Centralized cyber security management and monitoring applications
With the introduction of Ethernet based communication protocols in Substation Automation Systems (SAS),cyber security aspects became an additional part of the SAS design.Today cyber security related requirements are part of customer specifications and need to be considered during the complete life cycle of the SAS.Applying cyber security to any system has to be treated as a continuous process.Protecting a system against attacks,managing the system to ensure long term stability and monitoring the system are the focus areas of the described cyber security process.Protecting a SAS starts by using only components that are designed cyber security compliant. Extensive testing of cyber security relevant aspects during the development cycles of all system components such as IEDs are essential. But to harden the individual component is not enough. Likewise in the system design adequate levels of cyber security protection have to be applied. The required protection level can be different for individual stations and should be based on a risk assessment or threat analysis, international standards as well as best practices. The security management can become complex, therefore security managers need software applications to be efficient. A Role Based Access Control System (RBAC) is such an application. It allows to manage the users and their roles from a central point even for many substations in different locations. Last but not least access and other user activity in the different system components need to be monitored. Central user activity logging will collect cyber security related events from the equipment and present this information to the responsible personnel. An efficient and user friendly approach is the key feature also for a monitoring application. Tracking the deployed software versions is not only a maintenance or asset management issue but also an additional way to detect potential attacks. A firmware version of an embedded device should not change without having one of the service engineers assigned a task to do this. Being able to retrieve such version information automatically improves the overall efficiency in the cyber security management. This paper describes the benefits of centralized cyber security related functions such as Role Based Access Control (RBAC), User Activity Logging (UAL) and software version tracking. The paper also highlights how these new tasks can been implemented in an interoperable and user friendly way.
Cyber security process Role Based Access Control (RBAC) IEC 62351 Central User Activity Monitoring Interoperability Tracking deployed software versions Central User Account Management
Michael OBRIST(MO) Frank HOHLBAUM(FH) Peter KREUTZER(PK) Klaus-Peter BRAND(KPB)
ABB Switzerland, Ltd Switzerland
国际会议
国际大电网会议组织保护与自动化专业委员会年度会议暨学术研讨会
南京
英文
1-6
2015-09-20(万方平台首次上网日期,不代表论文的发表时间)