Professional Documents
Culture Documents
1.3.4 WindSCADA System Generic XXHZ Network Connectivity Requirements EN r02
1.3.4 WindSCADA System Generic XXHZ Network Connectivity Requirements EN r02
GE Renewable Energy
Technical Documentation
Wind Turbine Generator Systems
All Turbine Types - 50/60Hz
Onshore
Technical Description
Wide Area Network Connectivity Requirements
imagination at work
© 2017 General Electric Company. All rights reserved.
- Original -
GE Renewable Energy Technical Description
Visit us at
www.gerenewableenergy.com
All technical data is subject to change in line with ongoing technical development!
This document is to be treated confidentially. It may only be made accessible to authorized persons. It may only be
made available to third parties with the expressed written consent of General Electric Company.
All documents are copyrighted within the meaning of the Copyright Act. The transmission and reproduction of the
documents, also in extracts, as well as the exploitation and communication of the contents are not allowed
without express written consent. Contraventions are liable to prosecution and compensation for damage. We
reserve all rights for the exercise of commercial patent rights.
Other company or product names mentioned in this document may be trademarks or registered trademarks of
their respective companies.
imagination at work
WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx.
- Original -
GE Renewable Energy Technical Description
Table of Contents
Introduction ............................................................................................................................................................................................................................ 5
Definitions and Acronyms............................................................................................................................................................................................... 6
SCADA Remote Connectivity ......................................................................................................................................................................................... 7
1 Shared ISP router connection ............................................................................................................................................................................ 8
2 B2B Connection ......................................................................................................................................................................................................... 9
3 Security ........................................................................................................................................................................................................................ 10
4 Break and Fix of GE’s Network Equipment .............................................................................................................................................. 10
5 GE’s Remote User Access .................................................................................................................................................................................. 10
6 Specific GE Connectivity Guideline ............................................................................................................................................................... 11
7 Open Ports needed by GE ................................................................................................................................................................................. 12
Appendix A: Technical Specifications for High Speed Network Data Circuit for GE Wind Farms (ISP) ................... 13
Appendix B: Technical Specifications for High Speed Network Data Circuit for GE Wind Farms (B2B) ................. 14
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx x
- Original -
GE Renewable Energy Technical Description
Introduction
A dedicated remote data connection to a wind farm network is required for GE's Customer Support Center (CSC)
to monitor and perform remote operations. The Customer is responsible for the availability and reliability of the
remote connection, provided for exclusive use by GE based on the descriptions in this document. GE must be
provided a public routable static IP address in order to establish a secure point-to-point IPSec VPN tunnel
between the endpoint and GE datacenter; dynamic IP addressing (DHCP) cannot be used. For its own use, the
Customer has to establish a separate connection using a separate IP address.
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx 5/14
- Original -
GE Renewable Energy Technical Description
B2B Business-to-Business
FE Field Engineer
FW Firewall
IP Internet Protocol
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
6/14 WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx
- Original -
GE Renewable Energy Technical Description
The Customer is responsible for providing and maintaining a dedicated data network connection to the wind farm
with public static routable IP addresses. The network connection shall be provided through a terrestrial circuit. Any
other type of network circuit requires a written confirmation by GE.
The remote user utilizes the remote connection to connect to the SCADA System at the wind farm; therefore GE’s
connectivity to the wind farm must be established via Broadband connection.
Table 1 describes the supported networking topologies. It is highly recommended that the Customer procure and
sustain a modern firewall operated between the remote access router and the SCADA equipment LAN to
establish an Electronic Security Perimeter (ESP). GE can, upon request, provide the list of required protocols for
proper SCADA operation with the Customer's firewall configuration.
Supported solutions
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx 7/14
- Original -
GE Renewable Energy Technical Description
In addition to the above, the Customer will be responsible to supply and support the communication equipment
and lines installed in any of the locations and/or to contact the broadband provider in order to support
connectivity in case of outage.
The Customer is responsible for all costs associated with the broadband equipment and broadband subscription.
In cases where GE is managing the VPN router, GE will maintain access control and the Customer will not be
provided with administrative access.
For a shared ISP connection the Customer must provide the information in Appendix-A to GE.
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
8/14 WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx
- Original -
GE Renewable Energy Technical Description
2 B2B Connection
A Business-to-Business (B2B) connection requires a Site-to-Site VPN tunnel to be created between GE's external
internet hub and Customer's WAN connection. The Customer is responsible to supply and support the
communication equipment at the wind farm. In case of an outage the Customer shall contact the service provider
for support, inform GE's ROC/CSC about the outage, and fix the connectivity issue. The Customer is responsible for
all costs associated with the service and maintenance subscription. The number of IP addresses available via this
connection will be examined on a project level and dictated by the number of Wind Farms that will use this
connection. Please see picture below:
Figure 2: B2B Solution
Router
Firewall
Internet Network
Historical SCADA
Server
Router communication
Firewall
For example:
Router Firewall
Ice Detection
System or Direct
Marketing Broker
The settings listed below are mandatory guidelines to configure the IPSec tunnels. SHA-1 hashing, popular in older
routers, should not be used due to newly-discovered weaknesses and its deprecation by the US National Institute
of Standards and Technology (NIST). It is also recommended to ensure firmware running on the router is the latest
version recommended by the manufacturer.
This natting has to be done on the Customer router which provides the connection to GE.
For a B2B connection the Customer must provide the information in Appendix-B to GE.
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx 9/14
- Original -
GE Renewable Energy Technical Description
3 Security
The Customer is responsible for installing necessary means of security to protect their facility. At least a secure
VPN connection ("tunneling") to the wind farm is necessary, and should be configured as "point-to-point" to
restrict network access to only trusted IP addresses. Broadband connection equipment is required to be physically
secured in the WindSCADA Server rack or the Customer's office and protected from unauthorized access or use.
All networking equipment used to connect GE to the turbine network is for GE's remote monitoring use only. This
equipment represents an extension of GE's network and the Customer and third parties will not be granted access
to the wind farm via this equipment. Connecting other network equipment is not allowed without GE's
authorization.
The Customer must take care to properly segregate their own network segments from the SCADA LAN. GE
operates Network Intrusion Detection and Prevention (NIDS/NIPS) on their remote monitoring network, which
may result in disconnect and disrupted operations if Customer equipment is used to pivot an attack vector into
GE's monitored network. GE reserves the right to remove the connection to GE network if it is determined that the
Customer's wind farm poses risk to GE's network.
Attackers utilize a variety of automated techniques to discover and exploit improperly configured equipment, and
can often move from network segment to segment. Common threats include "brute force" attacks that enumerate
common or simple login passwords, "denial-of-service" network packet floods, and injection of ransomware
(encrypting files with a promise to send the utilized key in exchange for monetary payment).
Malware may not present itself immediately, but often impacts equipment performance with side effects that are
disruptive and difficult to isolate. GE recommends that the Customer becomes familiar with best security
practices to avoid disruption and unexpected recovery costs in equipment operation. The Customer should
engage credentialed security professionals to periodically review their security posture, as the cost of prevention
is often far less than the costs of production downtime and incident investigation and recovery.
The Customer is responsible for maintaining the network circuit and coordinating the repair in a reasonable time
frame.
The Customer shall assign an on-site technical point of contact that GE can contact for network connection issue
resolution.
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
10/14 WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx
- Original -
GE Renewable Energy Technical Description
Recommended
Minimum
Recommended
Minimum
Up to 500 Turbines:
Recommended
Minimum
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx 11/14
- Original -
GE Renewable Energy Technical Description
The Customer shall carry out the necessary bandwidth planning to ensure continuous SCADA connections for the
GE's monitoring and remote operations of the wind farm.
GE reserves the right to remove the connection to GE network after mutually agreed that obligations have been
satisfied, or when the connection to the wind farm poses risk to GE's network.
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
12/14 WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx
- Original -
GE Renewable Energy Technical Description
Information below has to be provided by the Customer for shared ISP router connection.
_________________ _______________________________
Date Signature
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx 13/14
- Original -
GE Renewable Energy Technical Description
Customer information:
By sending this information to GE ,the Customer confirms the usage of the mandatory configuration below.
_________________ _______________________________
Date Signature
CONFIDENTIAL - Proprietary Information. DO NOT COPY without written consent from General Electric Company.
UNCONTROLLED when printed or transmitted electronically.
© 2017 General Electric Company. All rights reserved
14/14 WindSCADA_System_Generic_xxHz_Network_Connectivity_Requirements_EN_r02.docx