manualshive.com logo in svg

ABB Relion REX610, Manual

The ABB Relion REX610, a reliable and advanced relay protection device, presents seamless integration and enhanced efficiency. Guaranteeing optimal performance, this product offers a comprehensive Operation Manual, available for free download at our website. Discover how to operate and unleash the full potential of your REX610 today.

Share
Download
background image

Section 3 

Secure system setup

3.1 

Basic system hardening rules

Today's distribution automation systems are basically specialized IT systems.
Therefore, several rules of hardening an automation system apply to these systems,
too. Protection and control relays are from the automation system perspective on
the lowest level and closest to the actual primary process. It is important to apply
defense-in-depth information assurance concept where each layer in the system is
capable of protecting the automation system and therefore protection and control
relays are also part of this concept. The following should be taken into
consideration when planning the system protection.

Recognizing and familiarizing all parts of the system and the system's
communication links

Removing all unnecessary communication links in the system

Rating the security level of remaining connections and improving with
applicable methods

Hardening the system by removing or deactivating all unused processes,
communication ports and services

Checking that the whole system has backups available from all applicable
parts

Collecting and storing backups of the system components and keeping those
up-to-date

Removing all unnecessary user accounts

Defining password policies

Changing default passwords and using strong passwords

Checking that the link from substation to upper level system uses strong
encryption and authentication

Segregating public network (untrusted) from automation networks (trusted)

Segmenting traffic and networks

Using firewalls and demilitarized zones

Assessing the system periodically

Using malware protection in workstations and keeping those up-to-date

It is important to utilize the defence-in-depth concept when designing automation
system security. It is not recommended to connect a device directly to the Internet
without adequate additional security components. The different layers and
interfaces in the system should use security controls. Robust security means,
besides product features, enabling and using the available features and also
enforcing their use by company policies. Adequate training is also needed for the
personnel accessing and using the system.

2NGA000818 A

Section 3

Secure system setup

REX610

9

Cyber Security Deployment Guideline

Summary of Contents for Relion REX610

Page 1: ...RELION PROTECTION AND CONTROL REX610 Cyber Security Deployment Guideline...

Page 2: ......

Page 3: ...Document ID 2NGA000818 Issued 2022 04 21 Revision A Product version 1 0 Copyright 2022 ABB All rights reserved...

Page 4: ...uch license This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org This product includes cryptographic software written developed by Eric Y...

Page 5: ...e which should be connected to a secure network It is the sole responsibility of the person or entity responsible for network administration to ensure a secure connection to the network and to take th...

Page 6: ...ical equipment for use within specified voltage limits Low voltage directive 2014 35 EU This conformity is the result of tests conducted by the third party testing laboratory KEMA in accordance with t...

Page 7: ...TCP IP based protocols and used IP ports 11 Secure communication 12 Certificate handling 12 Encryption algorithms 12 Section 4 User management 15 Local user account management 15 Password policies 17...

Page 8: ...Section 8 Glossary 27 Table of contents 2 REX610 Cyber Security Deployment Guideline...

Page 9: ...hase and during normal service 1 2 Intended audience This guideline is intended for the system engineering commissioning operation and maintenance personnel handling cybersecurity during the product l...

Page 10: ...9 3CE41B04C031 V1 EN US Figure 1 The intended use of documents during the product life cycle 1 3 2 Document revision history Document revision date Product version History A 2022 04 21 1 0 First relea...

Page 11: ...e and Menu paths are presented in bold Select Main menu Settings LHMI messages are shown in Courier font To save the changes in nonvolatile memory select Yes and press Parameter names are shown in ita...

Page 12: ...6...

Page 13: ...echnology including the adoption of open IT standards have brought huge benefits from an operational perspective but they have also introduced cyber security concerns previously known only to office o...

Page 14: ...8...

Page 15: ...at the whole system has backups available from all applicable parts Collecting and storing backups of the system components and keeping those up to date Removing all unnecessary user accounts Defining...

Page 16: ...be used only for point to point configuration access with PCM600 Table 1 Physical ports on relay s communication cards Port ID Type Default state Description A2 RJ 45 Open Ethernet station bus A2 RS 4...

Page 17: ...ption 20 21 TCP Open File transfer protocol FTP FTPS 102 TCP Open IEC 61850 502 TCP Closed Modbus TCP FTP FTPS and IEC 61850 are primary services needed for relay configuration and those cannot be dis...

Page 18: ...rotection relay The RSA key stored in the certificate is used to establish secure communication The certificate is used to verify that a public key belongs to an identity The public key is one part of...

Page 19: ...HA 256 is stored in the protection relay These are not accessible from outside via any ports No passwords are stored in clear text within the protection relay 2NGA000818 A Section 3 Secure system setu...

Page 20: ...14...

Page 21: ...s used to manage the local user accounts User accounts can be created under any role Administrator needs to share the default password generated for the user account by the tool with the users and rec...

Page 22: ...ad Write Read Write Read Read System Update Read Write Read Read Read User Management Read Write Read Read Read User account information can be exported from IED Users in PCM600 to an encrypted file w...

Page 23: ...no role selection required The highest role for the username is automatically selected by the protection relay Performing the Restore Factory settings operation in IED Users in PCM600 restores user a...

Page 24: ...ords and password policies are restored User authorization is disabled by default and can be enabled via the LHMI path Configuration Authorization Passwords User configuration change is not allowed wh...

Page 25: ...t change to maintain the memory storage Audit trail events related to user authorization login logout are defined according to the selected set of requirements from IEEE 1686 The logging is based on p...

Page 26: ...be used to view the audit trail events and process related events Audit trail events are visible through dedicated Security events view Since only the administrator has the right to read audit trail a...

Page 27: ...ter to False 1 Press to activate the login procedure 2 Press or to enter the username character by character Login Select user VIEWER GUID 17B1984C 9E98 49CF B108 12D80C131481 V1 EN US Figure 3 Select...

Page 28: ...iguration System Enable USB and press 2 Select True and press to enable the relay to detect the USB connection 3 Connect a computer with PCM600 to the relay s USB port 4 Enter the credentials if promp...

Page 29: ...s closed and a new session is initiated when reconnected 6 2 Logging out An automatic logout occurs 30 seconds after the backlight timeout 1 Press continuously for 3 seconds 2 To confirm logout select...

Page 30: ...24...

Page 31: ...r password has been changed Administrator or engineer credentials are needed for authorization 7 1 2 Creating a backup from the PCM600 project Backup from the PCM600 project is made by exporting the p...

Page 32: ...he display a few seconds after which the relay restarts Avoid the unnecessary restoring of factory settings because all the parameter settings that are written earlier to the relay will be overwritten...

Page 33: ...t Electronic Devices IEDs Cyber Security Capabilities IP Internet protocol LHMI Local human machine interface Modbus A serial communication protocol developed by the Modicon company in 1979 Originally...

Page 34: ...28...

Page 35: ...29...

Page 36: ...ABB Distribution Solutions P O Box 699 FI 65101 VAASA Finland Phone 358 10 22 11 abb com mediumvoltage Copyright 2022 ABB All rights reserved 2NGA000818 A...

Reviews:

No comments

Related manuals for Relion REX610

Olympus UCR Instructions Manual preview
UCR
Brand: Olympus Pages: 86
Campbell CS500 Instruction Manual preview
CS500
Brand: Campbell Pages: 18
Vector 0 Owner'S Manual & Warranty Information preview
0
Brand: Vector Pages: 4
Landoll 850 Series Supplement Manual preview
850 Series
Brand: Landoll Pages: 6
ParaBody 827 Assembly Instruction Sheet preview
827
Brand: ParaBody Pages: 9
ParaBody 828 Assembly Instructions preview
828
Brand: ParaBody Pages: 3
MacDon 802 Operator'S Manual preview
802
Brand: MacDon Pages: 45
H&S 8200 Series Operator'S Manual preview
8200 Series
Brand: H&S Pages: 30
NORLUX Ledpro Helios Installation Manual preview
Ledpro Helios
Brand: NORLUX Pages: 2
Keithley 7071 Instruction Manual preview
7071
Brand: Keithley Pages: 79
Kayakpro SUP ERGO Assembly Instruction Manual preview
SUP ERGO
Brand: Kayakpro Pages: 17
Yoshitake DS-1 Operation Manual preview
DS-1
Brand: Yoshitake Pages: 11
Tascam CC-222SL Technical Documentation preview
CC-222SL
Brand: Tascam Pages: 3
JBM 54172 Instruction Manual preview
54172
Brand: JBM Pages: 13
Salter PT-1700 Owner'S Manual preview
PT-1700
Brand: Salter Pages: 18
Salter KOR M-9590 Owner'S Manual preview
KOR M-9590
Brand: Salter Pages: 42
Salter KOR M-9530 Owner'S Manual preview
KOR M-9530
Brand: Salter Pages: 47
Salter FENX M-9640/L Owner'S Manual preview
FENX M-9640/L
Brand: Salter Pages: 35

Brands by name

Popular brands

Load more brands