ABB Relion REX610 Manual Download Page 18 | Manualshive

Page: 18 / 36

background image

3.4

Secure communication

The protection relay supports secure communication for file transfer protocol using
Transport Layer Security protocol. File transfer client must use explicit FTPS to
communicate to the relay.

FTPS is always enabled by default but the relay also supports FTP communication.
PCM600 always uses FTPS to communicate with the relay.

It is recommended to always use FTPS communication.

3.4.1

Certificate handling

For encryption and secure identification, FTPS protocols in the protection relay use
public key certificates that bind together a public key with an identity, that is,
information such as the name of an organization, their address and so on. The
server certificate used by the protection relay is generated by the relay itself as a
self-signed certificate and not issued by any certification authority (CA).

Certificates use encryption to provide secure communication over the network. A
self-signed X.509 certificate and an RSA key-pair with key-length of 1024 bits is
generated by the protection relay. The RSA key stored in the certificate is used to
establish secure communication.

The certificate is used to verify that a public key belongs to an identity. The public
key is one part of an asymmetric key algorithm in which one key is used to encrypt
a message and another key is used to decrypt it. The public private key pair
(asymmetric key) is used to exchange the symmetric key, which is used to encrypt
and decrypt the data that is exchanged between server and client.

Messages encrypted with the public key can only be decrypted with the other part
of the algorithm, the private key. Public and private key are related mathematically
and represent a cryptographic key pair. The private key is kept secret and stored
safely in the protection relay, while the public key may be widely distributed.

Once the protection relay certificate has been manually trusted in a separate dialog
box, the certificate is trusted in communication between the relay and PCM600.

3.4.2

Encryption algorithms

TLS connections are encrypted with either AES 256 or AES 128. At start-up a
negotiation decides between these two options.

Section 3

2NGA000818 A

Secure system setup

12

REX610

Cyber Security Deployment Guideline

«
...
16
17
18
19
20
...
»

Summary of Contents for Relion REX610

Page 1: ...RELION PROTECTION AND CONTROL REX610 Cyber Security Deployment Guideline...

Page 2: ......

Page 3: ...Document ID 2NGA000818 Issued 2022 04 21 Revision A Product version 1 0 Copyright 2022 ABB All rights reserved...

Page 4: ...uch license This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org This product includes cryptographic software written developed by Eric Y...

Page 5: ...e which should be connected to a secure network It is the sole responsibility of the person or entity responsible for network administration to ensure a secure connection to the network and to take th...

Page 6: ...ical equipment for use within specified voltage limits Low voltage directive 2014 35 EU This conformity is the result of tests conducted by the third party testing laboratory KEMA in accordance with t...

Page 7: ...TCP IP based protocols and used IP ports 11 Secure communication 12 Certificate handling 12 Encryption algorithms 12 Section 4 User management 15 Local user account management 15 Password policies 17...

Page 8: ...Section 8 Glossary 27 Table of contents 2 REX610 Cyber Security Deployment Guideline...

Page 9: ...hase and during normal service 1 2 Intended audience This guideline is intended for the system engineering commissioning operation and maintenance personnel handling cybersecurity during the product l...

Page 10: ...9 3CE41B04C031 V1 EN US Figure 1 The intended use of documents during the product life cycle 1 3 2 Document revision history Document revision date Product version History A 2022 04 21 1 0 First relea...

Page 11: ...e and Menu paths are presented in bold Select Main menu Settings LHMI messages are shown in Courier font To save the changes in nonvolatile memory select Yes and press Parameter names are shown in ita...

Page 12: ...6...

Page 13: ...echnology including the adoption of open IT standards have brought huge benefits from an operational perspective but they have also introduced cyber security concerns previously known only to office o...

Page 14: ...8...

Page 15: ...at the whole system has backups available from all applicable parts Collecting and storing backups of the system components and keeping those up to date Removing all unnecessary user accounts Defining...

Page 16: ...be used only for point to point configuration access with PCM600 Table 1 Physical ports on relay s communication cards Port ID Type Default state Description A2 RJ 45 Open Ethernet station bus A2 RS 4...

Page 17: ...ption 20 21 TCP Open File transfer protocol FTP FTPS 102 TCP Open IEC 61850 502 TCP Closed Modbus TCP FTP FTPS and IEC 61850 are primary services needed for relay configuration and those cannot be dis...

Page 18: ...rotection relay The RSA key stored in the certificate is used to establish secure communication The certificate is used to verify that a public key belongs to an identity The public key is one part of...

Page 19: ...HA 256 is stored in the protection relay These are not accessible from outside via any ports No passwords are stored in clear text within the protection relay 2NGA000818 A Section 3 Secure system setu...

Page 20: ...14...

Page 21: ...s used to manage the local user accounts User accounts can be created under any role Administrator needs to share the default password generated for the user account by the tool with the users and rec...

Page 22: ...ad Write Read Write Read Read System Update Read Write Read Read Read User Management Read Write Read Read Read User account information can be exported from IED Users in PCM600 to an encrypted file w...

Page 23: ...no role selection required The highest role for the username is automatically selected by the protection relay Performing the Restore Factory settings operation in IED Users in PCM600 restores user a...

Page 24: ...ords and password policies are restored User authorization is disabled by default and can be enabled via the LHMI path Configuration Authorization Passwords User configuration change is not allowed wh...

Page 25: ...t change to maintain the memory storage Audit trail events related to user authorization login logout are defined according to the selected set of requirements from IEEE 1686 The logging is based on p...

Page 26: ...be used to view the audit trail events and process related events Audit trail events are visible through dedicated Security events view Since only the administrator has the right to read audit trail a...

Page 27: ...ter to False 1 Press to activate the login procedure 2 Press or to enter the username character by character Login Select user VIEWER GUID 17B1984C 9E98 49CF B108 12D80C131481 V1 EN US Figure 3 Select...

Page 28: ...iguration System Enable USB and press 2 Select True and press to enable the relay to detect the USB connection 3 Connect a computer with PCM600 to the relay s USB port 4 Enter the credentials if promp...

Page 29: ...s closed and a new session is initiated when reconnected 6 2 Logging out An automatic logout occurs 30 seconds after the backlight timeout 1 Press continuously for 3 seconds 2 To confirm logout select...

Page 30: ...24...

Page 31: ...r password has been changed Administrator or engineer credentials are needed for authorization 7 1 2 Creating a backup from the PCM600 project Backup from the PCM600 project is made by exporting the p...

Page 32: ...he display a few seconds after which the relay restarts Avoid the unnecessary restoring of factory settings because all the parameter settings that are written earlier to the relay will be overwritten...

Page 33: ...t Electronic Devices IEDs Cyber Security Capabilities IP Internet protocol LHMI Local human machine interface Modbus A serial communication protocol developed by the Modicon company in 1979 Originally...

Page 34: ...28...

Page 35: ...29...

Page 36: ...ABB Distribution Solutions P O Box 699 FI 65101 VAASA Finland Phone 358 10 22 11 abb com mediumvoltage Copyright 2022 ABB All rights reserved 2NGA000818 A...

Reviews:

No comments

Related manuals for Relion REX610

Brand: NARGESA Pages: 33

Brand: Keiser Pages: 2

Brand: ECA Pages: 3

Brand: Nautilus Pages: 12

Brand: B&K Pages: 12

Brand: Yamaha Pages: 50

Brand: A&D Pages: 30

Movie FL Black E27 Flaps

Brand: Qazqa Pages: 2

Brand: d.s.f. Pages: 8

Brand: Eaton Pages: 2

Brand: Eaton Pages: 2

Brand: Eaton Pages: 20

Brand: Eaton Pages: 24

Brand: Federal Signal Corporation Pages: 4

Brand: FASTERHOLT Pages: 96

Brand: York Pages: 26

Brand: PASCO Pages: 5

Brand: Pasco Scientific Pages: 27

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands