Professional Documents
Culture Documents
The new generation of automation systems utilizes open standards such as IEC 60870-5-104, DNP 3.0 and IEC 61850 and commercial technologies, in particular Ethernet and TCP/IP based communication protocols. They also enable connectivity to external networks, such as office intranet and internet. These
Remote Access
Ofce Access
IEC 60870-5-104
Communication Gateway
IEC 61850
Standard NIST SGIP-CSWG NERC CIP IEC 62351 IEEE PSRC/H13 & SUB/C10 IEEE 1686 ISA S99
Main Focus Smart Grid Interoperability Panel Cyber Security Working Group Cyber Security regulation for North American power utilities Data and Communications Security Cyber Security Requirements for Substation Automation, Protection and Control Systems IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities Industrial Automation and Control System Security
Cyber security embedded Cyber security is embedded in ABBs product lifecycle, and addressing cyber security is an integral part of our substation automation products and system solutions. This means that cyber security is addressed in every phase from design and development, to maintenance of the products in our portfolio. Threat modeling and security design reviews, security training of software developers as well as in-house and external security testing as part of quality assurance processes are examples of numerous actions ABB is taking to ensure reliable and secure solutions for its customers. Individual user accounts or detailed security event logs are just two examples of built-in security features available in our products. ABBs substation automation systems can be offered with firewalls and pre-defined antivirus software, and the system deliveries follow our strict guidelines concerning handling cyber security.
Cyber security without compromises Evolving technologies like Ethernet and industry specific standards such as IEC 61850 are enablers for information exchange that support higher system reliability. Additionally, it is important to safeguard interoperability, which allows information exchange between different vendors IEC 61850 compliant products and systems. Ensuring reliability and interoperability are two of the main goals when designing and engineering IEC 61850-based substation automation systems. Supporting availability, reliability and interoperability, while at the same time addressing cyber security, is a challenging task. ABB is committed to working towards providing our customers with solutions that address all these aspects without compromise.
Interactions between the substation automation system, corporate networks and the outside world are usually handled on the station level, which means that ensuring a high level of security on the station level is vital to the security of the SA system itself. Therefore, ABB uses best-in-class firewalls, intrusion detection or prevention systems, or VPN technology. All communication from the outside world to a substation can, for instance, be protected by using a firewall and/or VPN-enabled communication. Systems can additionally be divided into multiple security zones as needed to further improve security.
The key requirements that need to be covered by a secure substation automation system are:
Availability Integrity Confidentiality Authentication Authorization Auditability avoid denial of service avoid unauthorized modification avoid disclosure avoid spoofing / forgery avoid unauthorized usage avoid hiding of attacks
Maintenance Center (Security Zone 4) Encrypted communication Workstation Antivirus Security Zone 2 MicroSCADA Pro SYS600 Antivirus
Encrypted communication
Firewall / Router / VPN Station LAN Firewall / Router / VPN MicroSCADA Pro SYS600C
Encrypted communication
Firewall / Router / VPN In Integrated W Web HMI Security Zone 2 RTU560 Mobus, DNP 3.0
<<https>>
I/O
Authentication and authorization Both MicroSCADA Pro and RTU560 support user authentication and authorization on an individual user level. User authentication is required and authorization is enforced for all interactive access to the products. Customers can manage user accounts freely, allowing them to create, edit and delete user accounts, and define usernames and passwords according to their policies. User rights can be managed completely by either assigning access permissions to accounts directly or by using roles (Role Based Access Control). To support NERC-CIP and IEEE 1686 requirements, both MicroSCADA Pro and RTU560 support password policies that allow customers to specify minimum password length as well as password complexities. Passwords are case sensitive and support alphanumeric and special characters.
Auditability and logging ABB substation automation devices create audit trails (log files) of all security relevant user activity. Security events that are being logged include user log-in, log-out, change of parameters or configurations, and updates to software or firmware. For each event date and time, user, event ID, outcome and source of event are logged. Access to the audit trail is available to authorized users only. Product and system hardening The robustness of a product can be significantly improved by closing all the ports and services that are not used. MicroSCADA Pro and RTU560 have been systematically hardened. For example, unused services have been removed and unused ports closed, and have been thoroughly tested at ABBs dedicated, independent security test center using state-ofthe-art commercial and open source security testing tools. Hardening steps as well as the resulting configurations, such as open ports and services, are documented in detail. Only ports and services for normal operation are enabled in ABB devices by default.
Contact us
ABB Oy Substation Automation Products P.O. Box 699 FI-65101 Vaasa, Finland Phone: +358 10 22 11 Fax: +358 10 22 41094 ABB AG Power Systems Division P.O. Box 10 03 51 DE-68128 Mannheim, Germany Phone: +49 621 381 3000 Fax: +49 621 381 7662
ABB AB Substation Automation Products SE-72159 Vsters, Sweden Phone: +46 21 32 50 00 Fax: +46 21 14 69 18 www.abb.com/substationautomation
1KHA - 001 149, - SEN 1000 - 12.10 - Printed in Switzerland ABB Switzerland Ltd, December 2010. The right to modifications or deviations due to technical progress is reserved.
ABB Switzerland Ltd Power Systems Bruggerstrasse 72 CH-5400 Baden, Switzerland Phone: +41 58 585 77 44 Fax: +41 58 585 55 77