SMP Gateway User Manual • 85
13 Security
To derive full benefits from IED integration, substation data must be available to users at
enterprise level. However, widespread data access can become an important security risk if it is
compromised.
In August 2003, the North American Electric Reliability Council (NERC) issued the NERC
1200 Urgent Action Cyber Security Standard in order “To reduce risks to the reliability of the
bulk electric systems from any compromise of critical cyber assets (computers, software and
communications networks) that support those systems.”
The NERC 1200 standard evolved into NERC 1300, and is now known as NERC CIP-002-1 to
CIP-009-1 Cyber Security Standards. These standards describe measures that utilities will have
to implement, as well as a strict timeline for implementation.
This chapter describes the advanced security features that Cooper Power Systems has
implemented since version 4 of the SMP Gateway software and tools, in order to provide utilities
with a secure, NERC-compliant, solution to integrate their substation devices. It then takes you
through the steps required to customize the security settings to suit the needs of your organization,
and provides some general guidelines on setting up a secure substation LAN.
13.1 Meeting NERC CIP Requirements
The Cybectec SMP Gateway helps you meet NERC requirements by providing secure access to
substation devices. Its sophisticated software includes the following security features:
Authentication and authorization — Each user is authenticated by the SMP Gateway via a
user name and a password. Strong passwords, individual user accounts, user groups, and
detailed group permissions protect critical system functions from unauthorized access. All
access attempts are logged, and accounts are locked out in the event of multiple failed
attempts.
Protection from substation LAN security breaches — The SMP Gateway is protected by a
built-in firewall and a built-in VPN server. All TCP/IP ports are blocked, except those
required for control center communications and SMP Gateway status monitoring. All
communications between the SMP Gateway and the SMP Tools goes through an encrypted
VPN tunnel, even through active passthrough connections.
To Next Page
Loading...
