Multi-Level Safety Concept - Siemens Reyrolle 7SR5 Operating Manual

Hide thumbs Also See for Reyrolle 7SR5:

Manual (504 pages)

Device manual (556 pages)

Manual (50 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

Table of Contents

9.2

Multi-Level Safety Concept

Multi-Level Security Concept

Reydisp Manager 2 offers many useful functions for the configuration and testing of your 7SR5 devices.

Constant password prompts are not sensible during this phase. During operation, however, the focus is on the

reading of data. Reconfiguration and switching are safety-critical operations. These operations lead to failures

in operation if they are carried out inadvertently or without authorization. After completion of commissioning,

you can activate a multi-level security concept in the device.

Before Reydisp Manager 2 can communicate with the 7SR5 device via its Ethernet services, the device carries

out secure authentication. Only Reydisp Manager 2 has the authorization for communication with the device.

In addition, a connection password that meets the strict rules of NERC-CIP can be configured. The password is

securely stored in the device. The password must contain upper-case and lower-case letters, digits, and special

characters and must be at least 8 to 24 characters long. It is queried before connection is established. A

connection to the 7SR5 device cannot be established until the correct password has been entered. You now

have read access.

All write-access rights to the 7SR5 device such as, for example, changing setting values or switching are

protected by other security prompts, the confirmation IDs. If changes are done via the integrated operation,

these confirmation IDs are queried on the on-site operation panel. The confirmation ID contains only numbers

that you must enter at the on-site operation panel or in Reydisp Manager 2.

NOTE

The confirmation IDs are only needed if the role-based access control (RBAC) is not activated in the 7SR5

device.

The 3-level security concept consists of secure authentication, the connection password, and other confirma-

tion IDs. This concept provides the highest possible degree of access protection during operation. Even remote

access to devices is protected. You can also use an Ethernet module exclusively for the communication with

Reydisp Manager 2. Access by a substation control network with the unsecured IEC 61850 protocol and

remote access with Reydisp Manager 2 are then carried out via completely separate networks. Even though

the 7SR5 device communicates with Reydisp Manager 2 via an Ethernet module, communication between

Reydisp Manager 2 and the device is encrypted using tap-proof technology.

Wrong password entries are identified and logged. An alarm can be triggered via a telecontrol connection.

Safety-critical operations are also logged and cannot be deleted in the device. If files on the PC were manipu-

lated by malware (for example, viruses), they cannot be loaded into the device.

NOTE

The system operator is responsible for further protection-function tests within maintenance intervals.

Check protection functions using secondary test equipment (see Device manual).

Reyrolle 7SR5, Operating, Manual

C53000-B7040-C013-1, Edition 05.2021

Security Settings

9.2 Multi-Level Safety Concept

135

Table of Contents

Multi-Level Safety Concept - Siemens Reyrolle 7SR5 Operating Manual

Multi-Level Safety Concept

Related Manuals for Siemens Reyrolle 7SR5

Related Content for Siemens Reyrolle 7SR5

Table of Contents