97
DMC3S - Manual - 08 - 2021
— Network communication security
The device does not use unencrypted protocols like telnet, ftp. All communications required to con-
figure the equipment, such as calibrations, CID transmission, etc. are handled by the “SSH” protocol
in encrypted mode.
Protocols for data exchange with SCADA, e.g. IEC61850 / DNP3 / MODBUSTCP, are not encrypted, if
implementation of IEC62351 specifications is not expressly requested.
The NTP, PTP synchronisation protocols are not normally encrypted.
— Cybersecurity application scheme
The configuration of the DMC3S protection relay and monitoring functions pose problems relating
to the security and privacy of the data traffic exchanged between the equipment and the remote
control centre.
The following aspects must be considered:
• Traffic encryption, so that the data may not be intercepted, analysed and modified
freely by third parties
• Implementation of the authentication mechanism to prevent generation of
false third party messages and their acceptance as valid
— Access procedure
The authentication mechanism consists in sending authentication requests from the incoming board
to a remote RADIUS authentication server which handles user validation, and returns positive or
negative feedback to the CPU depending on whether the user's credentials are valid or not, along
with user level information.
RADIUS authentication employs a remote server and uses a secret shared by the board and the serv-
er to validate requests for access. The configurator enables definition of all the parameters required
for this type of authentication.
To Next Page
Loading...
