RBACMNT)
SECAUD Permissions allowing the security audit of product
SECADM Permissions allowing the security administration of product
RBACMNT Permissions allowing the change of role assignments
The account permissions available are predefined. Table 3 shows all available permissions andtheir mapping to default roles.
The system boundary for the REB500 security is the access to the actual deviceand the used communication channels. Concepts such as role basedpermissions are available only during active access to the device and do notcover the behavior of HMI500 or an externally stored setfile, that is, access tomenus and changes are possible while they do not require an active interactionwith the device.
Table 3: Permissions and default mappings to user roles
Feature PermissionsV
iew
er
Ope
rato
r
Inst
alle
r
Engi
neer
Adm
inis
trat
or
SEC
AU
D
SEC
AD
M
RBA
CM
NT
View read Eventlist@REB500 ● ● ● ●
readMeasurements@REB500 ● ● ● ● ● ●
readDisturbanceRecords@REB500 ● ● ● ●
Configuration readConfiguration@REB500 ● ● ● ●
writeConfiguration@REB500 ● ●
deleteDatabase@REB500 ● ●
Restart IED restartSystem@REB500 ● ● ●
Reset Indication resetTripRelay@REB500 ● ●
Test IED forceInOutputs@REB500 ● ●
testSequencer@REB500 ● ●
startDebugMode@REB500 ● ●
TimeModification
Time@REB500 ● ● ● ●
FirmwareModification
firmwareUpgrade@REB500 ●
Security Audit audit@REB500 ● ● ●
Factory Reset SecurityOptions@REB500 ● ● ●
User AccessManagement
manageUsers@REB500 ● ● ●
SecurityOptions@REB500 ● ● ●
Security Log SecurityLogServer@REB500 ● ● ●
Table continues on next page
Section 4 1MRK 511 453-UEN BDesign principles
12 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Feature Permissions
Vie
wer
Ope
rato
r
Inst
alle
r
Engi
neer
Adm
inis
trat
or
SEC
AU
D
SEC
AD
M
RBA
CM
NT
Others writeDisturbanceRecords@REB500 ● ●
clearEventlist@REB500 ● ● ●
readTraceability@REB500 ● ● ●
closeAllSessions@REB500 ● ●
The following permissions are implicitly granted to each user:
• changeOwnPassword@REB500• authenticateSession@REB500• getDeviceInfo@REB500• stopDebugMode@REB500
Administrators can define new roles. The following permission dependencies exist:
• If a write permission is assigned to a user role, the corresponding read permission needsto be assigned:
• writeConfiguration requires readConfiguration• writeDisturbanceRecords requires readDisturbanceRecords• clearEventlist requires readEventList
• deleteDatabase requires restartSystem• readMeasurements is required to run the REB500 test mode• SecurityOptions and ManageUsers are required to enable the security menus in the
HMI500 Operator
To access the WebHMI, users must have the following permissions:
• readEventlist@REB500• readMeasurements@REB500• readConfiguration@REB500• clearEventlist@REB500• readTraceability@REB500
4.3 User accountsGUID-56967A6A-F4D6-4F73-AA96-8FD18F90C44E v1
The user account representing a person is identified by a user name and a password. Username and password are free of choice within defined rules. See Section "Password policies" fordetailed information about the explicit and implicit rules for passwords. The maximumnumber of different user accounts is 20.
4.3.1 Default userGUID-0574FEBF-97A7-4041-9180-46A1654B97A6 v2
In delivery status, one user account is predefined. The default user will be a member of alldefault roles.
Default user name: Admin
1MRK 511 453-UEN B Section 4Design principles
Distributed busbar protection REB500 13Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Default password: REB500Admin
It is strongly recommended to change the default user name and password.
4.3.2 User credentials handlingGUID-CE1F7FB4-C39B-4F11-820A-C59525BEC202 v1
Sophisticated protection schemes are implemented to inhibit reading of the user credentialsinformation.
User credentials can also be exported and imported for re-use.
4.3.3 Recovery of lost passwordsGUID-12A247C6-D104-4367-94C8-B44EA1B2276E v1
Lost passwords cannot be recovered. If a user loses the password, then a new password canbe reset by an administrator. If an administrator loses the password, see Section "Passwordreset to factory default".
Section 4 1MRK 511 453-UEN BDesign principles
14 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Section 5 Security configurationGUID-EFE18D4B-AAAD-4A9C-BD2C-390D8268BF45 v1
All security-relevant configuration parameters are defined for the whole REB500; there is nopossibility to configure BUs individually.
5.1 Enabling security menuGUID-D58BADBF-936A-4E85-ADA2-623875B18EE0 v1
The menus Tools/Security account management and Tools/Security options are disabled bydefault. It can be enabled by an administrator under Tools/Settings.
The menus Security account management and Security options are onlyavailable in Online mode. To enable the security menu, the button Apply mustbe clicked after selecting Enable security menu.
5.2 Security optionsGUID-D325ACB4-B898-46D5-884C-09C2EBAC70A2 v1
The menu Tools/Security options allows enabling or disabling of:
• User account management: If enabled all functionality is accessed based on roles.Otherwise, everyone has access to all functionality. A choice can be made between localand central account management.
• Password reset to factory default: If enabled all user account management can be resetto factory defaults on the local HMI.
• LHMI menu clear: If enabled the menu Clear is available on the local HMI.
If password reset to factory default is disabled, then there is no way to accessthe device in case the administrator password is lost.
If LHMI menu clear is disabled, then no modification are possible in themaintenance menu.
Changing any of these security options require a full system restart.
1MRK 511 453-UEN B Section 5Security configuration
Distributed busbar protection REB500 15Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
16
Section 6 Local user account managementGUID-A6158437-C296-4760-8AB9-A0043D9FFB05 v1
The user account management Tools/Security account management/Manage users isaccessible only to users with permission manageUsers@REB500 andSecurityOptions@REB500.
By default, the Administrator role has these permissions. The following operations areavailable:
• Add new or delete existing user accounts• Change user account passwords• Add new or delete existing user roles• Change assignments of user accounts and permissions to user roles• Export and import user credentials
6.1 Enabling the local user account managementGUID-8CB1AF70-C8D2-463B-AC55-A6A470C9DE96 v2
To enable the local user account management, enable user account management in the Tools/Security Options menu with the selection of Local.
14000059-IEC18000626-1-en.vsdx
IEC18000626 V1 EN-US
Figure 4: Security options menu (local UAM)
Enabling the user account management in local mode from the state of havingno user account management enabled, does not require a setfile download.
1MRK 511 453-UEN B Section 6Local user account management
Distributed busbar protection REB500 17Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
If user account management was previously used in central mode, a setfiledownload is required to reflect the change in settings.
6.2 User accountsGUID-FA0ECEEC-AD11-4B08-9A22-A82F28BCDFA8 v1
In the first tab of the user account management, details of user accounts are available. Byselecting a user in the list, the assigned roles for the user can be seen. Also, the user could beadded, user details could be changed or the user could be deleted.
13000026-IEC18000629-1-en.vsdx
IEC18000629 V1 EN-US
Figure 5: User account management
Table 4: Items in User accounts tab in User account management dialog box
Item Description
Users List of available User names.
Assigned roles List of roles assigned to a selected user under “Users”
Add user Opens a dialog for adding users (Figure 12)
Delete user Selected user is deleted including all the user credentials like assigned roles,password.
Change password Opens a dialog for changing the selected user’s password (Figure 14)
Changeassignment
Opens a dialog for changing the assigned roles for the selected user. (Figure13)
Section 6 1MRK 511 453-UEN BLocal user account management
18 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
13000027-IEC18000630-1-en.vsdx
IEC18000630 V1 EN-US
Figure 6: Add user
Table 5: Items in Add user and change role dialog boxes
Item Description
User Name 1 to 32 characters (letters, numbers, underscore and blank)
Password As defined in password policy. Case-sensitive.
Confirm password Re-enter same value as for password.
Roles List of defined roles for the system.
Assigned roles List of roles assigned to that user.
>> Selected role is assigned to user
<< Selected assigned role is removed from user.
6.3 User rolesGUID-B0CF084F-92DD-4754-9029-CAFBFD3CF3B0 v2
In the second tab of the user account management, user roles and their details are defined.The tab shows in a list the names of the existing user roles. By selecting a role in the list, theassigned permissions of the role could be seen. Also, the role could be added, role permissionscould be modified, or the role could be deleted.
1MRK 511 453-UEN B Section 6Local user account management
Distributed busbar protection REB500 19Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
13000028-IEC18000631-1-en.vsdx
IEC18000631 V1 EN-US
Figure 7: User roles
Table 6: Items in User roles tab in User account management dialog box
Item Description
Roles List of available roles
Assigned permissions List of permissions assigned for the selected role
Add role Opens a dialog for adding a role.
Delete role Deletes the selected role including the assigned permissions for thatrole. Be careful, there is no security query when deleting a user role anda once deleted role cannot be restored
Change permissions Opens a dialog for changing the assigned permissions for the selectedrole.
Section 6 1MRK 511 453-UEN BLocal user account management
20 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
13000029-IEC18000632-1-en.vsdx
IEC18000632 V1 EN-US
Figure 8: Add role
Table 7: Items in Add role and change permissions dialog boxes
Item Description
Role Name 1 to 32 characters (letters, numbers, underscore and blank)
Session timeout Defines the period of inactivity after which a user of this role is loggedout. (applicable when item “Disable” is unchecked). 1 to 1440 minutes,default 15 minutes.
Disable If checked, the session timeout is disabled, that is, the user’s sessionbelonging to this role will never expire. Otherwise, sessions of usersbelonging to this role will expire based on the value in the Sessiontimeout field.
Permissions List of defined permissions.
Assigned permissions List of permissions assigned to this role.
>> Assigns selected permission to role.
<< Removes selected assigned permission is from role.
If Disable is checked a session will last forever in case of communicationinterruptions between HMI500 Operator and IED. The disabling of sessiontimeout is not recommended.
6.4 Password policiesGUID-7F1596F3-38FD-4AE6-8F97-364BC5FF4227 v1
The password policies define rules that a password must fulfill to get accepted. They can bemanaged via Tools/Security account management/Manage policies.
Password policies are only available in local user account management. Whenusing central user account management, password policies are handled by themanaging server.
1MRK 511 453-UEN B Section 6Local user account management
Distributed busbar protection REB500 21Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
13000030-IEC18000633-1-en.vsdx
IEC18000633 V1 EN-US
Figure 9: Manage policies
To enable the password policies the check box Enforce password policies must be checked.Changes in the password policies with regards to the password length or password charactersare considered for new passwords only. That means existing passwords are not checkedagainst these policies and the passwords are still valid and usable. If the Password lifetime isenabled, then change in password lifetime has immediate effect on the existing passwordsalso. To be sure that all passwords are compliant the passwords must be changed afterdefining a password policy.
REB500 supports passwords with a maximum length of 32 characters.
Table 8: Items in Manage policies dialog box
Item Description
Enforce passwordpolicies
If enabled password policies are enforced when creating passwords.Otherwise, users can choose any password without any rules.
Minimum passwordlength
6 to 32, default 6.
Password lifetime The number of days after which the password expires. 1 to 1826 days,default 365.
Password mustcontain
If any of the options below is checked, the password must contain atleast one character of the character set defined by that option.
Lower case characters a to z
Upper case characters A to Z.
Numeric characters 0 to 9
Special characters Any other character than the ones from the other options.
Section 6 1MRK 511 453-UEN BLocal user account management
22 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
6.5 Exporting and importing user credentialsGUID-1EE01FF2-CFD4-42FD-AC09-78065DD79589 v1
User credentials can be exported for reuse via Tools/Security account management/Exportuser credentials. The information is exported in a binary format and cannot be viewed. Theexported user credentials can be imported on another device by using Tools/Security accountmanagement/Import user credentials. In this way, user credentials created in one device canbe reused in the other.
6.6 Change passwordGUID-D12DE1C1-050F-43E9-A21B-1BEA17284A9E v1
Users can change their own password: Tools/Change password. In the dialog box, thepassword must be typed two times to eliminate, unintentional typing errors. When clickingOK, the password is checked against the password policies.
6.7 Password reset to factory defaultGUID-4FBF46F5-45ED-438D-A369-24BD52998959 v1
If the administrator loses the password, it can be reset to factory default manually using thelocal HMI. This is only possible if the password reset to factory default has been enabled inSecurity Options.
After password reset only, the default user with the default password will beavailable. All other users are deleted. An alarm is triggered and logged.
The reset procedure via LHMI maintenance menu is as follows:
1. Switch on the central unit.2. As soon as Press <ENTER> appears on the display, press .3. Navigate to the menu item Password Reset and press .4. Confirm OK with .5. In the main maintenance menu, select Exit to leave this menu as well.6. The central unit will start up with factory default.
1MRK 511 453-UEN B Section 6Local user account management
Distributed busbar protection REB500 23Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
24
Section 7 Central user account management
7.1 Central user account managementGUID-BBF3C6F0-64B3-49E2-998E-727193991F46 v1
Central user account management allows easy management of access control across alldevices by maintaining all user credentials on central servers, according to IEC62351-8 pullmodel. When configured and enabled, all access requests are validated by this centralarchitecture. In case of failure, a local replica will be used for authentication. The followingfigure shows a simplified representation of this setup.
ABB
ESC
REB 500
Ready Start Trip
Clear
HelpMenu
L
R
ABB
32
1I
LDAP Server
ABB
ESC
REB 500
Ready Start Trip
Clear
HelpMenu
L
R
ABB
32
1I
Bay UnitBay Unit
Central Unit
ABB
ESC
REB 500
Ready Start Trip
Clear
HelpMenu
L
R
ABB
32
1I
14000060-IEC18000356-1-en.vsd
IEC18000356 V1 EN-US
Figure 10: General CAM setup
7.2 Enabling the central user account managementGUID-2C57DD22-6D05-4E8E-A317-71D63A42A177 v2
The following prerequisites are necessary to use CAM:
• At least one LDAP server (for example, ABB SDM600) is connected to the station-bus• A user has been created to allow LDAP replication (name same as technical key of device)• A device certificate (PKCS12-file) for the REB500 has been issued.
1MRK 511 453-UEN B Section 7Central user account management
Distributed busbar protection REB500 25Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
To enable CAM, the following steps have to be taken:
1. Set user account management to CAM in security options.2. Configure CAM in the corresponding dialog box.3. Import the device certificate (PKCS12-file).4. Download the configuration.
CAM is enabled by means of Tools/Security Options dialog (see section 5).
14000061-IEC18000634-1-en.vsdx
IEC18000634 V1 EN-US
Figure 11: Security options menu (CAM enabled)
Due to the fact that configuration parameters are necessary, a setfiledownload is required in case of switching from/to central accountmanagement.
Custom role-permission mappings and UAM credentials are always reset whenswitching from UAM to CAM and vice-versa.
The additional CAM parameters are set in Tools/Security Account Management/Managesettings.
Section 7 1MRK 511 453-UEN BCentral user account management
26 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
14000062-IEC18000635-1-en.vsdx
IEC18000635 V1 EN-US
Figure 12: Manage CAM settings
Table 9: Items in CAM settings dialog box
Item Description
LDAP server 1/2 URL of the LDAP server(s)
Base DN Base DN (Distinguished name) for querying the LDAP server
Replication interval Interval for synchronizing the local CAM replica with the LDAP server,set in seconds
Replication group LDAP replication group on the server
The CAM settings of Table 9 can be imported via Tools/Security account management/CAMsettings/Import Settings.
When using ABB SDM600 as a CAM server, the corresponding configurationXML file can be created there.
The device certificate (PKCS12 files) can be imported via Tools/Security accountmanagement/CAM settings/Import Device Certificate. The path and password for the filehave to be specified.
When using ABB SDM600 as a CAM server, the corresponding certificate can becreated there.For support of other LDAP servers, please refer to the user documentation ofthat product.
Due to the fact that configuration parameters are necessary to be changedwhen using CAM, a setfile download is required to finish enabling CAM.
1MRK 511 453-UEN B Section 7Central user account management
Distributed busbar protection REB500 27Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Successful CAM activation results in:
• no Alarms on the LHMI• no CAM events in the system event-list• no security alarms
To disable CAM, local or no user account management has to be chosen in theTools/Security Options menu. A setfile download is required to complete thisoperation.
7.3 User rolesGUID-233324EE-FA73-472A-9236-5432ED5189D4 v2
Unlike in the local user account management, CAM does only support the roles specified byIEC62351 plus the ABB-specific role of Administrator. It is therefore not possible to addcustom or remove roles.
It is, however, possible to modify the roles-to-permission mapping in the Tools/Securityaccount management/Manage settings/User roles/Change permissions. For detailedinformation on user permissions, see Section 4.2.
7.4 Troubleshooting central account management
7.4.1 Errors during activationGUID-0B7D55F5-1773-4556-81B2-72AB5E7709E2 v2
Symptoms:
• LHMI Alarm CAM enabling failed and CAM server not available• System events CAM Minor_Error 001 and 002• Security event 3810 CAM server communication failed
Probable causes:
• Wrong configuration parameters (for example, LDAP address…)• Server(s) not reachable during activation
Solution:
• Check REB500 CAM configuration parameters.• Check if servers are reachable and the REB500 is connected• Restart CU
If the initial activation of CAM failed, the CU reverts to local UAM. Access to thedevice is possible using the local default credentials.
7.4.2 Server not reachable during runtimeGUID-D23D6F6D-BAEC-484D-9724-7897FD9051F8 v1
Symptoms:
Section 7 1MRK 511 453-UEN BCentral user account management
28 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
• LHMI Alarm: CAM Server not available• System Event: CAM Minor_Error 002• Security Event: 3810 CAM Server communication failed
Probable cause:
• Server(s) not reachable
Solution:
• Check if LDAP server is up and running.• Check REB500 connection.
Authentication will continue to work based on the latest local LDAP replica.After reconnection with the server(s), authentication will again run via the LDAPserver and the local replica will be updated.
7.4.3 Local replication failedGUID-404E3873-E516-4FB5-8DCF-8838BFD8DA61 v1
Symptoms:
• LHMI Alarm: CAM Replication failed• System Event: CAM Minor_Error 003• Security Event: 3810 CAM Server communication failed
Probable cause:
• Server(s) not reachable• Server configuration has changed
Solution:
• Check if LDAP server is up and running.• Verify with system administrator that LDAP settings are still valid.• Check REB500 connection.
Authentication will continue to work based on the latest local LDAP replica.After reconnection with the server(s), authentication will again run via the LDAPserver and the local replica will be updated.
1MRK 511 453-UEN B Section 7Central user account management
Distributed busbar protection REB500 29Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
30
Section 8 User activity loggingGUID-3C79838B-7EC7-4BE0-AE99-10944B9788E9 v2
REB500 logs all user activities mentioned in Table 12 and can forward these events via Syslogor IEC61850. The logged events can also be retrieved and viewed in HMI500 Operator.
The persistency of these events is guaranteed to be greater than 48 hours by storing them inthe flash-memory. Integrity of the logs is guaranteed by CRC. If the integrity check fails thenthe event list will be empty.
8.1 View user activity eventsGUID-CFCDAC51-0AED-4A79-BBEB-BD09003AF168 v1
Users with permission audit@REB500 can view the security events in the HMI500 Operator(View/security event list).
13000031-IEC18000636-1-en.vsdx
IEC18000636 V1 EN-US
Figure 13: Security event list
The user can update the view by pressing Refresh, forcing HMI500 to retrieve the events fromREB500.
If the user presses Update cyclically, HMI500 will retrieve the events from REB500 every 4seconds and update the view accordingly.
8.2 External Security log serverGUID-65EABAA7-9432-45DF-9A88-9B10E9F4ECBB v1
The user can set the information about Security log servers to which the user activity logsmust be forwarded (Tools/Security log servers).
The user can configure up to 6 external log servers.
1MRK 511 453-UEN B Section 8User activity logging
Distributed busbar protection REB500 31Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
13000032-IEC18000637-1-en.vsdx
IEC18000637 V1 EN-US
Figure 14: Security log servers
Table 10: Security Log Servers dialog box
Item Description
Id Identification number (read-only)
Type Type of external log server (None, Syslog UDP, Syslog TCP, Arcsight TCP)
IP Address IP Address of external log server
Port Port of the external log server to which these security logs are to be sent
8.3 Event formatGUID-03B68C1A-05FC-45DB-9421-390DFE03185D v2
The user activity events contain the attributes listed in Table 11.
Table 11: User activity event format
Field Description
Sequencenumber
The sequence of event per source (BU or CU), between 1 and232-1.
Date Date of the event
Time UTC time of the event
Time invalid If the time value of the field Time is valid, the value of thefield Time invalid is empty.If the time value of the field Time is invalid, the value of thefield Time invalid is TIV.
User name Name of the user that causes the event or “Anonymous” ifuser is not known.
Event Id Identifier of the event type (see Section 6.2)
Table continues on next page
Section 8 1MRK 511 453-UEN BUser activity logging
32 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Field Description
Severity Severity of the event depending on the importance of theevent. Critical events are marked as Alarm, others as Event.
Source Name of the source where user activity event occurs: eitherREB500 CU or REB500 BU. This is not necessarily the devicewhere a button is pressed, but the device where the activityis executed. For example, when choosing Clear/Reset alllatched relays, lists and LED” on a BU, this is executed onthe CPC of the connected CU and therefore the Source willbe REB500 CU(CPC).
Event text See Section 6.2.
8.4 Event typesGUID-1425F278-9CCE-4F66-AA90-DAE99A64BDC3 v1
Table 12: Security event types
ID Name Event Text
1110 LOGIN_OK Log-in successful
1115 LOGIN_OK_PW_EXPIRED Password expired, Log-in successful
1120 LOGIN_FAIL_UNKNOWN_USER Log-in failed - Unknown user
1130 LOGIN_FAIL_WRONG_CR Log-in failed - Wrong credentials
1140 LOGIN_FAIL_WRONG_PW Log-in failed - Wrong password
1150 LOGIN_FAIL_PW_EXPIRED Log-in failed - Password expired
1180 LOGIN_FAIL_SESSIONS_LIMIT Log-in failed too many user sessions
1210 LOGOUT_USER Log-out (user logged out)
1220 LOGOUT_TIMEOUT Log-out by user inactivity (timeout)
1310 CONN_CONFIG_TOOL_OK Connection with configuration toolsuccessful
1322 CONFIG_STORAGE_OK Configuration stored in the devicesuccessfully
1400 DEL_CONFIG_OK Configuration deleted successfully
1410 CONN_CONFIG_TOOL_FAIL Connection with configuration tool failed
1422 CONFIG_STORAGE_FAIL Device configuration update failed
1500 DEL_CONFIG_FAIL Deletion of configuration failed
1720 UAM_RESET_FACTORY_DEF User Accounts reset to factory default
1730 PW_RESET_FACTORY_DEF Admin password reset to factory default
2110 USER_ACCNT_CREATE_OK User account created successfully
2120 USER_ACCNT_DEL_OK User account deleted successfully
2130 USER_ACCNT_CREATE_FAIL User account creation failed
2140 USER_ACCNT_DEL_FAIL User account deletion failed
2160 USER_NEW_ROLE_OK New role assigned to user successfully
2161 USER_PERMISSION_CHANGE_OK Permission changed successfully
2180 NEW_ROLE_CREATE_OK New role created successfully
2190 ROLE_DELETE_OK Role deleted successfully
2210 USER_PW_CHANGE_OK User password changed successfully
2220 USER_PW_CHANGE_FAIL Change of user password failed
2230 USER_NEW_ROLE_FAIL New user role assignment failed
Table continues on next page
1MRK 511 453-UEN B Section 8User activity logging
Distributed busbar protection REB500 33Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
ID Name Event Text
2231 USER_PERMISSION_CHANGE_FAIL Permission change failed
2280 NEW_ROLE_CREATE_FAIL New role creation failed
2290 ROLE_DELETED_FAIL Role deletion failed
3710 CAM_SRV_COMM_OK CAM Server communication successful
3810 CAM_SRV_COMM_FAIL CAM Server communication failed
3820 CAM_REPLICATION_NO_USERS Replication performed. No users replicated!
3830 CAM_REPLICATION_NO_CAPACITY Replication attempted but failed. No capacity.
5120 RESET_TRIPS Reset trips
5140 PROTECTION_SYS_RESTART Protection system restarted
5270 SYS_STARTUP System startup
5272 SYS_STARTUP_FAIL System startup failed
5280 SYS_SHUTTING_DOWN System shutting down
6110 TEST_MODE_START_OK Test Mode started successfully
6112 TEST_MODE_START_FAIL Starting of Test Mode failed
6120 TEST_MODE_END Test Mode ended successfully
6150 TEST_DUMMY_EVENT Test Event - to test routing configuration
6510 DEBUG_MODE_START_OK Debug mode started successfully
6515 DEBUG_MODE_START_FAIL Starting Debug mode failed
6520 DEBUG_MODE_END Debug mode ended
8010 RECOV_PREV_CONFIG_OK Recovery of previous configuration successful
8020 DATE_TIME_SET_OK Date and time set successfully
8210 RECOV_PREV_CONFIG_FAIL Recovery of previous configuration failed
8220 DATE_TIME_SET_FAIL Date and time setting failed
9010 ATT_DET_FLOODING Flooding attack detected
13520 TRANSFER_CERTS_OK Certificates transferred to the devicesuccessfully
13630 ADD_TRUST_ANCHOR_CERT_OK Installed trust anchor certificate successfully
13730 ADD_TRUST_ANCHOR_CERT_FAIL Failed to install trust anchor certificate
14520 TRANSFER_CERTS_FAIL Failed to transfer certificates to the device
15610 IEC61850_INIT_OK IEC 61850 stack initialized successfully
15620 IEC61850_CONFIG_OK IEC 61850 stack configured successfully
15710 IEC61850_INIT_FAIL IEC 61850 stack initialization failed
15720 IEC61850_CONFIG_FAIL IEC 61850 stack configuration failed
8.5 User activity events through SyslogGUID-DF0FF87B-C575-4489-8B4F-C245C1998406 v1
User activity events can be sent to Syslog servers. They can also be sent in Common EventFormat (CEF) for Arcsight Log servers. For the events in Table 13 additional information is sentapart from the information displayed to user in HMI500 Operator.
Section 8 1MRK 511 453-UEN BUser activity logging
34 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Table 13: Security events for Syslog with additional information
ID Name Additional information
1110 LOGIN_OK Role Name
1115 LOGIN_OK_PW_EXPIRED Role Name
1120 LOGIN_FAIL_UNKNOWN_USER Role Name
1130 LOGIN_FAIL_WRONG_CR Role Name
1140 LOGIN_FAIL_WRONG_PW Role Name
1150 LOGIN_FAIL_PW_EXPIRED Role Name
1310 CONN_CONFIG_TOOL_OK IP addr. of peer
1410 CONN_CONFIG_TOOL_FAIL IP addr. of peer
2110 USER_ACCNT_CREATE_OK User Account Name
2120 USER_ACCNT_DEL_OK User Account Name
2130 USER_ACCNT_CREATE_FAIL User Account Name
2140 USER_ACCNT_DEL_FAIL User Account Name
2160 USER_NEW_ROLE_OK User Account Name
2161 USER_PERMISSION_CHANGE_OK Role Name
2180 NEW_ROLE_CREATE_OK Role Name
2190 ROLE_DELETE_OK Role Name
2210 USER_PW_CHANGE_OK User Account Name
2220 USER_PW_CHANGE_FAIL User Account Name
2230 USER_NEW_ROLE_FAIL User Account Name
2231 USER_PERMISSION_CHANGE_FAIL Role Name
2280 NEW_ROLE_CREATE_FAIL Role Name
2290 ROLE_DELETED_FAIL Role Name
8020 DATE_TIME_SET_OK New Date/Time
8220 DATE_TIME_SET_FAIL Time not valid
9010 ATT_DET_FLOODING LAN Interface
8.6 User activity events through IEC 61850GUID-11CB0E26-2B1A-4BF2-8240-45BB19BB906C v1
For security related definitions, IEC 61850 contains a logical node GSAL allowing supervision ofsecurity related actions. The mapping of user activity events to GSAL LN is shown in Table 14.
Table 14: Security events mapping to IEC 61850
ID Name IEC 61850 Mapping
1110 LOGIN_OK GSAL.Ina
1115 LOGIN_OK_PW_EXPIRED GSAL.Ina
1120 LOGIN_FAIL_UNKNOWN_USER GSAL.AuthFail
1130 LOGIN_FAIL_WRONG_CR GSAL.AuthFail
1140 LOGIN_FAIL_WRONG_PW GSAL.AuthFail
1150 LOGIN_FAIL_PW_EXPIRED GSAL.AuthFail
1180 LOGIN_FAIL_SESSIONS_LIMIT GSAL.AuthFail
1210 LOGOUT_USER GSAL.Ina
Table continues on next page
1MRK 511 453-UEN B Section 8User activity logging
Distributed busbar protection REB500 35Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
ID Name IEC 61850 Mapping
1220 LOGOUT_TIMEOUT GSAL.Ina
1310 CONN_CONFIG_TOOL_OK GSAL.Ina
1322 CONFIG_STORAGE_OK GSAL.Ina
1400 DEL_CONFIG_OK GSAL.Ina
1410 CONN_CONFIG_TOOL_FAIL GSAL.Ina
1422 CONFIG_STORAGE_FAIL GSAL.Ina
1500 DEL_CONFIG_FAIL GSAL.Ina
1720 UAM_RESET_FACTORY_DEF GSAL.Ina
1730 PW_RESET_FACTORY_DEF GSAL.Ina
2110 USER_ACCNT_CREATE_OK GSAL.Ina
2120 USER_ACCNT_DEL_OK GSAL.Ina
2130 USER_ACCNT_CREATE_FAIL GSAL.SvcViol
2140 USER_ACCNT_DEL_FAIL GSAL.SvcViol
2160 USER_NEW_ROLE_OK GSAL.Ina
2161 USER_PERMISSION_CHANGE_OK GSAL.Ina
2180 NEW_ROLE_CREATE_OK GSAL.Ina
2190 ROLE_DELETE_OK GSAL.Ina
2210 USER_PW_CHANGE_OK GSAL.SvcViol
2220 USER_PW_CHANGE_FAIL GSAL.SvcViol
2230 USER_NEW_ROLE_FAIL GSAL.SvcViol
2231 USER_PERMISSION_CHANGE_FAIL GSAL.Ina
2280 NEW_ROLE_CREATE_FAIL GSAL.Ina
2290 ROLE_DELETED_FAIL GSAL.Ina
3710 CAM_SRV_COMM_OK GSAL.Ina
3810 CAM_SRV_COMM_FAIL GSAL.Ina
3820 CAM_REPLICATION_NO_USERS GSAL.Ina
3830 CAM_REPLICATION_NO_CAPACITY GSAL.Ina
5120 RESET_TRIPS GSAL.Ina
5140 PROTECTION_SYS_RESTART GSAL.Ina
5270 SYS_STARTUP GSAL.Ina
5272 SYS_STARTUP_FAIL GSAL.Ina
5280 SYS_SHUTTING_DOWN GSAL.Ina
6110 TEST_MODE_START_OK GSAL.Ina
6112 TEST_MODE_START_FAIL GSAL.Ina
6120 TEST_MODE_END GSAL.Ina
6150 TEST_DUMMY_EVENT GSAL.Ina
6510 DEBUG_MODE_START_OK GSAL.Ina
6515 DEBUG_MODE_START_FAIL GSAL.Ina
6520 DEBUG_MODE_END GSAL.Ina
8010 RECOV_PREV_CONFIG_OK GSAL.Ina
8020 DATE_TIME_SET_OK GSAL.Ina
8210 RECOV_PREV_CONFIG_FAIL GSAL.Ina
Table continues on next page
Section 8 1MRK 511 453-UEN BUser activity logging
36 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
ID Name IEC 61850 Mapping
8220 DATE_TIME_SET_FAIL GSAL.Ina
9010 ATT_DET_FLOODING GSAL.Ina
13520 TRANSFER_CERTS_OK GSAL.Ina
13630 ADD_TRUST_ANCHOR_CERT_OK GSAL.Ina
13730 ADD_TRUST_ANCHOR_CERT_FAIL GSAL.Ina
14520 TRANSFER_CERTS_FAIL GSAL.Ina
15610 IEC61850_INIT_OK GSAL.Ina
15620 IEC61850_CONFIG_OK GSAL.Ina
15710 IEC61850_INIT_FAIL GSAL.Ina
15720 IEC61850_CONFIG_FAIL GSAL.SvcViol
8.7 User activity event during REB500 system start upGUID-3D43A889-6812-44E1-9BD2-B5FAC74EF4FA v1
Starting up a REB500 system with a connected HMI500 causes a Log-in failed Unknown userentry in the Security event list (see Figure 15). Since the user credentials are not cashed in theHMI500, this can be seen as a normal behavior. To avoid this "log-in failed" information, theHMI500 shall be not connected during start-up phase of the system.
IEC19000214-IEC19000214-1-en.vsdx
IEC19000214 V1 EN-US
Figure 15: Log-in failed-Unknown user
1MRK 511 453-UEN B Section 8User activity logging
Distributed busbar protection REB500 37Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
38
Section 9 Standard compliance statement
9.1 Applicable standardsGUID-52CC1B22-2150-418C-B7A9-1924C756BFC9 v1
Cyber security issues have been the subject of standardization initiatives by ISA, IEEE, or IECfor some time and ABB plays an active role in all these organizations, helping to define andimplement cyber security standards for power and industrial control systems.
Some of the cyber security standards which are most important for substation automation arestill under active development such as IEC62351 and IEC62443 (former ISA S99). ABB isparticipating in the development by delegating subject matter experts to the committeeworking on the respective standard. Since these standards are still under development ABBstrongly recommends to use existing common security measures as available on the market,for example, VPN for secure Ethernet Communication.
An overview of applicable security standards and their status is shown in Table 15.
Table 15: Overview of cyber security standards
Standard Main focus Status
NERC CIP v5 NERC CIP cyber securityregulation for North Americanpower utilities
Released, ongoing *
IEC 62351 Data and communicationssecurity
Partly released, ongoing
IEEE 1686 IEEE standard for substationintelligent electronic devices(IEDs) cyber security capabilities
Finalized
*Ongoing: Major changes will affect the final solution.
ABB has identified cyber security as a key requirement and has developed a large number ofproduct features to support international cyber security standards such as NERC-CIP,IEEE1686, as well as local activities like the German BDEW white paper.
The two standards IEC 62351 and IEC 62443 are still under revision. Due to interoperabilityreasons ABB recommend not to implement these standards yet. Nevertheless, ABB considersthese standards already today as a guideline to implement product features or systemarchitectures.
9.2 Reference TitleGUID-DE356B38-53A0-4A76-A3C6-D0D4B6596870 v1
Clause Title Status Comment
5 IED cyber securityfeatures
Acknowledge
5.1 Electronic access control Comply
5.1.1 IED access controloverview
Comply
5.1.2 Password defeatmechanisms
Comply
5.1.3 Number of individualusers
Exceed 20
Table continues on next page
1MRK 511 453-UEN B Section 9Standard compliance statement
Distributed busbar protection REB500 39Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Clause Title Status Comment
5.1.4 Password construction Comply
5.1.5 IED access control Acknowledge
5.1.5.1 Authorization levels bypassword
Comply
5.1.5.2 Authorization using role-based access control(RBAC)
Exceed Productprovides eightuser- definedroles
5.1.6 IED main securityfunctions
Acknowledge
5.1.6 a) View data Comply Feature isaccessiblethroughindividual useraccounts
5.1.6 b) View configurationsettings
Comply Feature isaccessiblethroughindividual useraccounts
5.1.6 c) Force values Exception Feature isaccessiblethroughindividual useraccounts
5.1.6 d) Configuration change Comply Feature isaccessiblethroughindividual useraccounts
5.1.6 e) Firmware change
5.1.6 f) ID/password or RBACmanagement
5.1.6 g) Audit log
5.1.7 Password display Comply
5.1.8 Access time-out Comply A time-outfeature exists.The time periodis configurableby the user
5.2 Audit trail Acknowledge
5.2.1 Audit trail background Comply
5.2.2 Storage capability
5.2.3 Storage record Acknowledge
5.2.3 a) Event record number Comply
5.2.3 b) Time and date Comply
5.2.3 c) User identification Comply
5.2.3 d) Event type Comply
5.2.4 Audit trail event types Acknowledge
5.2.4 a) Login Comply
5.2.4 b) Manual logout Comply
5.2.4 c) Timed logout Comply
Table continues on next page
Section 9 1MRK 511 453-UEN BStandard compliance statement
40 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Clause Title Status Comment
5.2.4 d) Value forcing Comply
5.2.4 e) Configuration access Exception
5.2.4 f) Configuration change Comply
5.2.4 g) Firmware change Exception Firmwarechanges are notcaptured in theaudit trailrecord.
5.2.4 h) ID/password creation ormodification
Comply
5.2.4 i) ID/password deletion Comply
5.2.4 j) Audit-log access Comply
5.2.4 k) Time/date change Comply
5.2.4 l) Alarm incident Comply
5.3 Supervisory monitoringand control
Acknowledge
5.3.1 Overview of supervisorymonitoring and control
Comply Made availablethrough IEC61850 andsyslog.
5.3.2 Events Comply
5.3.3 Alarms Comply
5.3.3 a) Unsuccessful loginattempt
Exception Not Supported
5.3.3 b) Reboot Comply A start-up eventis created everyboot.
5.3.3 c) Attempted use ofunauthorizedconfiguration software
Exception Clientcertificates arenot in use.
5.3.3 d) Invalid configuration orfirmware download
Comply
5.3.3 e) Unauthorizedconfiguration orfirmware file
Exception Not supported.
5.3.3 f) Time signal out oftolerance
Comply
5.3.3 g) Invalid field hardwarechanges
Comply IED send ahardwarechangeddetected alarm.
5.3.4 Alarm point changedetect
Comply
5.3.5 Event and alarmgrouping
Exception One SecurityEvent list.Alarms andEvents can beseparated afterexport.However RoleBase AccessControl issupported.
5.3.6 Supervisory permissivecontrol
Exception Feature is notsupported.
Table continues on next page
1MRK 511 453-UEN B Section 9Standard compliance statement
Distributed busbar protection REB500 41Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Clause Title Status Comment
5.4 IED cyber securityfeatures
Acknowledge
5.4.1 IED functionalitycompromise
Comply Services andports used forreal-timeprotocols arelisted in theuserdocumentation.
5.4.2 Specific cryptographicfeatures
Acknowledge
5.4.2 a) Webserver functionality Comply HTTPS
5.4.2 b) File transfer functionality Comply SFTP, SSL
5.4.2 c) Text-oriented terminalconnections
Comply No Terminal
5.4.2 d) SNMP networkmanagement
Exception Not Supported
5.4.2 e) Network timesynchronization
Comply SNTP
5.4.2 f) Secure tunnelfunctionality
Exception No TunnelFunctionality
5.4.3 Cryptographictechniques
Comply Open SSL
5.4.4 Encrypting serialcommunications
Exception No SerialCommunicationfor remoteaccess.
5.4.5 Protocol-specificsecurity features
Comply DAC over SSL
5.5 IED configurationsoftware
Acknowledge
5.5.1 Authentication Exception IED can beconfiguredusingunauthorizedcopies of theconfigurationsoftware. How-everconfigurationdownload ishandled byauthentication.IED signatureare alsoavailable.
5.5.2 Digital signature Exception Feature notSupported
5.5.3 ID/password control Comply Stored in theIED
5.5.4 ID/password controlledfeatures
Acknowledge
5.5.4.1 View configuration data Comply
5.5.4.2 Change configurationdata
Comply
5.5.4.2 a) Full access Comply
Table continues on next page
Section 9 1MRK 511 453-UEN BStandard compliance statement
42 Distributed busbar protection REB500Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
Clause Title Status Comment
5.5.4.2 b) Change tracking Comply
5.5.4.2 c) Use monitoring Comply
5.5.4.2 d) Download to IED Comply
5.6 Communications portaccess
Comply
5.7 Firmware qualityassurance
Exception Quality controlis handledaccording toISO9001 andCMMI.
1MRK 511 453-UEN B Section 9Standard compliance statement
Distributed busbar protection REB500 43Cyber security deployment guideline
© Copyright 2019 ABB. All rights reserved
44
45
ABB ABGrid Automation ProductsSE-721 59 Västerås, SwedenPhone +46 (0) 21 32 50 00
www.abb.com/protection-control
© Copyright 2019 ABB.All rights reserved.
Scan this QR code to visit our website
1MR
K 5
11 4
53-U
EN