2-6 G30 Generator Protection System GE Multilin
2.1 INTRODUCTION 2 PRODUCT DESCRIPTION
2
c) CYBERSENTRY SECURITY
CyberSentry Embedded Security is a software option that provides advanced security services. When this option is pur-
chased, the basic password security is disabled automatically.
CyberSentry provides security through the following features:
• An Authentication, Authorization, Accounting (AAA) Remote Authentication Dial-In User Service (RADIUS) client that
is centrally managed, enables user attribution, provides accounting of all user activities, and uses secure standards-
based strong cryptography for authentication and credential protection.
• A Role-Based Access Control (RBAC) system that provides a permission model that allows access to UR device oper-
ations and configurations based on specific roles and individual user accounts configured on the AAA server (that is,
Administrator, Supervisor, Engineer, Operator, Observer).
• Security event reporting through the Syslog protocol for supporting Security Information Event Management (SIEM)
systems for centralized cybersecurity monitoring.
• Strong encryption of all access and configuration network messages between the EnerVista software and UR devices
using the Secure Shell (SSH) protocol, the Advanced Encryption Standard (AES), and 128-bit keys in Galois Counter
Mode (GCM) as specified in the U.S. National Security Agency Suite B extension for SSH and approved by the
National Institute of Standards and Technology (NIST) FIPS-140-2 standards for cryptographic systems.
CYBERSENTRY USER ROLES
CyberSentry user roles (Administrator, Engineer, Operator, Supervisor, Observer) limit the levels of access to various UR
device functions. This means that the EnerVista software allows for access to functionality based on the user’s logged in
role.
Example: Administrative functions can be segmented away from common operator functions, or engineering type access,
all of which are defined by separate roles, as shown in the following figure, so that access of UR devices by multiple per-
sonnel within a substation is allowed.
Figure 2–4: CYBERSENTRY USER ROLES
The table lists the roles that are supported and their corresponding capabilities.
Table 2–3: PERMISSIONS BY USER ROLE FOR CYBERSENTRY
Roles Administrator Engineer Operator Supervisor Observer
Complete access Complete access
except for
CyberSentry
Security
Command
menu
Authorizes
writing
Default role
Device Definition RRRRR
Settings
|------------ Product Setup
|--------------- Security (CyberSentry) RW R R R R
|--------------- Supervisory see table notes R R see table notes R
|--------------- Display Properties RW RW R R R
|---------------
Clear relay records
(settings) RW RW R R R
842838A2.CDR
Administrator
Engineer
Supervisor
Operator
Observer
To Next Page
Loading...
