ABB RELION 670 SERIES Manual page 71

Cyber security deployment guideline

Hide thumbs Also See for RELION 670 SERIES:

Technical manual (1432 pages)

Technical reference manual (1232 pages)

Applications manual (944 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

Table of Contents

1MRK 511 399-UEN B

670 series 2.2 IEC

Cyber security deployment guideline

•

A substation can be equipped with two redundant authentication servers

operating in a hot standby mode.

•

If configured by the security administrator, the IED itself maintains a local

replica in the database with selected users. This database is periodically

updated with data from the server and used as fallback if none of the servers

are reachable.

Note that not all users in the SDM600 server are part of the replica. There might be

users that are not assigned to any replication group. IED only replicates those users

which are part of replication group configured in the IED.

This replication can be disabled using PCM600 by the security administrator,

which means that the IED will forward login requests to the SDM600 for

authorization and in case of problems with the network users will not be able to log

in to the IED.

If user replication has been disabled in a CAM-enabled IED and if

communication with SDM600 is lost, access to that IED will be

denied until communication is re-established.

All communication between the central management and the IEDs is protected

using secure communication. Customers using SDM600 are required to generate

and distribute certificates during the engineering process of the substation. These

certificates ensure mutual trust between IED and for example SDM600, FTP,

PCM600 and other system.

Table 9:

Authority-related IED functions

Function

Description

Authority status

This function is an indication function block for user logon activity.

ATHSTAT

User denied attempt to logon and user successful logon are reported.

Authority check

To safeguard the interests of our customers, both the IED and the tools that

ATHCHCK

are accessing the IED are protected, by means of authorization handling. The

authorization handling of the IED and the PCM600 is implemented at both

access points to the IED:

•

The IED users can be created, deleted and edited only in the CAM server.

Authority

This function enables/disables the maintenance menu. It also controls the

management

maintenance menu logon time out.

AUTHMAN

For more information on the functions Authority Management (AUTHMAN),

Authority Status (ATHSTAT), and Authority Check (ATHCHCK) functions, refer

to chapter "Basic IED functions" in the Technical Manual.

Central Account Management

local, through the local HMI

remote, through the communication ports

Section 5

Table of Contents

This manual is also suitable for:

Relion 670 series

ABB RELION 670 SERIES Manual page 71

Related Manuals for ABB RELION 670 SERIES

Related Products for ABB RELION 670 SERIES

This manual is also suitable for:

Table of Contents