Document ID

Cyber security for substation automation

products and systems
2 | Cyber security for substation automation systems | by ABB
ABB addresses all aspects of cyber
security

The electric power grid has evolved significantly over the TCP/IP-based communication protocols. They also enable
past decade thanks to many technological advancements connectivity to external networks, such as office intranet
and breakthroughs. As a result, the emerging smart grid is systems and the Internet. These changes in technology,
quickly becoming a reality. At the heart of these intelligent including the adoption of open IT standards, have brought
advancements are specialized IT systems various control huge benefits from an operational perspective, but they have
and automation solutions such as substation automation also introduced cyber security concerns previously known only
systems. To provide end users with comprehensive to office or enterprise IT systems.
real-time information, enabling higher reliability and
greater control, automation systems have become ever To counter cyber security risks, open IT standards are equipped
more interconnected. To combat the increased risks with cyber security mechanisms. These mechanisms, developed
associated with these interconnections, we offer a wide in a large number of enterprise environments, are proven
range of cyber security products and solutions for technologies that enable the design, development and
automation systems and critical infrastructure. continual improvement of cyber security solutions specifically
for control systems, including substation automation applica-
tions.

The new generation of automation systems uses open We fully understand the importance of cyber security and
standards such as IEC 60870-5-104, DNP 3.0 and IEC 61850 its role in advancing the security of substation automation
and commercial technologies, in particular Ethernet- and systems. As an ABB customer investing in new ABB techno-

System architecture for substation automation system.

Cyber security for substation automation systems | by ABB | 3

Systematic approach to cyber security

logies, you can rely on products and system solutions where ments concerning cyber security. The mandate of the council
reliability and security have the highest priority. is to ensure that products and solutions used in power systems
meet the expectations of customers. Besides continuously
To assure reliability and availability of electricity, ABB has adapting security requirements to keep up with the changing
a strategic partnership with the well known cyber security demand, the Security Council drives proactive R&D efforts to
company Industrial Defender. Industrial Defenders solutions address emerging trends, and ensures fast and efficient
provide in-depth monitoring, enhanced management, and security improvements.
protection for utility operations networks.
We also recognize the importance of cyber security standards
At ABB, we have identified cyber security as a key requirement and we are an active member in several industry initiatives,
and we are committed to providing products, systems and including IEEE and IEC. This involvement ensures that the
services that clearly address this issue. We take a systematic needs of our customers are considered in the development of
approach to cyber security through our operations on a global new standards and that ABB remains abreast of new develop-
level. For instance, we have established the Power Systems ments. It also enables us as a company to incorporate
Security Council to keep track of global needs and require- new standards into our products and systems, helping our

4 | Cyber security for substation automation systems | by ABB

customers to comply with regulation as it comes into force. Cyber security embedded
Key cyber security initiatives driven or supported by ABB: Cyber security is integral to the product life cycle at ABB, and
it is incorporated into our substation automation products and
systems. Threat modeling and security design reviews,
security training of software developers, as well as in-house
Standard Main Focus and external security testing, are some of the multiple actions
NERC CIP Cyber Security regulation for North American power we are taking to ensure reliable and secure solutions for our
utilities customers. Individual user accounts and detailed security
IEC 62351* Data and Communications Security event logs are just two examples of built-in security features
IEEE 1686 IEEE Standard for Substation Intelligent Electronic available in our products. Our substation automation systems
Devices (IEDs) Cyber Security Capabilities are available with firewalls and pre-defined antivirus software,
IEC 62443 * Industrial Automation and Control System Security and all system deliveries follow our strict guidelines on cyber
(formerly known as ISA S99) security.
* standard is still in development

Cyber security for substation automation systems | by ABB | 5

Cyber security - addressed throughout
the system life cycle

Cyber security without compromises security standards, such as NERC CIP. We view cyber
Evolving technologies like Ethernet and industry-specific security not as a single, one-time activity, but as an integrated
standards such as IEC 61850 are enablers for information part of different phases in the product and system life cycle.
exchange that support higher system reliability, but it is also Cyber security aspects are taken into consideration from early
important to safeguard interoperability. This is an essential design and development, extending through testing and
feature in modern systems, allowing information exchange commissioning, as well as to processes supporting products
between different vendors IEC 61850-compliant products and and systems in operation . One key element is our indepen-
systems. Ensuring reliability and interoperability are two of the dent robustness test center, where all our products are tested
main goals when designing and engineering IEC 61850-based using current, state-of-the-art security testing tools.
substation automation products and systems. Ensuring these
aspects while maintaining availability and also addressing cyber A centralized security testing process, applying up-to-date
security is a challenging set of tasks. ABB is committed to and rigorous procedures, guarantees a common and best-
providing you with substation automation products and solu- practice approach. Our test center conducts regular regressi-
tions that address all of these aspects without compromise. on tests on our products and systems to warrant a high level
of robustness against cyber security attacks.
We aim to provide products and solutions that enable substa-
tion automation customers to fulfill the requirements of cyber

6 | Cyber security for substation automation systems | by ABB

Cyber security on the system level

Cyber security service offering Interactions between substation automation systems, corpo-
At ABB, we are constantly extending and improving our rate networks and the outside world are usually handled on
security-related processes to ensure that new vulnerabilities the station level. In order to secure the substation automation
are handled properly. A timely response to such issues is an system itself, it is therefore vital to ensure high levels of security
important factor in our efforts to help customers minimize at that level. ABB products and systems use best-in-class
their exposure to cyber security threats. firewalls, intrusion detection and prevention systems, as well
as VPN technology for encryption. Thanks to the firewall the
The focus is on maintaining and increasing the cyber security substation can be protected by blocking all unnecessary
level of the installed base of substation automation systems. incoming communication. To provide an additional level of
In addition to our technical solutions we provide training, security, systems can be subdivided into multiple security
consulting as well as a cyber security risk assessment, zones.
providing the best cyber security solution for the installation.
This assessment analyses the technical as well as the
organizational aspects of the installation in order to reduce
cyber security risks. Based on this assessment the optimized
measures will be proposed.

Protect
against threats to
substation automation systems

Manage
critical activities, such as
configurations, changes and patches

Monitor
security and health
activities in real-time

Product and system cyber security features

Cyber security for substation automation systems | by ABB | 7

Cyber security product features

ABBs cyber security feature packages At ABB, we are addressing cyber security requirements on a
ABB offers a large number of cyber security features in the system- as well as on a product level to support cyber security
field of substation automation. Those features cover the standards such as NERC-CIP, IEEE 1686 and BDEW Whitepaper.
following areas: We support verified third-party security patches and antivirus
software to protect station computers from viruses and other
Product and system hardening: All components of the types of attacks. Cyber security can also be improved by
system are permanently hardened according to well-known preventing the unauthorized use of removable media (such
best-practice guides. as USB memory sticks) in station computers. We have built
Monitor: The monitor features provide real-time security additional security mechanisms into our products. Those offer
and health activity monitoring across the substation advanced account management, secure communication and
automation systems including networks and applications. detailed security audit trails. This makes it easier for our
Manage: The Managing features enable users to monitor customers to address NERC CIP requirements and maintain
and manage critical activity such as configurations, compliance standards.
changes and patches across the substation automation
system.
Protect: Protecting substation automation systems means
defending against unauthorized applications, memory
exploits and malware that can compromise SA system
availability, performance, security and compliance.

Secure architecture for MicroSCADA Pro based solution.

8 | Cyber security for substation automation systems | by ABB

Authentication and authorization (Role Based Access Control) Auditability and logging
ABB substation automation products support user authentication ABB substation automation products create audit trails (log
and authorization on an individual user level. Authentication is files) of all security-relevant user activity to monitor within
required and authorization enforced for all access to these actions users perform. Security events that are logged
products. As a customer, you will be able to manage user include individual user log-in, log-out, change of parameters
accounts yourself. You will be able to create, edit and delete or configurations, and updates to software or firmware. For
accounts, as well as define usernames and passwords each event, date and time, user, event ID, outcome and
according to your own policies. User rights can be managed source of event are logged. Access to the audit trail is
either by assigning access permissions directly to individual available to authorized users only.
accounts or by using granting access according to a users
job title (role-based access control). To support NERC-CIP Product and system hardening
and IEEE 1686 requirements, ABBs substation automation Products can be made significantly more robust by closing
products support password policies that allow you to specify ports and services that are not in use. Our products have
the minimum length as well as the password complexity. been systematically hardened to ensure that the products are
Passwords are case sensitive and can include alphanumeric robust against attacks and perform their main function. For
and special characters. example, unused services have been removed and unused
ports closed, and the products have been thoroughly tested
at our dedicated, independent security test center using
state-of-the-art commercial and open-source security testing

Cyber security for substation automation systems | by ABB | 9

tools. Hardening steps as well as the resulting configurations, ABB evaluates security updates from third-party software such
such as open ports and services, are documented in detail. as McAfee, Adobe, Microsoft and other operating systems with
By default, only ports and services required for normal respect to relevance to, and compatibility with, substation
operation are enabled in our devices. automation products.

Secure communication Compatibility with both MicroSCADA Pro SYS 600 and
ABB substation automation products permits various measures MicroSCADA Pro SYS 600C are analyzed and, for verification,
to secure the communication. One example is the built in VPN a compatibility report is then issued, certifying that the
communication in MicroSCADA Pro SYS 600 and RTU500 relevant security patches can be installed in the system,
series to establish a secure communication between the following guidelines from the software vendor, without
substation and the remote system. RTU500 series permits impacting the functionality, stability or performance of the
encrypted communication between the web browser and the products. For embedded devices latest security patches are
RTU as well as the Relion 650 series supports a secure used to increase the robustness of the substation automation
communication between the PCM600 and the control and products.
protection devices using state of the art encryption methods.

Patch management

Secure architecture for RTU560 based solution.

10 | Cyber security for substation automation systems | by ABB

Patch deployment
To ensure an adequate security throughout the whole system
lifecycle ABB can provide a comprehensive patch management
deployment as part of a service or maintenance agreement for
the substation automation system.

Malware protection
MicroSCADA Pro-based systems can also be equipped with
industry-standard malware and intrusion protection solutions,
like virus protection and application whitelisting.

Back up & disaster recovery

Back up and Restore creates safety copies of the most
important files, to be always prepared for the worst. Back up
the files to another drive, a DVD or to a network.

Cyber security for substation automation systems | by ABB | 11

Contact us

ABB Switzerland Ltd

Power Systems

ABB Switzerland Ltd, April 2013. The right to modifications or deviations due to technical progress is reserved.
Bruggerstrasse 72
CH-5400 Baden, Switzerland
Phone: +41 58 585 77 44
Fax: +41 58 585 55 77

ABB Oy
Substation Automation Products
MicroSCADA Pro
P.O. Box 699
FI-65101 Vaasa, Finland
Phone: +358 10 22 11
Fax: +358 10 22 41094

1KHA - 001 149, - SEN PDF - 13.04 - Printed in Switzerland

ABB AG
Substation Automation Products
Remote Terminal Units
P.O. Box 10 03 51
DE-68128 Mannheim, Germany
Phone: +49 621 381 3000
Fax: +49 621 381 7662

ABB AB
Substation Automation Products
Transmission protection and control IEDs
SE-72159 Vsters, Sweden
Phone: +46 21 32 50 00
Fax: +46 21 14 69 18

www.abb.com/substationautomation

Scan this QR code to visit our Substation Automation website

Scan this QR code to visit our Substation Automation Cyber Security website