Password Recovery; Entry Of The Recovery Password; Password Encryption - GE MiCOM P40 Agile Technical Manual
Hide thumbs
Also See for MiCOM P40 Agile:
- Technical manual (962 pages) ,
- Technical manual (802 pages) ,
- Technical manual (108 pages)
Table of Contents
Advertisement
Cyber Security
MiCOM P40 Agile P441, P442, P444
4.5
Password Recovery
Password recovery is the means by which the passwords can be recovered on a device if
the customer should mislay the configured passwords. To obtain the recovery password the
customer must contact the General Electric Customer Care Center and supply two pieces of
information from the IED – namely the Serial Number and its Security Code. The Customer
Care Centre will use these items to generate a Recovery Password which is then provided to
the customer.
The security code is a 16-character string of upper case characters. It is a read-only
parameter. The IED generates its own security code randomly. A new code is generated
under the following conditions:
• On power up
• Whenever settings are set back to default
• On expiry of validity timer (see below)
• When the recovery password is entered
As soon as the security code is displayed on the LCD display, a validity timer is started. This
validity timer is set to 72 hours and is not configurable. This provides enough time for the
Customer Care Centre to manually generate and send a recovery password. The Service
Level Agreement (SLA) for recovery password generation is one working day, so 72 hours is
sufficient time, even allowing for closure of the Customer Care Centre over weekends and
bank holidays.
To prevent accidental reading of the IED security code the cell will initially display a warning
message:
The security code will be displayed on confirmation, whereupon the validity timer will be
started. Note that the security code can only be read from the front panel.
4.5.1
Entry of the Recovery Password
The recovery password is intended for recovery only. It is not a replacement password that
can be used continually. It can only be used once – for password recovery.
Entry of the recovery password causes the IED to reset all passwords back to default. This is
all it is designed to do. After the passwords have been set back to default, it is up to the user
to enter new passwords appropriate for the function for which they are intended, ensuring
NERC compliance, if required.
On this action, the following message is displayed:
The recovery password can be applied through any interface, local or remote. It will achieve
the same result irrespective of which interface it is applied through.
4.5.2
Password Encryption
The IED supports encryption for passwords entered remotely. The encryption key can be
read from the IED through a specific cell available only through communication interfaces,
not the front panel. Each time the key is read the IED generates a new key that is valid only
for the next password encryption write. Once used, the key is invalidated and a new key
must be read for the next encrypted password write. The encryption mechanism is otherwise
transparent to the user.
PRESS ENTER TO
READ SEC. CODE
PASSWORDS HAVE
BEEN SET TO DEFAULT
P44x/EN CS/Hb6
(CS) 15-15
Advertisement
Table of Contents
Troubleshooting
