manualshive.com logo in svg

ABB Relion REX610, Manual

The ABB Relion REX610, a reliable and advanced relay protection device, presents seamless integration and enhanced efficiency. Guaranteeing optimal performance, this product offers a comprehensive Operation Manual, available for free download at our website. Discover how to operate and unleash the full potential of your REX610 today.

Share
Download
background image

Ethernet ports are by default activated as those are used for protection relay
engineering. The front port is segregated from rear ports' station bus
communication.

3.3 

TCP/IP based protocols and used IP ports

IP port security depends on specific installation, requirements and existing
infrastructure. The required external equipment can be separate devices or devices
that combine firewall, router and secure VPN functionality. When the network is
divided into security zones, it is done with substation devices having firewall
functionality or with dedicated firewall products. Security zone boundaries are
inside the substation or between the substation and the outside world.

To set up an IP firewall the following table summarizes the IP ports used by the
device. All closed ports can be opened in the configuration. Ports which are by
default open are used for configuring the protection relay.

Table 2:

IP ports used by the relay

Port number

Type

Default state

Description

20, 21

TCP

Open

File transfer protocol

(FTP/FTPS)

102

TCP

Open

IEC 61850

502

TCP

Closed

Modbus TCP

FTP/FTPS and IEC 61850 are primary services needed for relay configuration and
those cannot be disabled. Additionally, the protection relay uses layer 2
communications in GOOSE, which needs to be taken into account when designing
the network.

In addition to the FTP/FTPS protocol, the relay supports two Ethernet-based
substation automation communication protocols, IEC 61850 and Modbus. IEC
61850 is always enabled, and the relay can be ordered with one additional station
bus protocol. Additional protocols must be enabled in the configuration, otherwise
the communication protocol TCP port is closed and unavailable. If the protocol
service is configured, the corresponding port is open all the time.

See the technical manual and the corresponding protocol documentation for
configuring a certain communication protocol.

In Modbus it is possible to assign the TCP port number if required and it is also
possible to allow connection requests only from a configured client IP address.

2NGA000818 A

Section 3

Secure system setup

REX610

11

Cyber Security Deployment Guideline

Summary of Contents for Relion REX610

Page 1: ...RELION PROTECTION AND CONTROL REX610 Cyber Security Deployment Guideline...

Page 2: ......

Page 3: ...Document ID 2NGA000818 Issued 2022 04 21 Revision A Product version 1 0 Copyright 2022 ABB All rights reserved...

Page 4: ...uch license This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org This product includes cryptographic software written developed by Eric Y...

Page 5: ...e which should be connected to a secure network It is the sole responsibility of the person or entity responsible for network administration to ensure a secure connection to the network and to take th...

Page 6: ...ical equipment for use within specified voltage limits Low voltage directive 2014 35 EU This conformity is the result of tests conducted by the third party testing laboratory KEMA in accordance with t...

Page 7: ...TCP IP based protocols and used IP ports 11 Secure communication 12 Certificate handling 12 Encryption algorithms 12 Section 4 User management 15 Local user account management 15 Password policies 17...

Page 8: ...Section 8 Glossary 27 Table of contents 2 REX610 Cyber Security Deployment Guideline...

Page 9: ...hase and during normal service 1 2 Intended audience This guideline is intended for the system engineering commissioning operation and maintenance personnel handling cybersecurity during the product l...

Page 10: ...9 3CE41B04C031 V1 EN US Figure 1 The intended use of documents during the product life cycle 1 3 2 Document revision history Document revision date Product version History A 2022 04 21 1 0 First relea...

Page 11: ...e and Menu paths are presented in bold Select Main menu Settings LHMI messages are shown in Courier font To save the changes in nonvolatile memory select Yes and press Parameter names are shown in ita...

Page 12: ...6...

Page 13: ...echnology including the adoption of open IT standards have brought huge benefits from an operational perspective but they have also introduced cyber security concerns previously known only to office o...

Page 14: ...8...

Page 15: ...at the whole system has backups available from all applicable parts Collecting and storing backups of the system components and keeping those up to date Removing all unnecessary user accounts Defining...

Page 16: ...be used only for point to point configuration access with PCM600 Table 1 Physical ports on relay s communication cards Port ID Type Default state Description A2 RJ 45 Open Ethernet station bus A2 RS 4...

Page 17: ...ption 20 21 TCP Open File transfer protocol FTP FTPS 102 TCP Open IEC 61850 502 TCP Closed Modbus TCP FTP FTPS and IEC 61850 are primary services needed for relay configuration and those cannot be dis...

Page 18: ...rotection relay The RSA key stored in the certificate is used to establish secure communication The certificate is used to verify that a public key belongs to an identity The public key is one part of...

Page 19: ...HA 256 is stored in the protection relay These are not accessible from outside via any ports No passwords are stored in clear text within the protection relay 2NGA000818 A Section 3 Secure system setu...

Page 20: ...14...

Page 21: ...s used to manage the local user accounts User accounts can be created under any role Administrator needs to share the default password generated for the user account by the tool with the users and rec...

Page 22: ...ad Write Read Write Read Read System Update Read Write Read Read Read User Management Read Write Read Read Read User account information can be exported from IED Users in PCM600 to an encrypted file w...

Page 23: ...no role selection required The highest role for the username is automatically selected by the protection relay Performing the Restore Factory settings operation in IED Users in PCM600 restores user a...

Page 24: ...ords and password policies are restored User authorization is disabled by default and can be enabled via the LHMI path Configuration Authorization Passwords User configuration change is not allowed wh...

Page 25: ...t change to maintain the memory storage Audit trail events related to user authorization login logout are defined according to the selected set of requirements from IEEE 1686 The logging is based on p...

Page 26: ...be used to view the audit trail events and process related events Audit trail events are visible through dedicated Security events view Since only the administrator has the right to read audit trail a...

Page 27: ...ter to False 1 Press to activate the login procedure 2 Press or to enter the username character by character Login Select user VIEWER GUID 17B1984C 9E98 49CF B108 12D80C131481 V1 EN US Figure 3 Select...

Page 28: ...iguration System Enable USB and press 2 Select True and press to enable the relay to detect the USB connection 3 Connect a computer with PCM600 to the relay s USB port 4 Enter the credentials if promp...

Page 29: ...s closed and a new session is initiated when reconnected 6 2 Logging out An automatic logout occurs 30 seconds after the backlight timeout 1 Press continuously for 3 seconds 2 To confirm logout select...

Page 30: ...24...

Page 31: ...r password has been changed Administrator or engineer credentials are needed for authorization 7 1 2 Creating a backup from the PCM600 project Backup from the PCM600 project is made by exporting the p...

Page 32: ...he display a few seconds after which the relay restarts Avoid the unnecessary restoring of factory settings because all the parameter settings that are written earlier to the relay will be overwritten...

Page 33: ...t Electronic Devices IEDs Cyber Security Capabilities IP Internet protocol LHMI Local human machine interface Modbus A serial communication protocol developed by the Modicon company in 1979 Originally...

Page 34: ...28...

Page 35: ...29...

Page 36: ...ABB Distribution Solutions P O Box 699 FI 65101 VAASA Finland Phone 358 10 22 11 abb com mediumvoltage Copyright 2022 ABB All rights reserved 2NGA000818 A...

Reviews:

No comments

Related manuals for Relion REX610

ABB S4Cplus Instruction preview
S4Cplus
Brand: ABB Pages: 86
MAHLE MCX-2 Operation Manual preview
MCX-2
Brand: MAHLE Pages: 21
FJC 45135 User Manual preview
45135
Brand: FJC Pages: 2
TAIKO Audio Extreme Manual preview
Extreme
Brand: TAIKO Audio Pages: 24
GE PANDA Service Manual preview
PANDA
Brand: GE Pages: 212
Jet JHC-200X Operating Instructions And Parts Manual preview
JHC-200X
Brand: Jet Pages: 12
ZOLL IVTM Physician'S Manual preview
IVTM
Brand: ZOLL Pages: 37
Wacker Neuson MP70 Operator'S Manual preview
MP70
Brand: Wacker Neuson Pages: 34
Wagan 2296 User Manual preview
2296
Brand: Wagan Pages: 4
Wachs TFS Manual preview
TFS
Brand: Wachs Pages: 22
Öhlins FCX 0301 Mounting Instructions preview
FCX 0301
Brand: Öhlins Pages: 8
?HC HC1200EB Quick Start Manual preview
HC1200EB
Brand: ?HC Pages: 2
B medical systems MRB 3000 SDD Instructions For Use Manual preview
MRB 3000 SDD
Brand: B medical systems Pages: 28
Mainpine IQ Express RF6118 Quick Start Manual preview
IQ Express RF6118
Brand: Mainpine Pages: 2
Jenx GAMMA GA1 Instructions For Use Manual preview
GAMMA GA1
Brand: Jenx Pages: 34
B+S CCF Series Installation, Operating And Servicing Instruction Manual preview
CCF Series
Brand: B+S Pages: 16
Maselec MDS-2 Quick Start Manual preview
MDS-2
Brand: Maselec Pages: 6
GGM gastro MTTGF30 Instruction And Maintenance Manual preview
MTTGF30
Brand: GGM gastro Pages: 3

Brands by name

Popular brands

Load more brands