0% found this document useful (0 votes)

283 views63 pages

1MRK511453-UEN E en Cyber Security Guideline REB500 8

The document provides cybersecurity deployment guidelines for the Relion REB500 distributed busbar protection system, version 8.3 IEC, issued by Hitachi Energy. It outlines security measures, user account management, and compliance with relevant standards, aimed at ensuring secure communication and operation of the system. Intended for engineering and maintenance personnel, the guidelines emphasize the importance of establishing secure connections and managing user access effectively.

Uploaded by

cmonterop

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

283 views63 pages

1MRK511453-UEN E en Cyber Security Guideline REB500 8

Uploaded by

cmonterop

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 63

Relion REB500

Distributed busbar protection REB500

Version 8.3 IEC
Cybersecurity deployment guideline

IEC18000572
IEC18000572

Document ID: 1MRK511453-UEN

Issued: September 2024
Revision: E
Product version: 8.3

© 2019 - 2024 Hitachi Energy. All rights reserved

Copyright
This document and parts thereof must not be reproduced or copied without written permission from
Hitachi Energy, and the contents thereof must not be imparted to a third party, nor used for any
unauthorized purpose.

The software and hardware described in this document is furnished under a license and may be used or
disclosed only in accordance with the terms of such license.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(https://www.openssl.org/). This product includes cryptographic software written/developed by: Eric
Young ([email protected]) and Tim Hudson ([email protected]).

Trademarks
ABB is a registered trademark of ABB Asea Brown Boveri Ltd. Manufactured by/for a Hitachi Energy
company. All other brand or product names mentioned in this document may be trademarks or
registered trademarks of their respective holders.

Warranty
Please inquire about the terms of warranty from your nearest Hitachi Energy representative.
Disclaimer
This document contains information about one or more Hitachi Energy products and may include a
description of or a reference to one or more standards that may be generally relevant to the Hitachi
Energy products. The presence of any such description of a standard or reference to a standard is not a
representation that all the Hitachi Energy products referenced in this document support all the features
of the described or referenced standard. In order to determine the specific features supported by a
particular Hitachi Energy product, the reader should consult the product specifications for that Hitachi
Energy product. In no event shall Hitachi Energy be liable for direct, indirect, special, incidental, or
consequential damages of any nature or kind arising from the use of this document, nor shall Hitachi
Energy be liable for incidental or consequential damages arising from the use of any software or
hardware described in this document.

Hitachi Energy may have one or more patents or pending patent applications protecting the intellectual
property in the Hitachi Energy products described in this document. The information in this document
is subject to change without notice and should not be construed as a commitment by Hitachi Energy.
Hitachi Energy assumes no responsibility for any errors that may appear in this document.

All people responsible for applying the equipment addressed in this manual must satisfy themselves that
each intended application is suitable and acceptable, including compliance with any applicable safety or
other operational requirements. Any risks in applications where a system failure and/or product failure
would create a risk for harm to property or persons (including but not limited to personal injuries or
death) shall be the sole responsibility of the person or entity applying the equipment, and those so
responsible are hereby requested to ensure that all measures are taken to exclude or mitigate such
risks.

Products described or referenced in this document are designed to be connected and to communicate
information and data through network interfaces, which should be connected to a secure network. It
is the sole responsibility of the system/product owner to provide and continuously ensure a secure
connection between the product and the system network and/or any other networks that may be
connected.

The system/product owners must establish and maintain appropriate measures, including, but not limited
to, the installation of firewalls, application of authentication measures, encryption of data, installation
of antivirus programs, and so on, to protect these products, the network, its system, and interfaces
against security breaches, unauthorized access, interference, intrusion, leakage, and/or theft of data or
information.

Hitachi Energy performs functionality testing on released products and updates. However, system/
product owners are ultimately responsible for ensuring that any product updates or other major system
updates (to include but not limited to code changes, configuration file changes, third-party software
updates or patches, hardware change out, and so on) are compatible with the security measures
implemented. The system/product owners must verify that the system and associated products function
as expected in the environment in which they are deployed. Hitachi Energy and its affiliates are not
liable for damages and/or losses related to security breaches, any unauthorized access, interference,
intrusion, leakage, and/or theft of data or information.

This document and parts thereof must not be reproduced or copied without written permission from
Hitachi Energy, and the contents thereof must not be imparted to a third party nor used for any
unauthorized purpose.
Conformity
This product complies with the directive of the Council of the European Communities on the
approximation of the laws of the Member States relating to electromagnetic compatibility (EMC Directive
2014/30/EU) and concerning electrical equipment for use within specified voltage limits (Low-voltage
directive 2014/35/EU). This conformity is the result of tests conducted by Hitachi Energy in accordance
with the product standards EN 60255-26 for the EMC directive, EN 60255-1 & EN 60255-27 for
the low voltage directive, and EN 50121-5 for Railway applications (Emission and immunity of fixed
power supply installations and apparatus). The product is designed in accordance with the international
standards of the IEC 60255 series.
1MRK511453-UEN Rev. E Table of contents

Table of contents

Section 1 Introduction........................................................................................................ 4
1.1 This manual................................................................................................................................4
1.2 Intended audience......................................................................................................................4
1.3 Revision history.......................................................................................................................... 4
1.4 Product documentation.............................................................................................................. 4
1.5 Symbols and conventions.......................................................................................................... 5
1.5.1 Symbols....................................................................................................................................5
1.5.2 Document conventions.............................................................................................................6

Section 2 Safety information............................................................................................. 7

Section 3 Security in Substation Automation.................................................................. 8

3.1 General security in Substation Automation................................................................................ 8
3.2 Defense-in-depth strategy.......................................................................................................... 9
3.2.1 Security policies and principles.............................................................................................. 10
3.2.2 Security services.................................................................................................................... 10
3.2.3 Security layers........................................................................................................................ 11
3.2.3.1 Physical perimeter protection............................................................................................ 11
3.2.3.2 Electronic perimeter protection..........................................................................................11
3.2.3.3 Product hardening.............................................................................................................12

Section 4 Secure access.................................................................................................. 13

4.1 Secure system setup................................................................................................................13
4.2 Ethernet ports...........................................................................................................................13
4.2.1 Ethernet ports used................................................................................................................ 13
4.2.2 Data rate of the station bus connection..................................................................................14
4.3 Encryption algorithm.................................................................................................................15
4.4 Additional security controls.......................................................................................................15

Section 5 Design principles............................................................................................. 16

5.1 Account information..................................................................................................................16
5.2 User roles and account permissions........................................................................................ 16
5.3 User accounts.......................................................................................................................... 18
5.3.1 Default user............................................................................................................................ 18
5.3.2 User credentials handling.......................................................................................................18
5.3.3 Recovery of lost passwords................................................................................................... 19

Section 6 Security configuration.....................................................................................20

6.1 Enabling security menu............................................................................................................ 20
6.2 Security options........................................................................................................................20

Section 7 Local user account management................................................................... 21

7.1 Enabling the local user account management......................................................................... 21
7.2 User accounts.......................................................................................................................... 22

Distributed busbar protection REB500 1

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Table of contents 1MRK511453-UEN Rev. E

7.3 User roles................................................................................................................................. 24

7.4 Password policies.....................................................................................................................26
7.5 Exporting and importing user credentials................................................................................. 27
7.6 Change password.................................................................................................................... 27
7.7 Password reset to factory default............................................................................................. 27

Section 8 Central user account management................................................................ 29

8.1 Introduction...............................................................................................................................29
8.1.1 User roles............................................................................................................................... 30
8.2 Limitation in Central user account management...................................................................... 30
8.3 Central user account management using LDAP server........................................................... 30
8.3.1 Enabling CAM........................................................................................................................ 30
8.3.2 Troubleshooting CAM.............................................................................................................32
8.3.2.1 Errors during activation..................................................................................................... 33
8.3.2.2 Server not reachable during runtime................................................................................. 33
8.3.2.3 Local replication failed.......................................................................................................33
8.3.2.4 Certificate failure............................................................................................................... 34
8.4 Central user account management using Active Directory...................................................... 35
8.4.1 Enabling CAM........................................................................................................................ 35
8.4.2 Emergency User Account.......................................................................................................38
8.4.2.1 Introduction........................................................................................................................38
8.4.2.2 Configuration.....................................................................................................................39
8.4.3 Troubleshooting CAM.............................................................................................................40
8.4.3.1 Errors during activation..................................................................................................... 40
8.4.3.2 Server not reachable during runtime................................................................................. 41
8.4.3.3 Certificate failure............................................................................................................... 41
8.4.4 Accessing a Standalone Bay Unit.......................................................................................... 42
8.4.4.1 Use case........................................................................................................................... 42
8.4.4.2 Emergency user configured (recommended).................................................................... 42
8.4.4.3 Emergency user not configured........................................................................................ 42

Section 9 User activity logging........................................................................................43

9.1 View user activity events.......................................................................................................... 43
9.2 External Security log server..................................................................................................... 43
9.3 Event format............................................................................................................................. 45
9.4 Event types...............................................................................................................................45
9.5 User activity events through Syslog......................................................................................... 48
9.6 User activity event during REB500 system start up................................................................. 49

Section 10 Decommissioning the IED...............................................................................50

Section 11 Standard compliance statement.....................................................................51

11.1 Applicable standards................................................................................................................ 51
11.2 IEEE 1686 compliance............................................................................................................. 51
11.3 Compliance Statement IEC 62443-4-2.....................................................................................54
11.3.1 FR 1 - Identification and authentication control (IAC).............................................................54
11.3.2 Use control (UC).....................................................................................................................54

2 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Table of contents

11.3.3 FR 3 - System integrity (SI).................................................................................................... 55

11.3.4 FR 4 - Data confidentiality (DC)............................................................................................. 55
11.3.5 FR 5 - Restricted data flow (RDF).......................................................................................... 55
11.3.6 FR 6 - Timely response to events (TRE)................................................................................ 55
11.3.7 FR 7 - Resource availability (RA)........................................................................................... 56

Section 12 Reporting a cybersecurity vulnerability or incident..................................... 57

Distributed busbar protection REB500 3

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 1 1MRK511453-UEN Rev. E
Introduction

Section 1 Introduction
1.1 This manual GUID-BD3A323B-5DCE-4CE6-8F93-36CDCFC7A276 v3

The cyber security deployment guideline describes the process for handling cyber security when
communicating with the IED. Certification, Authorization with role based access control, and product
engineering for cyber security related events are described and sorted by function.

The main features related to cyber security are:

• UAM - User Account Management

• Role based access control of the device

• CAM - Central Account Management

• LDAP server integration for user account management
• AD Active Directory

• UAL - User Activity Logging

• Logging the activities of user
• Capable to send the user activity events to central log server

• SCA - Secure Configuration and communication Access

• Accessing the device in a secure way from the operator tool

1.2 Intended audience GUID-6900C6AE-B8B4-4718-9849-B68F88A36E47 v1

This guideline is intended for the system engineering, commissioning, operation and maintenance
personnel handling cyber security during the engineering, installation and commissioning phases, and
during normal service. The personnel is expected to have general knowledge about topics related to
cyber security.

1.3 Revision history GUID-C876BDE2-918C-4B31-BA00-4D4A4190BFDC v3

Document revision Date Product revision History

B 2019-07 8.3.0 First release
C 2020-10 8.3.1 Updates and extensions
D 2022-01 8.3.2 Updates and extensions
E 2024-09 8.3.3 Updates and extensions

1.4 Product documentation GUID-91F0A03F-D1AF-4695-A239-1FC87E7459EE v4

REB500 manuals Document numbers

Product guide 1MRK505402-BEN
Application manual 1MRK505399-UEN
Technical manual 1MRK505400-UEN
Operation manual 1MRK500132-UEN
Engineering manual 1MRK511452-UEN
Table continues on next page

4 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 1
Introduction

REB500 manuals Document numbers

Commissioning manual 1MRK505401-UEN
Application manual for bay protection functions 1MRK505403-UEN
Technical manual for bay protection functions 1MRK505406-UEN
Cyber security deployment guideline 1MRK511453-UEN
Communication protocol manual IEC 61850 1MRK511450-UEN
Communication protocol manual IEC 60870-5-103 1MRK511451-UEN
Getting started guide 1MRK505404-UEN

1.5 Symbols and conventions

1.5.1 Symbols GUID-4F7DD10A-DEE5-4297-8697-B8AAB5E3262F v3

The electrical warning icon indicates the presence of a hazard which could result in electrical
shock.

The warning icon indicates the presence of a hazard which could result in personal injury.

The caution icon indicates important information or warning related to the concept discussed
in the text. It might indicate the presence of a hazard which could result in corruption of
software or damage to equipment or property.

The information icon alerts the reader of important facts and conditions.

The tip icon indicates advice on, for example, how to design your project or how to use a
certain function.

Although warning hazards are related to personal injury, it is necessary to understand that under certain
operational conditions, operation of damaged equipment may result in degraded process performance
leading to personal injury or death. Therefore, comply fully with all warning and caution notices.

Distributed busbar protection REB500 5

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 1 1MRK511453-UEN Rev. E
Introduction

1.5.2 Document conventions GUID-37C3ACF4-BD79-43C6-B37E-24B38EE69301 v4

A particular convention may not be used in this manual.

• Abbreviations and acronyms in this manual are spelled out in the glossary. The glossary also contains
definitions of important terms.
• Push button navigation in the LHMI menu structure is presented by using the push button icons.
For example, to navigate the options, use and .
• HMI menu paths are presented in bold.
For example, select Main menu /Settings .
• Signal names are presented in bold.
The signal 21120_EXT_TEST_TRIP can be set and reset via the LHMI Test Trip menu.
• Parameter names and parameter values are presented in italics.
For example, the default value of the Operation setting is Not inverted.
• Section references are presented with the respective section numbers.
For example, see Section 1.5.2 for more details about document conventions.

6 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 2
Safety information

Section 2 Safety information GUID-7CDA9FB7-5CD6-4BD5-A1D2-AAB8E7BF87A3 v3

Dangerous voltages can occur on the connectors, even though the auxiliary voltage has
been disconnected.

Non-observance can result in death, personal injury or substantial property damage.

Only a competent electrician is allowed to carry out the electrical installation.

National and local electrical safety regulations must always be followed.

The frame of the IEDs has to be carefully earthed.

Whenever changes are made in the IEDs, measures should be taken to avoid inadvertent
tripping.

The IEDs contain components which are sensitive to electrostatic discharge. Unnecessary
touch of electronic components must therefore be avoided.

Distributed busbar protection REB500 7

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 3 1MRK511453-UEN Rev. E
Security in Substation Automation

Section 3 Security in Substation Automation

3.1 General security in Substation Automation GUID-D156D1EA-15EF-4700-B6E2-8A316A7C3288 v9

The electric power grid has evolved significantly over the past decade thanks to many technological
advancements and breakthroughs. As a result, the emerging “smart grid” is quickly becoming a
reality. At the heart of these intelligent advancements are specialized IT systems, various control and
automation solutions such as substation automation systems. To provide end users with comprehensive
real-time information, enable higher reliability and greater control; the automation systems have become
ever more interconnected. To combat the increased risks associated with these interconnections,
we offer a wide range of cyber security products and solutions for automation systems and critical
infrastructure.

The new generation of automation systems uses open standards such as IEC 60870-5-103, DNP 3.0
and IEC 61850 and commercial technologies, in particular Ethernet- and TCP/IP-based communication
protocols. They also enable connectivity to external networks, such as office intranet systems and
the Internet. These changes in technology, including the adoption of open IT standards, have brought
huge benefits from an operational perspective, but they have also introduced cyber security concerns
previously known only to office or enterprise IT systems.

To counter cyber security risks, open IT standards are equipped with cyber security mechanisms. These
mechanisms, developed in a large number of enterprise environments, are proven technologies. They
enable the design, development and continual improvement of cyber security solutions specifically for
control systems, including substation automation applications.

Hitachi Energy fully understands the importance of cyber security and its role in advancing the security
of substation automation systems. A customer investing in new Hitachi Energy technologies can rely on
system solutions where reliability and security have the highest priority.

At Hitachi Energy, we are addressing cyber security requirements on a system level as well as on
a product level to support cyber security standards such as NERC-CIP, IEEE 1686, Compliance to
IEC 62443-4-2 and BDEW Whitepaper. We support verified third-party security patches and antivirus
software to protect station computers from viruses and other types of attacks. Cyber security can also
be improved by preventing the unauthorized use of removable media (such as USB memory sticks)
in station computers. We have built additional security mechanisms into our products. Those offer
advanced account management, secure communication, and detailed security audit trails. This makes it
easier for our customers to address NERC CIP requirements and maintain compliance standards.

8 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 3
Security in Substation Automation

Maintenance Center

Security Zone 4

Encrypted
communication

Firewall/ Workstation MicroSCADA Pro SYS600C Remote Cotrol Center

Router / Antivirus Antivirus
VPN
Security Zone 3

Encrypted
communication

Firewall/ Router/
Station LAN
VPN

Security Zone 2 MicroSCADA Pro

SYS600C

IEC 61850-8-1 Station Bus

REB500 Rea dy Star t T rip

REB50 0

Other AB B

Central Unit I ESC 12 Clea r

L
R
3

Me nu
§
Help
Protection
and Control
IEDs

REB500 Process Bus

Ethernet

REB50 0 REB50 0 REB50 0

L L L
R
R R

Perimeter Protection Security Zone 1

19000003-IEC19001101-4-en.vsdx
IEC19001101 V4 EN-US

Figure 1: System architecture for substation automation system

3.2 Defense-in-depth strategy GUID-67FBEAF3-2C5E-4B4B-A50A-3B7E277E7A6E v1

REB500 is a multi application protection IED, with an integrated HMI, suitable for various requirements
of the power system applications.

Hitachi Energy follows a secure development life-cycle for the development of its products and ensures
that design best practices including defense-in-depth are utilized to develop a secure product and with
continuous improvement and updates the security is maintained. However, achieving a secure system
does not end with only a secure product, a defense-in-depth strategy needs to be adopted, which
means that there are multiple techniques which are applied in layers to thwart or delay an attacker. The
important thing about security is to understand that security is a chain consisting of many components.
Which components to implement in the system depends on both which security threats to address and
what is considered as the correct and balanced security of the system.

Distributed busbar protection REB500 9

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 3 1MRK511453-UEN Rev. E
Security in Substation Automation

Physical security and upholding processes that support the organization’s security policies are perhaps
the most important part of system security. Also important is the authorization of users, logging, firewalls,
hardening of the unused ports and the use of secure protocols. Dependence between different security
measures needs to be considered to get the best out of implemented security features. For example, to
get the most out of audit logging you depend on good authorization and the opposite is also true.

Security is a process and not a state. It is about applying fit-to-purpose, cost-effective mechanisms and
at each point in time throughout the process. A layered defense helps to mitigate the threats.

3.2.1 Security policies and principles GUID-ACE4C30E-EB49-4E35-9EE7-1E264337A0AA v1

Security policy is a set of rules and practices that specify or regulate how a system or organization
provides security services to protect sensitive and critical system resources.

Principles and decisions, rules or good practices that are applied when designing systems. Hitachi
Energy’s products and solutions use certain specific security principles and best practices as a basis
for providing system security. One important principle is the defense-in-depth which calls for the
employment of security mechanisms in layers. The defense-in-depth strategy is summed up by the term
Belt and Braces, that is, if one mechanism fails other mechanisms are remaining to provide adequate
protection.

Another fundamental principle is the least privilege which states that an entity is only given the privilege
needed to perform the tasks and devices do not run any unnecessary services.

3.2.2 Security services GUID-5E73F408-44C5-42BA-B584-D7C89810FAB4 v1

Security service is a fundamental concept in product or system security, The service meets the
security objectives identified by the threat-and-risk analysis. Security services are implemented by
means of security functions and mechanisms. A confidentiality security service, for example, might
be implemented using HTTPS with encryption as the security function. This, in turn, makes use of
encryption mechanisms.

The six most important security services are the following:

1. Accountability procedures are used to keep track of who does what and when; it goes hand in
handwith non-repudiation providing evidence on who did what. Accountability functions track the
usage of security services and network resources. Accountability logs facilitate recovery and fault
discovery.
2. Authentication is used to confirm the identities of communicating entities (person, device, service
or application) and ensures that the entities are not masquerading or attempting unauthorized replay
of previous communication.
3. Authorization protects against unauthorized use of network resources. Access control ensures
that solely authorized personnel or devices have access to system components (products), stored
information, information flows, services and applications. The three-security services Accountability,
Authentication, and Authorization are sometimes bundled together and abbreviated AAA.
4. Availability means that authorized entities have access to system components, stored information,
information flows, services and applications regardless of incidents that affect the system.
5. Confidentiality goes hand in hand with Privacy and entails protecting data from unauthorized
disclosure. Data confidentiality ensures that data content cannot be understood by unauthorized
entities. Encryption, access control lists, and file permissions are methods frequently used to protect
data confidentiality.
6. Integrity ensures the correctness or accuracy of data. The data is protected against unauthorized
modification, deletion, creation, and replication. Integrity features might also indicate unauthorized
activities.

10 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 3
Security in Substation Automation

3.2.3 Security layers GUID-D45DE108-F3B3-4FA4-BA11-1872CCB71914 v1

The different security layers, in the integration environment of REB500 and the product itself:

• Physical perimeter protection: measures to prevent attacks via physical access to the product.
• Electronic security perimeter protection: measures to prevent attacks entering via remote access
channels.

3.2.3.1 Physical perimeter protection GUID-23B55D1C-304D-4627-B5C0-AC6EEFA86E00 v1

Physical security zones are used to limit access to a particular area because all the systems in that
area require the same level of trust of their human personnel, such as operators, and maintainers. For
physical zones, locks on doors or other physical means protect against unauthorized access. In general
words, the boundary is the wall or cabinet that restricts access. This physical zone should have physical
boundaries commensurate with the level of security desired and aligned with the asset owner's physical
security plans. It is expected that only authorized people are allowed into the asset owner site control
zone, and unauthorized people are restricted from entering in the zone.

The asset owner must ensure the physical security of all cybersecurity-critical assets. This means a
physical security perimeter must be in place around all cyber-security-critical assets and all physical
access points to those assets must be known, documented, identified, and controlled. The access to the
substation as well as to the rooms is in the scope of the asset owner. And even though all the panels
delivered from the system integrator are equipped with facilities to add locks, the handling of the locks
and keys is in the responsibility of the assert owner.

3.2.3.2 Electronic perimeter protection GUID-2DD36465-E86E-439B-A664-D8C8AF7D6122 v1

The electronic perimeter protection is implemented using different cybersecurity features in the
substation.

1. Protect against threats to control system:

• Secure communication
• Perimeter protection
• Malware protection

2. Monitor security and health activities:

• Logging
• Alarming
• Reporting
• Auditing

3. Manage critical activities, such as configurations, changes, patches:

• Patch management
• Accounts
• Authentication

Distributed busbar protection REB500 11

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 3 1MRK511453-UEN Rev. E
Security in Substation Automation

3.2.3.3 Product hardening GUID-36AE1CEB-1A1D-48A5-8D62-4094D3225C5B v1

REB500 product support security features to support defense-in-depth strategy which are described in
different chapters of the security deployment guideline.

The main concepts/features include:

Accountability, authentication, and authorization

• REB500 product support both local account management and integration with a central account
managementserver. In case of central account management, the authentication is provided by the
central account management whereas authorization is managed locally.
• REB500 product supports user authentication based on usernames and passwords.
• REB500 product supports user roles and permissions, enabling least-privileges configuration for
users. Security relevant user operations are logged as security events.
• REB500 product supports configuring complex password policies.

Confidentiality, integrity, and availability

• The remote access to REB500 is via:

• Ethernet interface on Local HMI mounted on the front panel via the HMI500 operator and
engineering software.
• LAN connection to REB500 Station bus via the HMI500 operator and engineering software (remote
HMI).
• A secure webserver via HTTPS.

• REB500 product supports encrypted communication using protocols like HTTPS, FTPS and IED
configuration protocol via TLS.
• REB500 product support an integrated firewall, which supports deny-by-default and derives its settings
from the device configuration.
• Sensitive data is stored using OS secure "vault".
• REB500 product implements denial of service functionality to limit CPU load, which does not allow the
primary functionality of REB500 to be compromised.

Maintaining defense-in-depth strategy

For maintaining the REB500 product defense-in-depth strategy, it is essential that relevant updates are
done to device.

Customer should periodically check for updates related to security and ensure the updates are installed
as soon as they are available.

To subscribe to the latest cybersecurity alerts and notifications for Hitachi Energy products here:

https://www.hitachienergy.com/products-and-solutions/cybersecurity/alerts-and-notifications/subscribe

12 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 4
Secure access

Section 4 Secure access

4.1 Secure system setup GUID-8A6BF582-A631-453C-9C3B-2D56FE7C9864 v2

Access to REB500 is secured by user authorization, protecting the access through HMI500 Operator
tool and encrypting communication channels used for configuration purposes.

HMI500
TCP/IP Remote

Central Unit
REB 50 0

Rea dy Star t T rip

I ESC
12

L
R
3

Me nu
Clea r

Help TCP/IP

HMI500
REB500 Processbus
Local
REB 50 0 REB50 0

Rea dy Star t T rip Rea dy Star t T rip

Bay
Units I ESC
12
3 Clea r

Me nu

L
R
Help
I ESC
12

L
R
3

Me nu
Clea r

Help
TCP/IP

HMI500
Local
13000033-IEC18000314-3-en.vsdx
IEC18000314 V3 EN-US

Figure 2: REB500 secure system overview

4.2 Ethernet ports

4.2.1 Ethernet ports used GUID-3D6BF288-B5E6-408B-B67F-3ADB3160B785 v3

To setup an Ethernet firewall, Table 1 summarizes the Ethernet ports used.

Table 1: Status of ports in delivery status

Port Protocol Connector Default Service Comment

22 TCP X0, X1, X1000, X1001, X1002, X1005 Open SFTP Firmware update
67 UDP X0 or LHMI connector Open DHCP Server
80 TCP X1001, X1002 Closed HTTP Embedded Web Server
102 TCP X1001, X1002 Closed IEC 61850 Communication protocol
123 UDP X1001, X1002 Closed SNTP Time Synchronization
443 HTTPS X1001, X1002 Closed HTTPS Embedded Web Server
Table continues on next page

Distributed busbar protection REB500 13

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 4 1MRK511453-UEN Rev. E
Secure access

Port Protocol Connector Default Service Comment

8401 TCP X1001, X1002 Open HMI (DAC protocol) Remote HMI500
161 UDP X1001, X1002 Closed SNMP Diagnostic
8401 TCP X0 or LHMI connector Open HMI (DAC protocol) HMI500

Ports that are marked as Closed, by default, can be opened by activation of software features in the
product configuration (for example, IEC 61850 station communication).

4.2.2 Data rate of the station bus connection GUID-CC14750D-5E51-42BB-BEFC-D4D3F9B630C5 v3

The port on the switch which is connected to REB500 station bus (CU-connector X1001/1002) should be
rate limited to 600 packages per second.

Rate limitation to
600 packages
per second Rea dy Star t T rip
REB 500

Central Unit I ESC

1
Clea r
2
3

Me nu Help

REB 500 REB 500

Rea dy Star t T rip Rea dy Star t T rip

1 1
I ESC 2 Clea r I ESC 2 Clea r
3 3

Me nu Help Me nu Help

R R

L L

Bay Unit Bay Unit

17000044-IEC18000628-4-en.vsdx
IEC18000628 V4 EN-US

Figure 3: Package rate of station bus connection (switch)

14 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 4
Secure access

If the package rate exceeds the limit of 2000 packages per second, this can have an impact
on the REB500 process bus and thereby lead to a deactivation of the Busbar Protection
function. It is recommended to verify this package rate in actual operation of the system-
communication.

4.3 Encryption algorithm GUID-364EEA27-64F8-43DA-9D07-A327A2460A79 v1

Encryption algorithms are used to encode the user credentials file. The encryption algorithms and hash
functions are:

• AES (Advanced Encryption Standard), a block cipher based on a symmetric key algorithm to encrypt
and decrypt information. The effective key length used is 128 bits.
• SHA1 (Secure Hash Algorithm), a cryptographic hash function with a 160 bit hash value

4.4 Additional security controls GUID-0FFFF4B3-AD27-41AF-A387-3DC4DF9CB7D2 v1

Communication protocols and TCP port numbers such as IEC 61850 is well-known by port scanners and
receive more connection attempts than other port numbers. IEC 61850 has no built-in security features.

Unauthenticated and plain-text network communications protocols are a security risk. Each open
TCP/UDP port provides a possible access path for an attacker that can be used to send exploits and
receive data. It is the responsibility of the end user to mitigate these risks, for example by following such,
but not limited to, recommendations:

• Design a segregated network and recognize the network perimeter, zones and conduits. Do not mix
Office/Corporate LAN with Industrial Control System LAN.
• All unneeded applications and services (TCP/UDP ports) should be removed/stopped.
• Use firewalls to limit access to machines and ports.
• Monitor the network to detect unexpected traffic.
• Encrypt communication by using IPSec/VPN tunnels between machines if there is no built-in security
mechanism.
• Use the latest Hitachi Energy product versions to get new security enhancements.

Distributed busbar protection REB500 15

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 5 1MRK511453-UEN Rev. E
Design principles

Section 5 Design principles GUID-CBA68D6D-4394-4119-988E-5CD18B9A4CF3 v1

The User Account Management outlines the functionality to administrate the persons that access the
REB500. Its key features are:

• User authentication based on roles and permissions

• Support of password policies
• Secure transmission of passwords from HMI500
• Secure storing of passwords on file system
• Import and Export of user credentials

5.1 Account information GUID-58405492-34AD-4CEF-8033-0E1BC4E977D1 v1

There are user accounts, account permissions and user roles:

• The user account represents a person that should access the REB500. The person is identified by a
user name and a password.
• Account permissions are actions that a user could perform and requires authorization.
• User roles are groups of account permissions that could be assigned to users.

The relationship between user, role and permission is shown in the figure below.

User n n Account
User Role
Account Permission
IEC18000313 V2 EN-US

Figure 4: Relationship user, role and permission

A user role can contain several permissions and a user account can be assigned to several user
roles. The user credentials are stored in a file on the flash file system. The permissions available are
predefined and cannot be changed. The users, roles and assignments can be changed according to the
needs.

When operating with central account management, the roles are fixed by the standard.
Mapping of permissions remains possible.

5.2 User roles and account permissions GUID-B7FC0D63-7DC5-4E37-A14E-4BD6F9934208 v3

The user roles that group several account permissions could be changed according to the needs. Table
2 lists the predefined user roles at delivery:

Table 2: Default user roles

Default User Role Description

Viewer Permissions only allowing read-only use of the product
Operator Permissions allowing to operate the product
Installer Permissions allowing the modification of product
Engineer Permissions allowing changing protection parameters on product
Table continues on next page

16 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 5
Design principles

Default User Role Description

Administrator Permissions allowing the security administration and audit of product
(superset of SECAUD, SECADM, RBACMNT)
SECAUD Permissions allowing the security audit of product
SECADM Permissions allowing the security administration of product
RBACMNT Permissions allowing the change of role assignments

The account permissions available are predefined. Table 3 shows all available permissions and their
mapping to default roles.

The system boundary for the REB500 security is the access to the actual device and the
used communication channels. Concepts such as role based permissions are available only
during active access to the device and do not cover the behavior of HMI500 or an externally
stored setfile, that is, access to menus and changes are possible while they do not require an
active interaction with the device.

Table 3: Permissions and default mappings to user roles

Feature Permissions

Viewer

Operator

Installer

Engineer
Administrator

SECAUD

SECADM

RBACMNT
View read Eventlist@REB500 ● ● ● ●
readMeasurements@REB500 ● ● ● ● ● ●
readDisturbanceRecords@REB500 ● ● ● ●
Configuration readConfiguration@REB500 ● ● ● ● ● ● ● ●
writeConfiguration@REB500 ● ● ● ● ●
deleteDatabase@REB500 ● ●
Restart IED restartSystem@REB500 ● ● ●
Reset Indication resetTripRelay@REB500 ● ●
Test IED forceInOutputs@REB500 ● ●
testSequencer@REB500 ● ●
startDebugMode@REB500 ● ●
Time Modification Time@REB500 ● ● ● ●
Firmware firmwareUpgrade@REB500 ●
Modification
Security Audit audit@REB500 ● ● ●
Factory Reset SecurityOptions@REB500 ● ● ●
User Access manageUsers@REB500 ● ● ●
Management
SecurityOptions@REB500 ● ● ●
Security Log SecurityLogServer@REB500 ● ● ●
Others writeDisturbanceRecords@REB500 ● ●
clearEventlist@REB500 ● ● ●
readTraceability@REB500 ● ● ●
closeAllSessions@REB500 ● ●

The following permissions are implicitly granted to each user:

• changeOwnPassword@REB500
• authenticateSession@REB500
• getDeviceInfo@REB500
• stopDebugMode@REB500

Distributed busbar protection REB500 17

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 5 1MRK511453-UEN Rev. E
Design principles

Administrators can define new roles. The following permission dependencies exist:

• If a write permission is assigned to a user role, the corresponding read permission needs to be
assigned:
• writeConfiguration requires readConfiguration
• writeDisturbanceRecords requires readDisturbanceRecords
• clearEventlist requires readEventList

• deleteDatabase requires restartSystem

• readMeasurements is required to run the REB500 test mode
• SecurityOptions and ManageUsers are required to enable the security menus in the HMI500 Operator

To access the WebHMI, users must have the following permissions:

• readEventlist@REB500
• readMeasurements@REB500
• readConfiguration@REB500
• clearEventlist@REB500
• readTraceability@REB500

Performing a password reset in the maintenance menu or switching from local to Centralized
user account management or vice versa will reset the Permissions to user roles mappings to
the default mapping.

5.3 User accounts GUID-56967A6A-F4D6-4F73-AA96-8FD18F90C44E v2

The user account representing a person is identified by a user name and a password. User name and
password are free of choice within defined rules. See Section 7.4 for detailed information about the
explicit and implicit rules for passwords. The maximum number of different user accounts is 20.

5.3.1 Default user GUID-0574FEBF-97A7-4041-9180-46A1654B97A6 v2

In delivery status, one user account is predefined. The default user will be a member of all default roles.

Default user name: Admin

Default password: REB500Admin

It is strongly recommended to change the default user name and password.

5.3.2 User credentials handling GUID-CE1F7FB4-C39B-4F11-820A-C59525BEC202 v2

Sophisticated protection schemes are implemented to inhibit reading of the user credentials information.

User credentials can also be exported and imported for re-use.

18 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 5
Design principles

5.3.3 Recovery of lost passwords GUID-12A247C6-D104-4367-94C8-B44EA1B2276E v2

Lost passwords cannot be recovered. If a user loses the password, then a new password can be reset
by an administrator. If an administrator loses the password, see Section 7.7.

Distributed busbar protection REB500 19

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 6 1MRK511453-UEN Rev. E
Security configuration

Section 6 Security configuration GUID-EFE18D4B-AAAD-4A9C-BD2C-390D8268BF45 v1

All security-relevant configuration parameters are defined for the whole REB500; there is no possibility
to configure BUs individually.

6.1 Enabling security menu GUID-D58BADBF-936A-4E85-ADA2-623875B18EE0 v2

The menus Tools /User account management and Tools /Security options are disabled by default. It
can be enabled by an administrator under Tools /Settings .

The menus User account management and Security options are only available in Online
mode. To enable the security menu, the button Apply must be clicked after selecting Enable
security menu.

6.2 Security options GUID-D325ACB4-B898-46D5-884C-09C2EBAC70A2 v2

The menu Tools /Security options allows enabling or disabling of:

• User account management: If enabled all functionality is accessed based on roles. Otherwise,
everyone has access to all functionalities. A choice can be made between local and central account
management.
• Password reset to factory default: If enabled all user account management can be reset to factory
defaults on the local HMI.
• LHMI menu clear: If enabled the menu Clear is available on the local HMI.

If password reset to factory default is disabled, then there is no way to access the device in
case the administrator password is lost.

If LHMI menu clear is disabled, then no modification are possible in the maintenance menu.

Changing any of these security options require a full system restart.

20 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 7
Local user account management

Section 7 Local user account management GUID-A6158437-C296-4760-8AB9-A0043D9FFB05 v1

The user account management Tools/Security account management /Manage users is accessible
only to users with permission manageUsers@REB500 and SecurityOptions@REB500.

By default, the Administrator role has these permissions. The following operations are available:

• Add new or delete existing user accounts

• Change user account passwords
• Add new or delete existing user roles
• Change assignments of user accounts and permissions to user roles
• Export and import user credentials

7.1 Enabling the local user account management GUID-8CB1AF70-C8D2-463B-AC55-A6A470C9DE96 v3

To enable the local user account management, enable user account management in the Tools /Security
Options menu with the selection of Local.

23000007-IEC19001119-1-en.vsdx
IEC19001119 V1 EN-US

Figure 5: Security options menu (local UAM)

Enabling the user account management in local mode from the state of having no user
account management enabled, does not require a setfile download.

If user account management was previously used in central mode, a setfile download is
required to reflect the change in settings.

Distributed busbar protection REB500 21

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 7 1MRK511453-UEN Rev. E
Local user account management

7.2 User accounts GUID-FA0ECEEC-AD11-4B08-9A22-A82F28BCDFA8 v2

In the first tab of the user account management, details of user accounts are available. By selecting a
user in the list, the assigned roles for the user can be seen. Also, the user could be added, user details
could be changed or the user could be deleted.

IEC18000629 V2 EN-US

Figure 6: User account management

Table 4: Items in User accounts tab in User account management dialog box

Item Description
Users List of available User names.
Assigned roles List of roles assigned to a selected user under “Users”
Add user Opens a dialog for adding users (Figure 13)
Delete user Selected user is deleted including all the user credentials like assigned roles,
password.
Change password Opens a dialog for changing the selected user’s password (Figure 21)
Change assignment Opens a dialog for changing the assigned roles for the selected user. (Figure 20)

22 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 7
Local user account management

13000027-IEC18000630-1-en.vsdx
IEC18000630 V2 EN-US

Figure 7: Add user

Table 5: Items in Add user and change role dialog boxes

Item Description
User Name 1 to 32 characters (letters, numbers, underscore and blank)
Password As defined in password policy. Case-sensitive.
Confirm password Re-enter same value as for password.
Roles List of defined roles for the system.
Assigned roles List of roles assigned to that user.
>> Selected role is assigned to user
<< Selected assigned role is removed from user.

Distributed busbar protection REB500 23

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 7 1MRK511453-UEN Rev. E
Local user account management

7.3 User roles GUID-B0CF084F-92DD-4754-9029-CAFBFD3CF3B0 v3

In the second tab of the user account management, user roles and their details are defined. The
tab shows in a list the names of the existing user roles. By selecting a role in the list, the assigned
permissions of the role could be seen. Also, the role could be added, role permissions could be
modified, or the role could be deleted.

13000028-IEC18000631-1-en.vsdx
IEC18000631 V2 EN-US

Figure 8: User roles

Table 6: Items in User roles tab in User account management dialog box

Item Description
Roles List of available roles
Assigned permissions List of permissions assigned for the selected role
Add role Opens a dialog for adding a role.
Delete role Deletes the selected role including the assigned permissions for that role.
Be careful, there is no security query when deleting a user role and a once
deleted role cannot be restored
Change permissions Opens a dialog for changing the assigned permissions for the selected role.

24 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 7
Local user account management

13000029-IEC18000632-1-en.vsdx
IEC18000632 V2 EN-US

Figure 9: Add role

Table 7: Items in Add role and change permissions dialog boxes

Item Description
Role Name 1 to 32 characters (letters, numbers, underscore and blank)
Session timeout Defines the period of inactivity after which a user of this role is logged out.
(applicable when item “Disable” is unchecked). 1 to 1440 minutes, default 15
minutes.
Disable If checked, the session timeout is disabled, that is, the user’s session
belonging to this role will never expire. Otherwise, sessions of users
belonging to this role will expire based on the value in the Session timeout
field.
Permissions List of defined permissions.
Assigned permissions List of permissions assigned to this role.
>> Assigns selected permission to role.
<< Removes selected assigned permission is from role.

If Disable is checked a session will last forever in case of communication interruptions

between HMI500 Operator and IED. The disabling of session timeout is not recommended.

Distributed busbar protection REB500 25

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 7 1MRK511453-UEN Rev. E
Local user account management

7.4 Password policies GUID-7F1596F3-38FD-4AE6-8F97-364BC5FF4227 v2

The password policies define rules that a password must fulfill to get accepted. They can be managed
via Tools/Security account management /Manage policies.

Password policies are only available in local user account management. When using central
user account management, password policies are handled by the managing server.

Managing a list of password history which prevents using previous passwords when
changing passwords, is only available in a central user account management system.

13000030-IEC18000633-1-en.vsdx
IEC18000633 V2 EN-US

Figure 10: Manage policies

To enable the password policies the check box Enforce password policies must be checked. Changes
in the password policies with regards to the password length or password characters are considered for
new passwords only. That means existing passwords are not checked against these policies and the
passwords are still valid and usable. If the Password lifetime is enabled, then change in password
lifetime has immediate effect on the existing passwords also. To be sure that all passwords are
compliant the passwords must be changed after defining a password policy.

REB500 supports passwords with a maximum length of 32 characters.

26 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 7
Local user account management

Table 8: Items in Manage policies dialog box

Item Description
Enforce password If enabled password policies are enforced when creating passwords.
policies Otherwise, users can choose any password without any rules.
Minimum password 6 to 32, default 6.
length
Password lifetime The number of days after which the password expires. 1 to 1826 days,
default 365.
Password must contain If any of the options below is checked, the password must contain at least
one character of the character set defined by that option.
Lower case characters a to z
Upper case characters A to Z.
Numeric characters 0 to 9
Special characters Any other character than the ones from the other options.

7.5 Exporting and importing user credentials GUID-1EE01FF2-CFD4-42FD-AC09-78065DD79589 v1

User credentials can be exported for reuse via Tools/Security account management /Export user
credentials. The information is exported in a binary format and cannot be viewed. The exported user
credentials can be imported on another device by using Tools/Security account management /Import
user credentials. In this way, user credentials created in one device can be reused in the other.

7.6 Change password GUID-D12DE1C1-050F-43E9-A21B-1BEA17284A9E v1

Users can change their own password: Tools /Change password. In the dialog box, the password must
be typed two times to eliminate, unintentional typing errors. When clicking OK, the password is checked
against the password policies.

7.7 Password reset to factory default GUID-4FBF46F5-45ED-438D-A369-24BD52998959 v2

If the administrator loses the password, it can be reset to factory default manually using the local HMI.
This is only possible if the password reset to factory default has been enabled in Security Options.

After password reset only, the default user with the default password will be available. All
other users are deleted. An alarm is triggered and logged.

The reset procedure via LHMI maintenance menu is as follows:

1. Switch on the central unit.

2. As soon as Press <ENTER> appears on the display, press .

3. Navigate to the menu item Password Reset and press .

4. Confirm OK with .
5. In the main maintenance menu, select Exit to leave this menu as well.
6. The central unit will start up with factory default.

Distributed busbar protection REB500 27

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 7 1MRK511453-UEN Rev. E
Local user account management

Another case where a password reset to factory default is recommended is a downgrade of

the firmware.
It is recommended to perform a password reset to factory default after a downgrade from a
more recent REB500 firmware version to a previous version, for example, for a downgrade
from version 8.3.3.0.x to 8.3.2.0.92.

A password reset to factory default will recreate the device's SSH keys used for the FW
update via SFTP (SSH File Transfer Protocol used by the FW update tool).
If all used SSH keys must be recreated the password reset must be executed on each
individual REB500 device, that is, on the Central Unit and all Bay Units.
The start and end of the key recreation can be observed in the extended event list:

• SCA Minor Error Event number 1 - the recreation of the SSH keys has been started.
• SCA Minor Error Event number 2 - the recreation of the SSH keys has ended, staring from
this time the new keys are in use.

28 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 8
Central user account management

Section 8 Central user account management GUID-4A47F931-C521-423B-8589-497A916131F1 v1

8.1 Introduction GUID-955B1230-35AF-4738-A059-9083092C883D v1

Central user account management allows easy management of access control across all devices
by maintaining all user credentials on central servers, according to IEC 62351-8 pull model. When
configured and enabled, all access requests are validated by this central architecture. In case of failure,
a local replica will be used for authentication when the central server is a LDAP server or an emergency
user when the central server is Active Directory. The following figure shows a simplified representation of
this setup.

Central Server

RE B 5 0 0

Ready St art Tr p
i

Central Unit I ESC

1
2
3
Cl ear

Menu Hel p

R
L

RE B 50 0 RE B 5 00

Ready St art Tr p
i Ready St art Tr p
i

1 1
I ESC 2 Cl ear I ESC 2 Cl ear
3 3

Menu Hel p Menu Hel p

R R
L L

Bay Unit Bay Unit

14000060-IEC18000356-3-en.vsdx
IEC18000356 V3 EN-US

Figure 11: General CAM setup

Distributed busbar protection REB500 29

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 8 1MRK511453-UEN Rev. E
Central user account management

8.1.1 User roles GUID-5DC377BB-9F3E-427D-BEAE-16649EF30E67 v1

Unlike in the local user account management, CAM does only support the roles specified by IEC 62351
plus the Hitachi-specific role of Administrator. It is therefore not possible to add custom or remove roles.

It is, however, possible to modify the roles-to-permission mapping in the Tools /Security account
management /Manage settings /User roles /Change permissions . For detailed information on user
permissions, see Section 5.2.

8.2 Limitation in Central user account management GUID-1C964E8C-C4B9-4274-9AF7-22A83BD0CE71 v1

User name and password should contain only ASCII (American Standard Code for Information
Interchange) characters.

This is ensured when using the local user account management (See Section 7), since the HMI500
software only allows the use of certain characters for user and password. If users account management
is managed centrally, this is beyond the control of the REB500, respective der HMI500-Software.

The use of characters which do not correspond to the ASCII character set can lead
to undesired effects when processing the user name for example, Syslog (User Activity
Logging).

8.3 Central user account management using LDAP server GUID-99955BE3-CAB7-4EE4-90CB-DE83D4C578AC v1

8.3.1 Enabling CAM GUID-8C73E8B6-66E7-4EFB-A721-F8EFE17C3B47 v1

The following prerequisites are necessary to use CAM:

• At least one LDAP server (for example, Hitachi SDM600) is connected to the station-bus
• A user has been created to allow LDAP replication (name same as technical key of device)
• A device certificate (PKCS12-file) for the REB500 has been issued.

To enable CAM, the following steps have to be taken:

1. Set user account management to CAM in security options.

2. Configure CAM in the corresponding dialog box.
3. Download the device certificate (PKCS12-file).
4. Download the configuration.

CAM is enabled by means of Tools /Security Options dialog (see Section 6).

30 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 8
Central user account management

23000002-IEC19001114-1-en.vsdx
IEC19001114 V1 EN-US

Figure 12: Security options menu (CAM LDAP enabled)

Due to the fact that configuration parameters are necessary, a setfile download is required in
case of switching from/to central account management.

Custom role-permission mappings and UAM credentials are always reset when switching
from UAM to CAM and vice-versa.

The additional CAM parameters are set in Tools /Security Account Management /CAM settings.

14000062-IEC18000635-3-en.vsdx
IEC18000635 V3 EN-US

Figure 13: Manage CAM settings

Distributed busbar protection REB500 31

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 8 1MRK511453-UEN Rev. E
Central user account management

Table 9: Items in CAM settings dialog box

Item Description
LDAP server 1/2 protocol Protocol to use to access server. Start TLS or LDAPS
LDAP server 1/2 address The IP-address of the server
LDAP server 1/2 port The TCP port
StartTLS-protocol ➔ port number 389
LDAPS-protocol ➔ port number 636
Base DN Base DN (Distinguished name) for querying the LDAP server
Replication interval Interval for synchronizing the local CAM replica with the LDAP server, set in
seconds
Replication group LDAP replication group on the server

The CAM settings of Table 9 can be imported via Tools /Security Account Management /CAM
settings /Import Settings.

When using Hitachi SDM600 as a CAM server, the corresponding configuration XML file can
be created there.

The device certificate (PKCS12 files) can be downloaded via Tools /Security account
management /CAM settings /Download Device Certificate . The path and password for the file have
to be specified.

When using Hitachi SDM600 as a CAM server, the corresponding certificate can be created
there.
For support of other LDAP servers, please refer to the user documentation of that product.

Due to the fact that configuration parameters are necessary to be changed when using CAM,
a setfile download is required to finish enabling CAM.

Successful CAM activation results in:

• No Alarms on the LHMI

• No CAM events in the system event-list
• No security alarms

The application note 1KHL020828Aen Distributed busbar protection REB500 CAM Activation
and Usage_Tips and Troubleshooting provides additional information and guidelines to the
cyber security deployment guideline to configure the activation and usage of the central user
account management on REB500 as well as for the troubleshooting in this context.

To disable CAM, local or no user account management has to be chosen in the Tools /
Security Options menu. A setfile download is required to complete this operation.

8.3.2 Troubleshooting CAM GUID-4AB3FB48-4FF6-49B8-A6B3-98C1A31AC5EB v1

This application note 1KHL020828Aen Distributed busbar protection REB500 CAM

Activation and Usage_Tips and Troubleshooting provides additional information and
guidelines for the troubleshooting.

32 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 8
Central user account management

8.3.2.1 Errors during activation GUID-7D7CFCE5-97CC-4467-86C4-ECD71C4A3994 v1

Symptoms:

• LHMI Alarm CAM enabling failed and CAM server not available
• System events CAM Minor_Error 001 and 002
• Security event 3810 CAM server communication failed

Probable causes:

• Wrong configuration parameters (for example, LDAP address…)

• Server(s) not reachable during activation

Solution:

• Check REB500 CAM configuration parameters.

• Check if servers are reachable and the REB500 is connected.
• Restart CU

If the initial activation of CAM failed, the CU reverts to local UAM. Access to the device is
possible using the local default credentials.

8.3.2.2 Server not reachable during runtime GUID-8C5C6663-6CFF-4292-9038-48062A927A92 v1

Symptoms:

• LHMI Alarm: CAM Server not available

• System Event: CAM Minor_Error 002
• Security Event: 3810 CAM Server communication failed

Probable cause:

• Server(s) not reachable

Solution:

• Check if LDAP server is up and running.

• Check REB500 connection.

Authentication will continue to work based on the latest local LDAP replica. After
reconnection with the server(s), authentication will again run via the LDAP server and the
local replica will be updated.

8.3.2.3 Local replication failed GUID-EA581FEB-8EE0-490D-B264-85D5F1A447A7 v1

Symptoms:

• LHMI Alarm: CAM Replication failed

• System Event: CAM Minor_Error 003
• Security Event: 3810 CAM Server communication failed

Distributed busbar protection REB500 33

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 8 1MRK511453-UEN Rev. E
Central user account management

Probable cause:

• Server(s) not reachable

• Server configuration has changed

Solution:

• Check if LDAP server is up and running.

• Verify with system administrator that LDAP settings are still valid.
• Check REB500 connection.

8.3.2.4 Certificate failure GUID-CFD00F46-85B3-4D6E-8454-1A732890F619 v1

Symptoms:

• LHMI Alarm: CAM Certificate Failure

• System Event: CAM Minor_Error 004
• Security Event: 3810 CAM Server communication failed.

Probable cause:

• Device certificate has expired or is not yet valid.

• No device certificate loaded to the system.
• Server certificate invalid
• …

Solution:

• Verify with system administrator that LDAP settings and certificates are still valid.
• Replace invalid device and/or server certificate.

Authentication will continue to work based on the latest local LDAP replica. After replacing
the certificates, the authentication will again run via the LDAP server and the local replica will
be updated.

34 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 8
Central user account management

8.4 Central user account management using Active Directory GUID-BA6CB9D8-AD1F-48B4-B1B1-0F4A5FAEAF08 v1

8.4.1 Enabling CAM GUID-7A335ED7-3481-4BCD-AFF2-E4B7712B7157 v1

The following prerequisites are necessary to use CAM with AD:

• At least one AD server is connected to the station-bus.

• A device certificate (PKCS12-file) for the REB500 has been issued.

To enable CAM, the following steps have to be taken:

1. Set user account management to CAM AD in security options.

2. Configure CAM in the corresponding dialog box.
3. Download the device certificate (PKCS12-file).
4. Import the AD groups file.
5. Configure the AD groups to role map.
6. Optional but highly recommended: Configure emergency user account.
7. Download the configuration.

CAM AD is enabled by means of Tools /Security Options dialog (see Section 6).

23000003-IEC19001115-1-en.vsdx
IEC19001115 V1 EN-US

Figure 14: Security options menu (CAM enabled)

Due to the fact that configuration parameters are necessary, a setfile download is required in
case of switching from/to central account management.

In case the setfile download is to a system with empty database, then a manual reboot is
required after the download.

Custom role-permission mappings and UAM credentials are always reset when switching
from UAM to CAM and vice-versa.

Distributed busbar protection REB500 35

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
Section 8 1MRK511453-UEN Rev. E
Central user account management

The additional CAM parameters are set in Tools /Security Account Management /Manage settings.

23000004-IEC19001116-1-en.vsdx
IEC19001116 V1 EN-US

Figure 15: Manage CAM AD settings

Table 10: Items in CAM AD settings dialog box

Item Description
AD server 1/2 protocol Protocol to use to access AD: Start TLS or LDAPS
AD server 1/2 address The IP-address of the AD server
AD server 1/2 port The TCP port
StartTLS-protocol ➔ port number 389
LDAPS-protocol ➔ port number 636
AD server DNS-name 1/2 DNS-name to validate the AD server certificate
Base DN Base DN (Distinguished name) for querying the AD server
User Principal Suffix Part of the AD user principal name used to authenticate a user

The device certificate (PKCS12 files) can be downloaded via Tools /Security account
management /CAM AD settings /Download Device Certificate. The path and password for the file
have to be specified.

Make sure the device certificate you create has:

• The device name in the Common Name

• IP address(es) in the Subject Alternate Name (SAN)

Configuration of the AD groups to role map:

Every user that shall authenticate to the device must be assigned one or more IEC 62351 roles. Since in
AD users are organized in groups, the group names must be mapped to IEC 62351 roles. This is done in
the Tools /Security Account Management /AD groups to role map tab.

36 Distributed busbar protection REB500

Cybersecurity deployment guideline
© 2019 - 2024 Hitachi Energy. All rights reserved
1MRK511453-UEN Rev. E Section 8
Central user account management

• AD administrator exports the list of relevant group names to a text file.

23000008-IEC19001120-1-en.vsdx
IEC19001120 V1 EN-US

Figure 16: Example AD groups file with tab separated columns

• Under tab AD groups to role mapping import the text file by using the button Import AD Groups
• Map IEC roles to the imported group names. The relationship between roles and groups should be
1:1.

23000005-IEC19001117-1-en.vsdx
IEC19001117 V1 EN-US

Figure 17: AD groups to role map

Due to the fact that configuration parameters are necessary to be changed when using CAM,
a setfile download is required to finish enabling CAM.

Distributed busbar protection REB500 37

Successful CAM activation results in:

• no Alarms on the LHMI

• no CAM events in the system event-list
• no security alarms

To disable CAM, local or no user account management has to be chosen in the Tools /
Security Options menu. A setfile download is required to complete this operation.

8.4.2 Emergency User Account GUID-AEF97665-8A50-4A95-94C9-3B6D67403F83 v1

8.4.2.1 Introduction GUID-505E60E0-9209-4EDD-98BA-D214B254E536 v1

A user with an administrator role will create a (local) emergency user account (see Section 8.4.2.2).
Business processes and auditing must ensure that the details of the account usage are documented,
and that a limited set of people (only users with Administration roles) know the password. The
credentials are deployed to some secure location, for example, secured with a PIN or key. When
authentication to AD fails due to unavailability of the AD server and the device must be accessed, any
user can retrieve the emergency credentials in an “out of band” manner and access the device. This is
referred to as “breaking the glass”.

Emergency account will be active for 15 minutes after the first failed authentication due unavailability of
the AD server. During this period if the AD server comes online again, then user will be allowed to log in
using both emergency account and his regular CAM AD account. In this latter case emergency account
will be deactivated again.

Important: After the emergency credentials have been used (“glass broken”) and the emergency
situation is resolved, a user with an Administration role shall create a new emergency account and
deploy its credentials “behind the glass”.

38 Distributed busbar protection REB500

8.4.2.2 Configuration GUID-5A25BBC6-3014-406B-AF19-151EE5C2280D v1

Configuration of the emergency user account is done in tab Tools/Security Account Management/
Emergency user by the following entries:

• Press Create

23000006-IEC19001118-1-en.vsdx
IEC19001118 V1 EN-US

Figure 18: Configuration of the Emergency User

• The menu Add Emergency User appears now

23000009-IEC19001121-1-en.vsdx
IEC19001121 V1 EN-US

Figure 19: Add Emergency User

• Enter User name, Password and Confirm Password

• Press Ok button

To Change the password of an existing emergency user, delete the user and create it anew.

If the emergency account is not configured, it is not possible to authenticate when the AD
server is not reachable.

Distributed busbar protection REB500 39

8.4.3 Troubleshooting CAM GUID-FEA58225-4CE4-4894-A110-CB11F13201CF v1

This application note 1KHL020828Aen Distributed busbar protection REB500 CAM

Activation and Usage_Tips and Troubleshooting provides additional information and
guidelines for the troubleshooting.

8.4.3.1 Errors during activation GUID-92C40B31-AA7B-4A5D-9F63-B38C025C066B v1

Symptoms:

• LHMI Alarm CAM enabling failed and CAM server not available
• System events CAM Minor_Error 001 and 002
• Security event 3810 CAM server communication failed

Probable causes:

• Wrong configuration parameters (for example, AD server address…)

• Server(s) not reachable during activation

Solution:

• Check REB500 CAM configuration parameters.

• Check if AD servers are reachable and the REB500 is connected.
• Restart CU

If the initial activation of CAM failed, the CU reverts to local UAM. Access to the device is
possible using the local default credentials.

40 Distributed busbar protection REB500

8.4.3.2 Server not reachable during runtime GUID-ED16F7C7-07DD-49B8-9587-29B436316E73 v1

Symptoms:

• LHMI Alarm: CAM Server not available

• System Event: CAM Minor_Error 002
• Security Event: 3810 CAM Server communication failed

Probable cause:

• Server(s) not reachable

Solution:

• Check if AD server is up and running.

• Check REB500 connection.

Authentication will be possible through the emergency account. After reconnection with the
server(s), authentication will again run via the AD server and the emergency account will be
deactivated.

If the emergency account was not configured, it is not possible to authenticate when the AD
server is not reachable.

8.4.3.3 Certificate failure GUID-CEA3AE1F-A0F9-49E7-865A-B93E0D7CE429 v1

Symptoms:

• LHMI Alarm: CAM Certificate Failure

• System Event: CAM Minor_Error 004
• Security Event: 3810 CAM Server communication failed.

Probable cause:

• Device certificate has expired or is not yet valid.

• No device certificate loaded to the system.
• Server certificate invalid
• …

Solution:

• Verify with system administrator that AD certificates are still valid.

• Replace invalid device and/or server certificate.

During CAM Active Directory activation, the local UAM is still active. Access to the device is
possible using the local default credentials.

Authentication will be possible through the emergency account. After replacing the
certificates, authentication will again run via the AD server and the emergency account will
be deactivated.

Distributed busbar protection REB500 41

If the emergency account was not configured, it is not possible to authenticate when the AD
server is not reachable due to certificate validation issues!

8.4.4 Accessing a Standalone Bay Unit GUID-1230FA6C-7AAC-4082-865B-CD353215FD71 v1

8.4.4.1 Use case GUID-7F8B3492-5E03-4353-81C6-909412A33375 v1

A bay unit is run standalone when the firmware of a spare BU is updated or when the local event list
needs to be read. However, when the device is configured to use CAM AD, it will try to connect to the
central unit, which will fail. The procedure to access such a device depends on whether an emergency
user was configured or not.

8.4.4.2 Emergency user configured (recommended) GUID-E0700184-2E0E-4B4A-AE37-B66FB1B9EA27 v1

The standard emergency procedure applies:

1. log in with any credentials

2. authentication will fail and emergency user is activated
3. “break the glass” and log in with emergency credentials

8.4.4.3 Emergency user not configured GUID-B7DEEB9D-F7B4-4E93-9735-6BBE836BD05C v1

1. reboot the device

2. in LHMI perform a password reset and delete the database

This is only possible if the security option “Enable password reset to factory default” is
activated! For details about this security option see Section 6.2, topic Password reset to
factory default.

3. device sets authentication mode to local

4. log in with default credentials

42 Distributed busbar protection REB500

Section 9 User activity logging GUID-3C79838B-7EC7-4BE0-AE99-10944B9788E9 v4

REB500 logs all user activities mentioned in Table 12 and can forward these events via Syslog or IEC
61850. The logged events can also be retrieved and viewed in HMI500 Operator.

The persistency of these events is guaranteed to be greater than 48 hours by storing them in the
flash-memory. Integrity of the logs is guaranteed by CRC. If the integrity check fails then the event list
will be empty.

9.1 View user activity events GUID-CFCDAC51-0AED-4A79-BBEB-BD09003AF168 v2

Users with permission audit@REB500 can view the security events in the HMI500 Operator ( View/
security event list ).

13000031-IEC18000636-2-en.vsdx
IEC18000636 V2 EN-US

Figure 20: Security event list

The user can update the view by pressing Refresh, forcing HMI500 to retrieve the events from REB500.

If the user presses Update cyclically, HMI500 will retrieve the events from REB500 every 4 seconds
and update the view accordingly.

9.2 External Security log server GUID-65EABAA7-9432-45DF-9A88-9B10E9F4ECBB v2

The user can set the information about Security log servers to which the user activity logs must be
forwarded (Tools/Security log servers ).

The user can configure up to 6 external log servers. Each server can be configured with IP Address,
IP port number and protocol format. The format can be either SysLog (RFC 3164 or RFC 5424) or
Common Event Format (CEF) from ArcSight.

Distributed busbar protection REB500 43

13000032-IEC18000637-1-en.vsdx
IEC18000637 V2 EN-US

Figure 21: Security log servers

Table 11: Security Log Servers dialog box

Item Description
Id Identification number (read-only)
Type Type of external log server :

• None
• Syslog UDP
• Syslog TCP
• ArcSight TCP
• Syslog UDP RFC5424
• Syslog TCP RFC5424

IP Address IP Address of external log server

Port Port of the external log server to which these security logs are to be sent.
Standard values:

• UDP settings → 514

• TCP settings → 1468

44 Distributed busbar protection REB500

9.3 Event format GUID-03B68C1A-05FC-45DB-9421-390DFE03185D v3

The user activity events contain the attributes listed in Table 12.

Table 12: User activity event format

Field Description
Sequence number The sequence of event per source (BU or CU), between 1 and
232-1.
Date Date of the event
Time UTC time of the event
Time invalid If the time value of the field Time is valid, the value of the field
Time invalid is empty.
If the time value of the field Time is invalid, the value of the field
Time invalid is TIV.
User name Name of the user that causes the event or “Anonymous” if user is
not known.
Event Id Identifier of the event type (see Section 9.4)
Severity Severity of the event depending on the importance of the event.
Critical events are marked as Alarm, others as Event.
Source Name of the source where user activity event occurs: The
configured Logical Device Reference, see Operation Manual
Section Device structure.
This is not necessarily the device where a button is pressed,
but the device where the activity is executed. For example,
when choosing Clear/Reset all latched relays, lists and LED”
on a BU, this is executed on the CPC of the connected CU
and the source will therefore be its Logical Device Reference for
example, LDR00 (CPC).
Event text See Section 9.4.

9.4 Event types GUID-EF777A26-615D-4A82-9972-943C7B762D54 v1

The following table contains the event types that can be logged, including their 61850 mapping on the
logical node GSAL.

Table 13: Security event types

ID Name Event Text IEC61850 Mapping

1110 LOGIN_OK Log-in successful GSAL.Ina
1115 LOGIN_OK_PW_EXPIRED Password expired, Log-in GSAL.Ina
successful
1120 LOGIN_FAIL_UNKNOWN_USER Log-in failed - Unknown user GSAL.AuthFail
1130 LOGIN_FAIL_WRONG_CR Log-in failed - Wrong credentials GSAL.AuthFail
1140 LOGIN_FAIL_WRONG_PW Log-in failed - Wrong password GSAL.AuthFail
1180 LOGIN_FAIL_SESSIONS_LIMIT Log-in failed too many user GSAL.AuthFail
sessions
1210 LOGOUT_USER Log-out (user logged out) GSAL.Ina
1220 LOGOUT_TIMEOUT Log-out by user inactivity (timeout) GSAL.Ina
1310 CONN_CONFIG_TOOL_OK Connection with configuration tool GSAL.Ina
successful
1322 CONFIG_STORAGE_OK Configuration stored in the device GSAL.Ina
successfully
1370 VIEW_SEC_EV_LIST_OK Viewed Security Event logs GSAL.Ina
successfully
1400 DEL_CONFIG_OK Configuration deleted successfully GSAL.Ina
Table continues on next page

Distributed busbar protection REB500 45

ID Name Event Text IEC61850 Mapping

1410 CONN_CONFIG_TOOL_FAIL Connection with configuration tool GSAL.Ina
failed
1422 CONFIG_STORAGE_FAIL Device configuration update failed GSAL.Ina
1500 DEL_CONFIG_FAIL Deletion of configuration failed GSAL.Ina
1680 DEL_DIST_REC_OK Disturbance records deleted GSAL.Ina
successfully
1682 DEL_DIST_REC_FAIL Deleted disturbance records failed GSAL.Ina
1720 UAM_RESET_FACTORY_DEF User Accounts reset to factory GSAL.Ina
default
1730 PW_RESET_FACTORY_DEF Admin password reset to factory GSAL.Ina
default
2110 USER_ACCNT_CREATE_OK User account created successfully GSAL.Ina
2120 USER_ACCNT_DEL_OK User account deleted successfully GSAL.Ina
2130 USER_ACCNT_CREATE_FAIL User account creation failed GSAL.SvcViol
2140 USER_ACCNT_DEL_FAIL User account deletion failed GSAL.SvcViol
2160 USER_NEW_ROLE_OK New role assigned to user GSAL.Ina
successfully
2161 USER_PERMISSION_CHANGE_OK Permission changed successfully GSAL.Ina
2180 NEW_ROLE_CREATE_OK New role created successfully GSAL.Ina
2190 ROLE_DELETE_OK Role deleted successfully GSAL.Ina
2210 USER_PW_CHANGE_OK User password changed GSAL.SvcViol
successfully
2220 USER_PW_CHANGE_FAIL Change of user password failed GSAL.SvcViol
2225 USER_DATA_CHANGE_OK User data changed successfully GSAL.SvcViol
(e.g. user name, etc.)
2226 USER_DATA_CHANGE_FAIL Change of user data failed GSAL.SvcViol
2230 USER_NEW_ROLE_FAIL New user role assignment failed GSAL.SvcViol
2231 USER_PERMISSION_CHANGE_FAIL Permission change failed GSAL.Ina
2233 USER_PW_CHANGE_FAIL_SHORT User Password change failed - too GSAL.SvcViol
short
2235 USER_PW_CHANGE_FAIL_POLICY User Password change failed - GSAL.SvcViol
policy check failed
2280 NEW_ROLE_CREATE_FAIL New role creation failed GSAL.Ina
2290 ROLE_DELETED_FAIL Role deletion failed GSAL.Ina
3710 CAM_SRV_COMM_OK CAM Server communication GSAL.Ina
successful
3810 CAM_SRV_COMM_FAIL CAM Server communication failed GSAL.Ina
3820 CAM_REPLICATION_NO_USERS Replication performed. No users GSAL.Ina
replicated!
3830 CAM_REPLICATION_NO_CAPACITY Replication attempted but failed. GSAL.Ina
No capacity.
4210 SSL_CONN_FAIL_CERT SSL Connection failed - Certificate GSAL.AuthFail
validation failed
5120 RESET_TRIPS Reset trips GSAL.Ina
5140 PROTECTION_SYS_RESTART Protection system restarted GSAL.Ina
5270 SYS_STARTUP System startup GSAL.Ina
5272 SYS_STARTUP_FAIL System startup failed GSAL.Ina
5280 SYS_SHUTTING_DOWN System shutting down GSAL.Ina
6110 TEST_MODE_START_OK Test Mode started successfully GSAL.Ina
6120 TEST_MODE_END Test Mode ended successfully GSAL.Ina
6140 SIGN_FORCED_VALUE Signal forced - value changed GSAL.Ina
successfully
Table continues on next page

46 Distributed busbar protection REB500

ID Name Event Text IEC61850 Mapping

6220 TIME_SYNC_SRC_OK Source time sync operation GSAL.Ina
successful
6320 TIME_SYNC_SRC_FAIL Source time sync operation failed GSAL.Ina
6510 DEBUG_MODE_START_OK Debug mode started successfully GSAL.Ina
6515 DEBUG_MODE_START_FAIL Starting Debug mode failed GSAL.Ina
6520 DEBUG_MODE_END Debug mode ended GSAL.Ina
6550 PROTOCOL_LOG_MODE_START Protocol logging mode started GSAL.Ina
6623 IF_STATE_CHANGED_UP Interface changed state to up GSAL.Ina
6624 IF_STATE_CHANGED_DOWN Interface changed state to down GSAL.Ina
8010 RECOV_PREV_CONFIG_OK Recovery of previous configuration GSAL.Ina
successful
8020 DATE_TIME_SET_OK Date and time set successfully GSAL.Ina
8210 RECOV_PREV_CONFIG_FAIL Recovery of previous configuration GSAL.Ina
failed
8220 DATE_TIME_SET_FAIL Date and time setting failed GSAL.Ina
9010 ATT_DET_FLOODING Flooding attack detected GSAL.Ina
9620 X509_CERT_EXPIRED Certificate validation failed - GSAL.Ina
Certificate expired
9640 X509_CERT_UNTRUSTED Certificate validation failed - GSAL.Ina
Certificate signature check failed
10010 MAINT_ENTER_MENU_OK Device successfully entered GSAL.Ina
maintenance menu due to a user
action
13200 TRANSFER_CONFIG_OK Configuration transferred to the GSAL.Ina
device successfully
13520 TRANSFER_CERTS_OK Certificates transferred to the GSAL.Ina
device successfully
13610 ADD_ENTITY_CERT_OK Installed entity certificate GSAL.Ina
successfully
13630 ADD_TRUST_ANCHOR_CERT_OK Installed trust anchor certificate GSAL.Ina
successfully
13710 ADD_ENTITY_CERT_FAIL Failed to install entity certificate GSAL.Ina
13730 ADD_TRUST_ANCHOR_CERT_FAIL Failed to install trust anchor GSAL.Ina
certificate
14200 TRANSFER_CONFIG_FAIL Failed to transfer configuration to GSAL.SvcViol
the device
14520 TRANSFER_CERTS_FAIL Failed to transfer certificates to the GSAL.Ina
device
15610 IEC61850_INIT_OK IEC 61850 stack initialized GSAL.Ina
successfully
15620 IEC61850_CONFIG_OK IEC 61850 stack configured GSAL.Ina
successfully
15710 IEC61850_INIT_FAIL IEC 61850 stack initialization failed GSAL.Ina
15720 IEC61850_CONFIG_FAIL IEC 61850 stack configuration GSAL.SvcViol
failed

When establishing a connection from HMI500 to the REB500 system, there will be an initial
event 1310 for user Anonymous.

In some cases the HMI500 disconnect and reconnect to the REB500 System which result in
additional event 1210 and 1110.

Distributed busbar protection REB500 47

In some cases the HMI500 is checking for local UAM availability which results in a 1120 -
Log-In failed - Unknown user.

9.5 User activity events through Syslog GUID-DF0FF87B-C575-4489-8B4F-C245C1998406 v2

User activity events can be sent to Syslog servers. For the events in Table 14 additional information is
sent apart from the information displayed to user in HMI500 Operator.

Table 14: Security events for Syslog with additional information

ID Name Additional information

1110 UAL_EV_1110_LOGIN_OK Role Name
1115 UAL_EV_1115_LOGIN_OK_PW_EXPIRED Role Name
1120 UAL_EV_1120_LOGIN_FAIL_UNKNOWN_USER Role Name
1130 UAL_EV_1130_LOGIN_FAIL_WRONG_CR Role Name
1140 UAL_EV_1140_LOGIN_FAIL_WRONG_PW Role Name
1310 UAL_EV_1310_CONN_CONFIG_TOOL_OK IP Address of peer
1410 UAL_EV_1410_CONN_CONFIG_TOOL_FAIL IP Address of peer
1680 UAL_EV_1680_DEL_DIST_REC_OK Single or All Deleted
1682 UAL_EV_1682_DEL_DIST_REC_FAIL Single or All Deleted
2110 UAL_EV_2110_USER_ACCNT_CREATE_OK User Account Name
2120 UAL_EV_2120_USER_ACCNT_DEL_OK User Account Name
2130 UAL_EV_2130_USER_ACCNT_CREATE_FAIL User Account Name
2140 UAL_EV_2140_USER_ACCNT_DEL_FAIL User Account Name
2160 UAL_EV_2160_USER_NEW_ROLE_OK User Account Name
2161 UAL_EV_2161_USER_PERMISSION_CHANGE_OK Role Name
2180 UAL_EV_2180_NEW_ROLE_CREATE_OK Role Name
2190 UAL_EV_2190_ROLE_DELETE_OK Role Name
2210 UAL_EV_2210_USER_PW_CHANGE_OK User Account Name
2220 UAL_EV_2220_USER_PW_CHANGE_FAIL User Account Name
2225 UAL_EV_2225_USER_DATA_CHANGE_OK User Account Name
2226 UAL_EV_2226_USER_DATA_CHANGE_FAIL User Account Name
2230 UAL_EV_2230_USER_NEW_ROLE_FAIL User Account Name
2231 UAL_EV_2231_USER_PERMISSION_CHANGE_FAIL Role Name
2233 UAL_EV_2233_USER_PW_CHANGE_FAIL_SHORT User Account Name
2235 UAL_EV_2235_USER_PW_CHANGE_FAIL_POLICY User Account Name
2280 UAL_EV_2280_NEW_ROLE_CREATE_FAIL Role Name
2290 UAL_EV_2290_ROLE_DELETED_FAIL Role Name
6550 UAL_EV_6550_PROTOCOL_LOG_MODE_START SNMP v2C Active
6623 UAL_EV_6623_IF_STATE_CHANGED_UP IF IP Address
6624 UAL_EV_6624_IF_STATE_CHANGED_DOWN IF IP Address
8020 UAL_EV_8020_DATE_TIME_SET_OK New Date/Time
8220 UAL_EV_8220_DATE_TIME_SET_FAIL Time not valid
9010 UAL_EV_9010_ATT_DET_FLOODING LAN Interface

48 Distributed busbar protection REB500

9.6 User activity event during REB500 system start up GUID-3D43A889-6812-44E1-9BD2-B5FAC74EF4FA v2

Starting up a REB500 system with a connected HMI500 causes a Log-in failed Unknown user entry in
the Security event list (see Figure 22). Since the user credentials are not cashed in the HMI500, this
can be seen as a normal behavior. To avoid this "log-in failed" information, the HMI500 shall be not
connected during start-up phase of the system.

17000046-IEC19000214-2-en.vsdx
IEC19000214 V2 EN-US

Figure 22: Log-in failed-Unknown user

Distributed busbar protection REB500 49

Section 10 Decommissioning the IED GUID-E540CEA3-E1C0-43B5-A64F-2DFB310E8EB3 v2

This section provides instructions on decommissioning the IED, by resetting it to factory setting, removal
of sensitive information added during lifetime of the IED.

Perform following steps to decommissioning the IED:

• Reset the IED to factory setting

1. Reset Password to factory default. For more information see Section 7.7.
2. Delete data base in the IED (MDB file) can be done together with the previous step when
resetting the Password to the factory default in the maintenance menu.

24000006-IEC23000006-1-en.vsdx
GUID-F4AF1086-1E94-4267-BFC0-9C676E272A72 V1 EN-US

Figure 23: LHMI Delete Database

Select Delete Database before exit the menu (see red mark in Figure 23).

Do not use the procedure described in REB500 Operation Manual, Section “Installation
Mode” to delete the database as this only describes the procedure for an entire system
and not for an individual IED (CU or BU).

• Information to be removed from the IED

Anything “client/installer” added to system once it was transferred to him has to be removed.
This applies to all sensitive information, PII (Personal Identifiable Information), project data, keys,
certificates and passwords.

50 Distributed busbar protection REB500

Section 11 Standard compliance statement

11.1 Applicable standards GUID-52CC1B22-2150-418C-B7A9-1924C756BFC9 v3

Cyber security issues have been the subject of standardization initiatives by ISA, IEEE, or IEC for some
time and Hitachi Energy plays an active role in all these organizations, helping to define and implement
cyber security standards for power and industrial control systems.

Some of the cyber security standards which are most important for substation automation are still under
active development such as IEC 62351 and IEC 62443 (former ISA S99). Hitachi Energy is participating
in the development by delegating subject matter experts to the committee working on the respective
standard. Since these standards are still under development Hitachi Energy strongly recommends to use
existing common security measures as available on the market, for example, VPN for secure Ethernet
Communication.

An overview of applicable security standards and their status is shown in Table 15.

Table 15: Overview of cyber security standards

Standard Main focus Status

NERC CIP v5 NERC CIP cyber security regulation for North Released, ongoing *
American power utilities
IEC 62351 Data and communications security Partly released, ongoing
IEEE 1686 IEEE standard for substation intelligent electronic Finalized
devices (IEDs) cyber security capabilities
IEC 62443-4-1 The standard IEC 62443-4-1 Security is for industrial Still under development
automation and control systems – Part 4-1: Product
development requirements.
IEC 62443-4-2 The standard IEC 62443-4-2 Security is for industrial Finalized
automation and control systems – Part 4-2: Technical
security requirements for IACS components.

*Ongoing: Major changes will affect the final solution.

Hitachi Energy has identified cyber security as a key requirement and has developed a large number
of product features to support international cyber security standards such as NERC-CIP, IEEE 1686, as
well as local activities like the German BDEW white paper.

The two standards IEC 62351 and IEC 62443 are still under revision. Due to interoperability reasons
Hitachi Energy recommend not to implement these standards yet. Nevertheless, Hitachi Energy
considers these standards already today as a guideline to implement product features or system
architectures.

11.2 IEEE 1686 compliance GUID-DE356B38-53A0-4A76-A3C6-D0D4B6596870 v2

Table 16: IEEE 1686 compliance

Clause Title Status Comment

5 IED cyber security features Acknowledge
5.1 Electronic access control Comply
5.1.1 IED access control overview Comply
5.1.2 Password defeat mechanisms Comply
5.1.3 Number of individual users Exceed 20
5.1.4 Password construction Comply
5.1.5 IED access control Acknowledge
Table continues on next page

Distributed busbar protection REB500 51

Clause Title Status Comment

5.1.5.1 Authorization levels by password Comply
5.1.5.2 Authorization using role-based access Exceed Product provides eight user-defined
control (RBAC) roles
5.1.6 IED main security functions Acknowledge
5.1.6 a) View data Comply Feature is accessible through
individual user accounts
5.1.6 b) View configuration settings Comply Feature is accessible through
individual user accounts
5.1.6 c) Force values Exception Feature is accessible through
individual user accounts
5.1.6 d) Configuration change Comply Feature is accessible through
individual user accounts
5.1.6 e) Firmware change
5.1.6 f) ID/password or RBAC management
5.1.6 g) Audit log
5.1.7 Password display Comply
5.1.8 Access time-out Comply A time-out feature exists.The time
period is configurable by the user
5.2 Audit trail Acknowledge
5.2.1 Audit trail background Comply
5.2.2 Storage capability
5.2.3 Storage record Acknowledge
5.2.3 a) Event record number Comply
5.2.3 b) Time and date Comply
5.2.3 c) User identification Comply
5.2.3 d) Eventtype Comply
5.2.4 Audit trail event types Acknowledge
5.2.4 a) Login Comply
5.2.4 b) Manual logout Comply
5.2.4 c) Timed logout Comply
5.2.4 d) Value forcing Comply
5.2.4 e) Configuration access Exception
5.2.4 f) Configuration change Comply
5.2.4 g) Firmware change Exception Firmware changes are not captured in
the audit trail record.
5.2.4 h) ID/password creation or modification Comply
5.2.4 i) ID/password deletion Comply
5.2.4 j) Audit-log access Comply
5.2.4 k) Time/date change Comply
5.2.4 l) Alarm incident Comply
5.3 Supervisory monitoring and control Acknowledge
5.3.1 Overview of supervisory monitoring Comply Made available through IEC 61850 and
and control syslog.
5.3.2 Events Comply
5.3.3 Alarms Comply
5.3.3 a) Unsuccessful login attempt Exception Not Supported
5.3.3 b) Reboot Comply A start-up event is created every boot.
5.3.3 c) Attempted use of unauthorized Exception Client certificates are not in use.
configuration software
Table continues on next page

52 Distributed busbar protection REB500

Clause Title Status Comment

5.3.3 d) Invalid configuration or firmware Comply
download
5.3.3 e) Unauthorized configuration or firmware Exception Not Supported.
file
5.3.3 f) Time signal out of tolerance Comply
5.3.3 g) Invalid field hardware changes Comply IED send a hardware changed
detected alarm.
5.3.4 Alarm point change detect Comply
5.3.5 Event and alarm grouping Exception One Security Event list. Alarms and
Events can be separated after export.
However Role Base Access Control is
supported.
5.3.6 Supervisory permissive control Exception Feature is not supported.
5.4 IED cyber security features Acknowledge
5.4.1 IED functionality compromise Comply Services and ports used for real-
time protocols are listed in the user
documentation.
5.4.2 Specific cryptographic features Acknowledge
5.4.2 a) Webserver functionality Comply HTTPS
5.4.2 b) File transfer functionality Comply SFTP, SSL
5.4.2 c) Text-oriented terminal connections Comply No Terminal
5.4.2 d) SNMP network management Exception Not Supported
5.4.2 e) Network time synchronization Comply SNTP
5.4.2 f) Secure tunnel functionality Exception No Tunnel Functionality
5.4.3 Cryptographic techniques Comply Open SSL
5.4.4 Encrypting serial communications Exception No Serial Communication for remote
access.
5.4.5 Protocol-specific security features Comply DAC over SSL
5.5 IED configuration software Acknowledge
5.5.1 Authentication Exception IED can be configured using
unauthorized copies of the
configuration software. However,
configuration download is handled by
authentication. IED signature are also
available.
5.5.2 Digital signature Exception Feature not Supported
5.5.3 ID/password control Comply Stored in the IED
5.5.4 ID/password controlled features Acknowledge
5.5.4.1 View configuration data Comply
5.5.4.2 Change configuration data Comply
5.5.4.2 a) Full access Comply
5.5.4.2 b) Change tracking Comply
5.5.4.2 c) Use monitoring Comply
5.5.4.2 d) Download to IED Comply
5.6 Communications port access Comply
5.7 Firmware quality assurance Exception Quality control is handled according to
ISO 9001 and CMMI.

Distributed busbar protection REB500 53

11.3 Compliance Statement IEC 62443-4-2 GUID-FBB0AE3B-E52C-4EF9-BF11-43B9BC5F28EE v1

This chapter contains a compliance statement of the REB500 security functionality against the standard
IEC 62443-4-2 Security for industrial automation and control systems – Part 4-2: Technical security
requirements for IACS components.

REB500 devices (central unit and bay units) are considered as embedded devices, so "Embedded
device requirements" have been selected.

Following requirement selections from the standard are not considered:

• Host device requirements

• Network device requirements

11.3.1 FR 1 - Identification and authentication control (IAC) GUID-3A5E785E-B26C-4A38-9601-DE344357BD17 v2

Table 17: FR 1 – Identification and authentication control (IAC)

CR Security requirement Security level

CR 1.1 Human user identification and authentication SL-C 2
CR 1.2 Software process and device identification SL-C 4
and authentication
CR 1.3 Account management SL-C 4
CR 1.4 Identifier management SL-C 4
CR 1.5 Authenticator management SL-C 2
CR 1.7 Strength of password-based authentication SL-C 4
CR 1.8 Public key infrastructure certificates SL-C 4
CR 1.9 Strength of public key authentication SL-C 2
CR 1.10 Authenticator feedback SL-C 4
CR 1.11 Unsuccessful login attempts SL-C 4
CR 1.12 System use notification Not supported
CR 1.14 Strength of symmetric key-based Not supported
authentication

11.3.2 Use control (UC) GUID-7045B894-C42B-4DD2-ACD2-A119FE05A69C v2

Table 18: FR 1 – Identification and authentication control (IAC)

CR/EDR Security requirement Security level

CR 2.1 Authorization enforcement SL-C 2
CR 2.2 Wireless use control Not applicable
CR 2.3 Use control for portable and mobile devices Not applicable
EDR 2.4 Mobile code Not applicable
CR 2.5 Session lock SL-C 4
CR 2.6 Remote session termination SL-C 4
CR 2.7 Concurrent session control SL-C 4
CR 2.8 Auditable events SL-C 4
CR 2.9 Audit storage capacity SL-C 2
CR 2.10 Response to audit processing failures SL-C 4
CR 2.11 Timestamps SL-C 3
CR 2.12 Non-repudiation SL-C 4
EDR 2.13 Use of physical diagnostic and test interfaces SL-C 4

54 Distributed busbar protection REB500

11.3.3 FR 3 - System integrity (SI) GUID-EDC5212F-22F2-4F9E-8797-93145BFEA290 v2

Table 19: FR 3 - System integrity (SI)

CR/EDR Security requirement Security level

CR 3.1 Communication integrity SL-C 4
EDR 3.2 Malicious code protection SL-C 4
CR 3.3 Security functionality verification SL-C 3
CR 3.4 Software and information integrity Not supported
CR 3.5 Input validation SL-C 4
CR 3.6 Deterministic output SL-C 4
CR 3.7 Error handling SL-C 4
CR 3.8 Session integrity SL-C 4
CR 3.9 Protection of audit information SL-C 3
EDR 3.10 Support for updates SL-C 4
EDR 3.11 Physical tamper resistance and detection SL-C 1
EDR 3.12 Provisioning product supplier roots of trust SL-C 1
EDR 3.13 Provisioning asset owner roots of trust SL-C 1
EDR 3.14 Integrity of the boot process Not supported

11.3.4 FR 4 - Data confidentiality (DC) GUID-79A3E3FC-2475-4829-B93B-26CF97DA572A v1

Table 20: FR 4 – Data confidentiality (DC)

CR Security requirement Security level

CR 4.1 Information confidentiality SL-C 4
CR 4.2 Information persistence SL-C 2
CR 4.3 Use of cryptography SL-C 4

11.3.5 FR 5 - Restricted data flow (RDF) GUID-B09E6E11-5525-44C4-889A-7C1362D0FEC4 v2

Table 21: FR 5 – Restricted data flow (RDF)

CR Security requirement Security level

CR 5.1 Network segmentation SL-C 4

11.3.6 FR 6 - Timely response to events (TRE) GUID-FDAB5C74-2378-482C-8B5A-165346F8B9C8 v1

Table 22: FR 6 – Timely response to events (TRE)

CR Security requirement Security level

CR 6.1 Audit log accessibility SL-C 4
CR 6.2 Continuous monitoring SL-C 4

Distributed busbar protection REB500 55

11.3.7 FR 7 - Resource availability (RA) GUID-2752FEF7-4D12-450D-8CB3-FB5E54B5DC61 v2

Table 23: FR 7 – Resource availability (RA)

CR Security requirement Security level

CR 7.1 Denial of Service protection SL-C 4
CR 7.2 Resource management SL-C 4
CR 7.3 Control system backup SL-C 4
CR 7.4 Control system recovery and reconstitution SL-C 4
CR 7.5 Emergency Power Not applicable
CR 7.6 Network and security configuration settings SL-C 2
CR 7.7 Least functionality SL-C 4
CR 7.8 Control system component inventory SL-C 4

56 Distributed busbar protection REB500

Section 12 Reporting a cybersecurity vulnerability

or incident GUID-7D31087C-781C-4A86-AB65-D4F7059E5907 v3

Any cybersecurity vulnerability or incident related to a Hitachi Energy product can be securely reported
to Hitachi Energy using https://www.hitachienergy.com/products-and-solutions/cybersecurity/reporting.

More information related to vulnerability disclosure can be found at

https://www.hitachienergy.com/products-and-solutions/cybersecurity/vulnerability-disclosure-policy

Distributed busbar protection REB500 57

https://hitachienergy.com/protection-control Scan this QR code to visit our website

1MRK511453-UEN

1KHL501616 REB500 Firmware Update Sequences
No ratings yet
1KHL501616 REB500 Firmware Update Sequences
6 pages
Technical Manual, Busbar Protection REB650 Version 2.2
No ratings yet
Technical Manual, Busbar Protection REB650 Version 2.2
656 pages
Relay Commissioning Guide
No ratings yet
Relay Commissioning Guide
8 pages
Self-Powered Feeder Protection REJ603: Application Manual
No ratings yet
Self-Powered Feeder Protection REJ603: Application Manual
76 pages
Reg316 4e
100% (1)
Reg316 4e
980 pages
Release Note - FREJA Win 6.2
No ratings yet
Release Note - FREJA Win 6.2
3 pages
p40 Agile Brochure en 33136 202005 LTR r0011 LR
No ratings yet
p40 Agile Brochure en 33136 202005 LTR r0011 LR
8 pages
MN Artes 3.50 Eng
No ratings yet
MN Artes 3.50 Eng
0 pages
620 Series: Engineering Manual
No ratings yet
620 Series: Engineering Manual
168 pages
r8006d Kavs100 Manual
No ratings yet
r8006d Kavs100 Manual
100 pages
Advanced Relay Test System DRTS 34
No ratings yet
Advanced Relay Test System DRTS 34
8 pages
SIP5 - 7SA SD 82 84 86 7SL 82 86 SJ 86 - V08.40 - Manual - C010 E - en
0% (1)
SIP5 - 7SA SD 82 84 86 7SL 82 86 SJ 86 - V08.40 - Manual - C010 E - en
2,200 pages
9akk105713a8874 B en Quick Start Guide Pcm600 2.5 Ansi
No ratings yet
9akk105713a8874 B en Quick Start Guide Pcm600 2.5 Ansi
32 pages
Operator's Manual: Bay Control IED REC670
No ratings yet
Operator's Manual: Bay Control IED REC670
114 pages
Application Manual, RED670 Ver. 2.2, Printed: General Information
0% (1)
Application Manual, RED670 Ver. 2.2, Printed: General Information
1 page
4CAE000104 REC670 Technical Summary A4
No ratings yet
4CAE000104 REC670 Technical Summary A4
2 pages
CPC 100 Reference Manual
No ratings yet
CPC 100 Reference Manual
398 pages
1mrk508015-Ben D en Auxiliary Signalling and Trippning Relays Rxma 1 Rxma 2 Rxms 1 RXSF 1 Rxme 1 Rxme 18 RXMH 2 RXM
100% (1)
1mrk508015-Ben D en Auxiliary Signalling and Trippning Relays Rxma 1 Rxma 2 Rxms 1 RXSF 1 Rxme 1 Rxme 18 RXMH 2 RXM
20 pages
PP User Manual
No ratings yet
PP User Manual
392 pages
220kV Relay Panel BOM
No ratings yet
220kV Relay Panel BOM
3 pages
Abb Switchsync Pwc600
No ratings yet
Abb Switchsync Pwc600
336 pages
Stator Fault
No ratings yet
Stator Fault
26 pages
ABB Ability and Digital Services 2018
100% (1)
ABB Ability and Digital Services 2018
44 pages
2 C 64
No ratings yet
2 C 64
5 pages
MD1501 Instruction Manual Overseas General
No ratings yet
MD1501 Instruction Manual Overseas General
58 pages
Reyrolle 7SR1003
No ratings yet
Reyrolle 7SR1003
2 pages
R8563C Kitz 204
100% (1)
R8563C Kitz 204
64 pages
JFZ-11F Auxiliary Relay Equipment Technical Manual
No ratings yet
JFZ-11F Auxiliary Relay Equipment Technical Manual
64 pages
Data Sheet: Communication Unit 560CMU02
No ratings yet
Data Sheet: Communication Unit 560CMU02
4 pages
Colterlec Catalogue2018 Kraus&Naimer PDF
No ratings yet
Colterlec Catalogue2018 Kraus&Naimer PDF
37 pages
ARTECHE
No ratings yet
ARTECHE
4 pages
Controlled Switching With PSD (Phase Synchronizing Device) : Training Manual
100% (1)
Controlled Switching With PSD (Phase Synchronizing Device) : Training Manual
41 pages
3AP2FI
No ratings yet
3AP2FI
63 pages
REL650
No ratings yet
REL650
79 pages
Data Sheet: Multimeter 560CVD03
No ratings yet
Data Sheet: Multimeter 560CVD03
5 pages
7PG17 - XR250, XR251, XR350, XR351 Technical Manual
No ratings yet
7PG17 - XR250, XR251, XR350, XR351 Technical Manual
6 pages
Type MVAA: Tripping and Auxiliary Relays
No ratings yet
Type MVAA: Tripping and Auxiliary Relays
22 pages
1MRK509004-BEN A en Time Over Undervoltage Relays and Protection Assemblies RXEDK 2H RAEDK PDF
No ratings yet
1MRK509004-BEN A en Time Over Undervoltage Relays and Protection Assemblies RXEDK 2H RAEDK PDF
18 pages
Spaj 115 C Restricted Earth-Fault and Residual Earth-Fault Relay
No ratings yet
Spaj 115 C Restricted Earth-Fault and Residual Earth-Fault Relay
56 pages
RPH3 Manual
No ratings yet
RPH3 Manual
129 pages
P821 en T G21
No ratings yet
P821 en T G21
256 pages
1MDB09004-EN en RXIG Current Relay and Protection
No ratings yet
1MDB09004-EN en RXIG Current Relay and Protection
8 pages
Service Manual K-Range Overcurrent and Directional Overcurrent Relays
No ratings yet
Service Manual K-Range Overcurrent and Directional Overcurrent Relays
196 pages
PMS 7ss5 en
No ratings yet
PMS 7ss5 en
28 pages
7SJ82 Flyer
No ratings yet
7SJ82 Flyer
7 pages
Siprotec 7Rw600 Numerical Voltage, Frequency and Overexcitation Protection Relay
No ratings yet
Siprotec 7Rw600 Numerical Voltage, Frequency and Overexcitation Protection Relay
12 pages
RXTCD 4 Capacitor Voltage Supply Unit Combiflex: Application
No ratings yet
RXTCD 4 Capacitor Voltage Supply Unit Combiflex: Application
3 pages
Ri16rhb (O&m Manual)
No ratings yet
Ri16rhb (O&m Manual)
6 pages
Data Sheet 7XT3400-0CA00: Further Information
100% (1)
Data Sheet 7XT3400-0CA00: Further Information
1 page
REX640 Iec61850eng 759116 ENd
No ratings yet
REX640 Iec61850eng 759116 ENd
120 pages
VD23
No ratings yet
VD23
4 pages
7XG22 2RMLG Catalogue Sheet PDF
No ratings yet
7XG22 2RMLG Catalogue Sheet PDF
12 pages
Catalogo Schneider
No ratings yet
Catalogo Schneider
1,231 pages
REV615 - Capacitor
No ratings yet
REV615 - Capacitor
56 pages
1MRK505402-BEN F en Product Guide REB500 8
No ratings yet
1MRK505402-BEN F en Product Guide REB500 8
67 pages
1MRK505399-UEN E en Application Manual REB500 8
No ratings yet
1MRK505399-UEN E en Application Manual REB500 8
101 pages
Reb500 Operacion
No ratings yet
Reb500 Operacion
128 pages
1MRK505400-UEN E en Technical Manual REB500 8
No ratings yet
1MRK505400-UEN E en Technical Manual REB500 8
67 pages
1MRK505403-UEN E en Application Manual Bay Protection Functions REB500 8
No ratings yet
1MRK505403-UEN E en Application Manual Bay Protection Functions REB500 8
42 pages
1MRK505402-TEN - en Type Test Certificate REB500 8
No ratings yet
1MRK505402-TEN - en Type Test Certificate REB500 8
20 pages
CA Test Data Manager Key Scenarios
No ratings yet
CA Test Data Manager Key Scenarios
12 pages
Intenship Report
No ratings yet
Intenship Report
13 pages
Sitrain - Digital Industry Academy: Course Catalog
No ratings yet
Sitrain - Digital Industry Academy: Course Catalog
104 pages
DESIGN - AND - IMPLEMENTATION - OF - AN - ONLINE - LIBRARY - SYSTEM Having
No ratings yet
DESIGN - AND - IMPLEMENTATION - OF - AN - ONLINE - LIBRARY - SYSTEM Having
71 pages
STS Midterm Lesson 4
No ratings yet
STS Midterm Lesson 4
36 pages
Previewpdf
No ratings yet
Previewpdf
81 pages
Software Engineering Overview
100% (5)
Software Engineering Overview
18 pages
Analysis of Digitalization Transformation in AirAsia
No ratings yet
Analysis of Digitalization Transformation in AirAsia
7 pages
Don Honorio Ventura Technological State University Bacolor, Pampanga
No ratings yet
Don Honorio Ventura Technological State University Bacolor, Pampanga
3 pages
Artificial Intelligence and Automation For The Future of Startups1
No ratings yet
Artificial Intelligence and Automation For The Future of Startups1
22 pages
en - Ditec Civik Brochure
No ratings yet
en - Ditec Civik Brochure
3 pages
SG4008 0
No ratings yet
SG4008 0
4 pages
ITIL 4 Foundation Guide
100% (1)
ITIL 4 Foundation Guide
9 pages
Mechanical Design Engineer
No ratings yet
Mechanical Design Engineer
3 pages
Rexroth Indramat MHD Servo Motor Designation
No ratings yet
Rexroth Indramat MHD Servo Motor Designation
16 pages
Intlibs
No ratings yet
Intlibs
19 pages
Commercial Print (Printing & Packaging)
No ratings yet
Commercial Print (Printing & Packaging)
12 pages
ARC Advanced Analytics Manufacturing
No ratings yet
ARC Advanced Analytics Manufacturing
28 pages
Netsuite One Pager Workatu PDF
No ratings yet
Netsuite One Pager Workatu PDF
2 pages
Roc 306&312
No ratings yet
Roc 306&312
2 pages
Cooling Heating Capacity
No ratings yet
Cooling Heating Capacity
14 pages
GDM SW 0911
No ratings yet
GDM SW 0911
28 pages
SRR HPCL PGTR - 1
No ratings yet
SRR HPCL PGTR - 1
188 pages
Indivisual Projects For RSC M Group (Grippers)
No ratings yet
Indivisual Projects For RSC M Group (Grippers)
11 pages
Solar-Powered Home Air Conditioner
No ratings yet
Solar-Powered Home Air Conditioner
1 page
EcoStruxure Modicon Builder V3.1
No ratings yet
EcoStruxure Modicon Builder V3.1
145 pages
Curtain Wall Installation For High-Rise Buildings-Critical Review of Current Automation Solutions and Opportunities
No ratings yet
Curtain Wall Installation For High-Rise Buildings-Critical Review of Current Automation Solutions and Opportunities
8 pages
Insurance Underwriter Risk Manager in Dayton OH Resume Craig Archer
No ratings yet
Insurance Underwriter Risk Manager in Dayton OH Resume Craig Archer
3 pages
Material Handling System Design and Decision
No ratings yet
Material Handling System Design and Decision
4 pages
Service Capacity Management
100% (1)
Service Capacity Management
10 pages