ABB Relion 670 series - User Manual

Describes the process for handling cyber security when communicating with the IED.

For system engineering, commissioning, operation, and maintenance personnel handling cyber security.

Details instructions for engineering, installation, commissioning, operation and maintenance of IEDs.

Lists document numbers for application, commissioning, product guides, technical manuals, and type test certificates.

Explains warning, caution, information, and tip icons used in the document.

Outlines conventions for abbreviations, HMI paths, messages, parameter names, and logic diagrams.

Discusses the evolution of the electric power grid and the introduction of cyber security concerns.

Addresses preventing services from operating on unintended physical interfaces for cyber attack reduction.

Lists available ports, protocols, default states, and services for firewall setup.

Explains secure FTP negotiation with TLS and capabilities without encryption.

Details encryption strength for TLS connections using AES 256 or AES 128.

Protects the IED from overload by controlling inbound network traffic with quota control.

Describes self-signed certificates, X.509 certificates, and RSA key-pair generation for secure communication.

Discusses predefined user roles and the recommendation to use user-defined users.

Covers ASCII character requirements, password complexity, and expiry settings in PCM600.

Explains using the IED Users tool in PCM600 for editing user profiles and role assignments.

Details restoring factory settings for default users within the IED Users tool.

Describes editing user profiles, creating new users, deleting existing users, and editing group members.

Provides instructions to click in the Users tab to open the wizard for creating new users.

Steps to select a user, a new role, and assign the user to that role.

Instructions to select a user from the Users list for deletion.

Steps to select a user and change their password using the IED Users tool.

Explains modifying user roles and memberships in the Roles tab.

Explains exporting and importing IED user account data between IEDs.

Instructions to click the 'Write User Management Settings to IED' button.

Instructions to click the 'Read User Management Settings from IED' button.

Steps to select File/Save or click the Save toolbar button to save settings.

Describes Central Account Management as an authentication infrastructure for access control.

Overview of certificate management between Security Administrator, IED, and PCM600.

Steps to create IED certificates using PCM600 and SDM600.

Detailed steps for importing and writing certificates to an IED using PCM600.

Steps to read installed certificates from an IED using PCM600.

How to view installed certificate information on the IED's local HMI.

Explains reasons for certificate invalidity and system behavior.

Describes the process of deleting certificates from an IED after reading them.

Steps to activate Central Account Management on the IED via PCM600.

How to edit CAM configuration parameters and certificates in PCM600.

Steps to read CAM configuration from the IED using PCM600.

Steps to disable CAM mode and write the configuration to the IED.

Procedures to disable CAM and delete certificates via the IED's local HMI.

Discusses user, role, and right management on the CAM server.

Lists predefined user roles and their access rights according to IEC 62351-8.

Notes that password policy is set on the Central Account Management server (SDM600).

Describes user interaction for PCM600 access to CAM-enabled IEDs.

Steps for users to change their own password via PCM600 or LHMI.

Lists possible error messages during IED access or password changes.

Guides on checking CAM status via local HMI diagnostics.

Explains using IEC 61850 or Syslog for activity logging from the IED.

Covers settings for activity logging, including external log servers.

Details basic settings for ACTIVLOG, including external log server types and ports.

Lists SECALARM output signals: EVENTID and SEQNUMBER.

Covers basic settings for the SECALARM function, specifically the Operation parameter.

Explains that user operations are logged as security events and can be sent via Syslog.

Details event types logged by the GSAL logical node.

Steps to activate login procedures and enter user name and password.

Describes automatic and manual logoff procedures on the IED.

Explains how to save parameter changes in nonvolatile memory.

Details how to enter and use the IED's maintenance menu.

Instructions for recovering passwords or restoring IED defaults via the Maintenance Menu.

Steps to select the Recovery Menu option within the Maintenance Menu.

Instructions to enter the PIN code 8282 to access the Recovery Menu.

Procedures to temporarily disable authority for system access.

Discusses accessing the IED via the Maintenance Menu as a fallback solution.

Explains how to create and manage restore points for IED configurations.

Overview of relevant cyber security standards and ABB's role in their development.

Details compliance with IEEE 1686 standard for IED cyber security capabilities.

Definition of Advanced Encryption Standard (AES) and its key sizes.

Definition of Central Account Management.

Definition of Intelligent Electronic Device.

Standard for Substation Intelligent Electronic Devices cyber security.

Definition of Local Human Machine Interface.

Definition of Protection and Control IED Manager.

Archive file format for Public-Key Cryptography Standards.

Definition of Supervision, control and data acquisition.

Definition of Transport Layer Security.

Definition of Virtual Private Network.