Local user account management - Arc protection - Bay control and measurement - Motor protection - Transformer protection - 2 winding - Busbar differential protection (low impedance) - Feeder protection - Voltage regulation - Busbar protection (voltage and frequency) - Capacitor bank protection - Interconnection protection - Power management/Load shedding - Back-up protection - Cyber Security Deployment Guideline - SSC600 Smart substation control and protection - 1.0 FP4 - IEC - ANSI - 18.04.2023

SSC600 Cyber Security Deployment Guideline

The user account management and role-based access control in the protection relay have been handled as specified in IEC 62351-8.

Four factory default user accounts have been predefined for the WHMI, each with different rights and default passwords. The roles for these four user accounts are the same as the username.

Table 1. Showing Four Factory Default Users, respective roles and respective default passwords

Four Factory Default Users

Role

Default Password

VIEWER

VIEWER

remote0001

OPERATOR

OPERATOR

remote0002

ENGINEER

ENGINEER

remote0003

ADMINISTRATOR

ADMINISTRATOR

remote0004

The default passwords in the protection relay delivered from the factory can be changed by user with User Management Right or the users themselves.

Relay user passwords can be changed using the WHMI or IED Users tool in PCM600.

Figure 1. Showing Change password option in WHMI (the users themselves can change from here)

Figure 2. Showing Change password option in PCM600. (user with User Management Right can change from here)

In addition to the default user accounts, additional user accounts under eight predefined roles, can be added for the protection relay from IED Users in PCM600.

Figure 3. Showing Eight Pre-Defined Roles in PCM600

These roles are then mapped to user rights.

Figure 4. Showing roles to rights mapping

It is required to login as a user with role which is having User Management Right in PCM600 to be able to add additional pre-defined roles and map them to user rights. User defined roles can be added to protection relay.

Each protection relay supports eight fixed roles and 50 user accounts belonging to any one of these roles. Each user account can be mapped to a maximum of eight roles.

IED Users tool in PCM600 is used to manage the user accounts.

  • User accounts can be created and assigned with any default roles (VIEWER, OPERATOR, ENGINEER and ADMINISTRATOR) or additional roles (INSTALLER, SECADM, SECAUD and RBACMNT)
  • User with role (Role Mapped to User Management Right) can create user accounts and update the roles-to-rights mapping.
  • User with role (Role Mapped to User Management Right) needs to share the default password generated for the user account by the tool with the users and recommend the user to change the password.
  • The password of the user accounts can be changed by the users themselves from PCM600 or from WHMI.
  • User with role (Role Mapped to User Management Right) can reset the passwords of the users.

The user account information is then written to the protection relay from IED Users in PCM600. The user account information is securely maintained in the protection relay.

Any user logging into the protection relay from WHMI (HTTPS) or PCM600 (FTPS) is authenticated based on the user account information in the relay.

Table 2. Pre-defined user roles

Role

Description

VIEWER

Can be used to view which objects are present within the logical device

SECAUD

Can be used for record handling and to view audit logs

OPERATOR

Can be used to view which objects are present within the logical device as well as to perform control operations such as opening or closing the circuit breaker.

INSTALLER

Can be used to view which objects are present within the logical device as well as to write files and configure the server locally or remotely.

ENGINEER

Can be used to view which objects are present within the logical device as well as to make parameter setting and configuration changes in addition to having full access to the data sets and files.

RBACMNT

Can be used to manage the roles-to-rights mapping.

SECADM

Can be used to perform security management such as roles-to-rights mapping and to change security settings such as certificates for subject authentication.

ADMINISTRATOR

Superset of all the roles

Table 3 describes the default mapping of all the user rights associated with all the roles in the protection relay. This mapping can be modified according to the user requirements.

Table 3. Default roles-to-rights mapping

Possible user actions / Rights

VIEWER

SECAUD

OPERATOR

INSTALLER

ENGINEER

RBACMNT

SECADM

ADMINISTRATOR

Configuration and Setting Change

No

No

No

No

Yes

No

No

Yes

Control Operations

No

No

Yes

No

No

No

No

Yes

User Management

No

No

No

No

No

Yes

Yes

Yes

Security Management

No

Yes

No

No

No

No

Yes

Yes

Test Mode

No

No

No

No

Yes

No

No

Yes

Record Handing

No

Yes

No

No

No

No

No

Yes

System update

No

No

No

No

No

No

Yes

Yes
Note: The permissions and rights mentioned in the IEC 62351-8 standard are covered directly or by a combination of the rights mentioned in Table 3. In PCM600 the rights are managed as Read/Write/None instead of Yes/No. If None right is not applicable for an action (for example Test Mode), it will default to Read right.

User account information can be exported from IED Users in PCM600 to an encrypted file which can then be imported into another protection relay.

Note: WHMI always requires authentication. Changes in User management settings do not cause the protection relay to reboot. The changes are taken into use immediately after committing the changed settings on the menu root level.

Username and password are always required for communication with the relay over FTP/FTPS and HTTPS protocols.

Tip: If the PCM600 authentication has been enabled in PCM600 System Settings, a relay user can be linked to the current PCM600 user by selecting the Remember me check box in the Login dialog. After that, the user credentials are no longer asked at tool communication as logging in PCM600 also provides the authentication credentials to the protection relay.
Note: The User with User Management Right shall not be allowed to delete the last User with User Management Right and itself. FTP/FTPS logins are done by entering the username and password; there is no role selection required. The highest role for the username is automatically selected by the protection relay. Performing the Restore Factory settings operation in IED Users in PCM600 restores user accounts to the factory user accounts. The Read rights in the roles-to-rights role mapping can be disabled but the Read rights are always restored when the roles are read from the protection relay in the Roles to Rights mapping section of IED Users or Account Management Tool in PCM600.