ABB RELION REX610 Manual
  1. Manuals
  2. Brands
  3. ABB Manuals
  4. Industrial Equipment
  5. Relion REX610
  6. Manual

ABB RELION REX610 Manual

Protection and control cyber security deployment guideline
Hide thumbs Also See for RELION REX610:
Table of Contents

Advertisement

Quick Links

Download this manual
RELION® PROTECTION AND CONTROL
REX610
Cyber Security Deployment Guideline

Advertisement

Table of Contents
loading

Related Manuals for ABB RELION REX610

Summary of Contents for ABB RELION REX610

  • Page 1 — RELION® PROTECTION AND CONTROL REX610 Cyber Security Deployment Guideline...
  • Page 3 Document ID: 2NGA000818 Issued: 2022-04-21 Revision: A Product version: 1.0 © Copyright 2022 ABB. All rights reserved...
  • Page 4 Copyright This document and parts thereof must not be reproduced or copied without written permission from ABB, and the contents thereof must not be imparted to a third party, nor used for any unauthorized purpose. The software or hardware described in this document is furnished under a license and may be used, copied, or disclosed only in accordance with the terms of such license.
  • Page 5 ABB is not liable for any such damages and/or losses.
  • Page 6 Conformity This product complies with the directive of the Council of the European Communities on the approximation of the laws of the Member States relating to electromagnetic compatibility (EMC Directive 2014/30/EU) and concerning electrical equipment for use within specified voltage limits (Low-voltage directive 2014/35/EU).

  • Page 7: Table Of Contents

    Table of contents Table of contents Section 1 Introduction...............3 This manual..................3 Intended audience................3 Product documentation...............4 Product documentation set............4 Document revision history............. 4 Related documentation..............4 Symbols and conventions..............4 Symbols..................4 Document conventions..............5 Section 2 Security in distribution automation........7 General security in distribution automation........
  • Page 8 Table of contents Section 8 Glossary................. 27 REX610 Cyber Security Deployment Guideline...

  • Page 9: Section 1 Introduction

    Section 1 2NGA000818 A Introduction Section 1 Introduction This manual The cyber security deployment guideline describes the process for handling cyber security when communicating with the protection relay. The cyber security deployment guideline provides information on how to secure the system on which the protection relay is installed.

  • Page 10: Product Documentation

    History A/2022-04-21 First release 1.3.3 Related documentation Download the latest documents from the ABB Web site abb.com/mediumvoltage. Symbols and conventions 1.4.1 Symbols The caution icon indicates important information or warning related to the concept discussed in the text. It might indicate the presence of a hazard which could result in corruption of software or damage to equipment or property.

  • Page 11: Document Conventions

    Section 1 2NGA000818 A Introduction The information icon alerts the reader of important facts and conditions. The tip icon indicates advice on, for example, how to design your project or how to use a certain function. Although warning hazards are related to personal injury, it is necessary to understand that under certain operational conditions, operation of damaged equipment may result in degraded process performance leading to personal injury or death.

  • Page 13: Section 2 Security In Distribution Automation

    At ABB, we are addressing cyber security requirements on a system level as well as on a product level to support cyber security standards or recommendations from organizations such as NERC CIP, IEC 62351, IEC 62443, IEEE 1686, ENISA and BDEW Whitepaper.

  • Page 15: Section 3 Secure System Setup

    Section 3 2NGA000818 A Secure system setup Section 3 Secure system setup Basic system hardening rules Today's distribution automation systems are basically specialized IT systems. Therefore, several rules of hardening an automation system apply to these systems, too. Protection and control relays are from the automation system perspective on the lowest level and closest to the actual primary process.

  • Page 16: Relay Communication Interfaces

    Section 3 2NGA000818 A Secure system setup GUID-9C3524CC-091F-4333-A707-FAC0A835C1ED V5 EN-US Figure 2: Distribution substation example Relay communication interfaces Some physical ports dedicated for station bus communication can be opened and closed in relay configuration. Few ports are always open as they are needed in communication for monitoring, control and configuration.

  • Page 17: Tcp/Ip Based Protocols And Used Ip Ports

    Section 3 2NGA000818 A Secure system setup Ethernet ports are by default activated as those are used for protection relay engineering. The front port is segregated from rear ports' station bus communication. TCP/IP based protocols and used IP ports IP port security depends on specific installation, requirements and existing infrastructure.

  • Page 18: Secure Communication

    Section 3 2NGA000818 A Secure system setup Secure communication The protection relay supports secure communication for file transfer protocol using Transport Layer Security protocol. File transfer client must use explicit FTPS to communicate to the relay. FTPS is always enabled by default but the relay also supports FTP communication. PCM600 always uses FTPS to communicate with the relay.
  • Page 19 Section 3 2NGA000818 A Secure system setup A hashed representation of the passwords with SHA 256 is stored in the protection relay. These are not accessible from outside via any ports. No passwords are stored in clear text within the protection relay. REX610 Cyber Security Deployment Guideline...

  • Page 21: Section 4 User Management

    Section 4 2NGA000818 A User management Section 4 User management Local user account management Four factory default user accounts have been predefined, each with different rights and default passwords. The roles for these four user accounts are the same as the username.
  • Page 22 Section 4 2NGA000818 A User management Table 3: Default user roles Role Description VIEWER Viewing what objects are present in the logical device OPERATOR Viewing what objects are present in the logical device Performing control operations such as opening or closing the circuit breaker ENGINEER Viewing what objects are present in the logical device...

  • Page 23: Password Policies

    Section 4 2NGA000818 A User management the relay over FTP/FTPS. Authentication on the LHMI is required to use USB communication with PCM600. If the PCM600 authentication has been enabled in PCM600 System Settings, a relay user can be linked to the current PCM600 user by selecting the Remember me check box in the Login dialog.
  • Page 24 LHMI path Configuration/Authorization/Passwords. User configuration change is not allowed when the protection relay is in offline mode in PCM600. If the last ADMINISTRATOR password is lost, contact ABB's technical customer support to retrieve the administrator level access. For user authorization for PCM600, see the PCM600 documentation.

  • Page 25: Section 5 Security Logging

    Section 5 2NGA000818 A Security logging Section 5 Security logging Audit trail The protection relay offers a large set of event-logging functions. Critical system and protection relay security-related events are logged to a separate nonvolatile audit trail for the administrator. Audit trail is a chronological record of system activities that allows the reconstruction and examination of the sequence of system and security-related events and changes in the protection relay.
  • Page 26 Section 5 2NGA000818 A Security logging Event ID Audit trail event Description 6120 Test off Test mode ended 6130 Control operation Control operation performed successfully 5120 Reset trips Latched trips reset PCM600 Event Viewer can be used to view the audit trail events and process related events.

  • Page 27: Section 6 Using Local Hmi

    Section 6 2NGA000818 A Using local HMI Section 6 Using local HMI Logging in To use the LHMI, logging in and authorization are required. Password authorization is disabled by default and can be enabled via the LHMI. To enable password authorization, select Main menu/ Configuration/Authorization/Passwords.

  • Page 28: Logging In Via Usb Port

    Section 6 2NGA000818 A Using local HMI VIEWER Enter password: GUID-4E468F3E-CE05-487B-8B80-56DDEB1FB390 V1 EN-US Figure 4: Entering password Press to confirm the login. • To cancel the procedure, press Error Wrong password GUID-FC04114D-33C9-42CC-AB28-395C4890BA4B V1 EN-US Figure 5: Error message indicating wrong password The current user level is shown on the display's upper right corner in the icon area.

  • Page 29: Logging Out

    Section 6 2NGA000818 A Using local HMI provided to the client connected via the USB port are equivalent to ADMINISTRATOR. See the engineering manual for more information on how to engineer the relay using the USB port. Once the USB connection is disconnected, the previous session is closed and a new session is initiated when reconnected.

  • Page 31: Section 7 Protection Of Relay And System Configuration

    Section 7 2NGA000818 A Protection of relay and system configuration Section 7 Protection of relay and system configuration Backup files Backups are not directly part of the cyber security but they are important for speeding up the recovery process, for example, in case of failure of the protection relay.

  • Page 32: Restoring Factory Settings

    • Contact ABB technical customer support to retrieve back the administrator level access to the protection relay. • Generate a one-time password by pressing simultaneously.
  • Page 33 Section 8 2NGA000818 A Glossary Section 8 Glossary Certification authority Electromagnetic compatibility Ethernet A standard for connecting a family of frame-based computer networking technologies into a LAN FIFO First in, first out File transfer protocol FTPS FTP Secure GOOSE Generic Object-Oriented Substation Event International Electrotechnical Commission IEC 61850 International standard for substation communication and modeling...
  • Page 36 — ABB Distribution Solutions P.O. Box 699 FI-65101 VAASA, Finland Phone +358 10 22 11 abb.com/mediumvoltage © Copyright 2022 ABB. All rights reserved.

Table of Contents