Professional Documents
Culture Documents
Table of Contents
Introduction 1
Reyrolle 7SR5 Objectives 2
Security Conformance Self
Assessment
Instructions for Use 3
BDEW Whitepaper Security Requirements 4
V2.30 IEEE 1686:2013 Security Requirements 5
IEC 62443-4-2 Security Requirements 6
Manual
Literature
Glossary
C53000-T7040-C025-1
NOTE
i For your own safety, observe the warnings and safety instructions contained in this document, if available.
• Reyrolle 7SR5 hardware and firmware released for delivery in October 2019 or later
• BDEW Whitepaper – Requirements for Secure Control and Telecommunication Systems, Version 2.0
• IEEE 1686:2013
• IEC 62443-4-2
as set forth in the subsequent chapters.
Scope
This document applies to the Reyrolle 7SR5 product line, hardware and firmware versions dated October 2019
or later and Reydisp Manager 2, V2.00 or higher.
These are in detail:
• Reydisp Manager 2
• Product development
• Product service
The following fields are not covered in this document:
• System integration (entire system consisting of Reyrolle 7SR5, Reydisp Manager 2, and other automation
components, network components, protection devices, etc.)
• System service
Target Group
This document is primarily intended for persons working in the following areas:
• Project planning/implementation
Security Information
Siemens provides products and solutions with security functions that support the secure operation of plants,
systems, machines and networks. In order to protect plants, systems, machines and networks against cyber-
threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art security concept.
Siemens’ products and solutions constitute one element of such a concept. Customers are responsible for
preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and
components should only be connected to an enterprise network or the internet if and to the extent such a
connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmen-
tation) are in place.
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens
strongly recommends that product updates are applied as soon as they are available and that the latest
product versions are used. Use of product versions that are no longer supported, and failure to apply the latest
updates may increase customer’s exposure to cyberthreats.
For more information about grid security, visit https://www.siemens.com/gridsecurity
Preface.......................................................................................................................................................... 3
1 Introduction ................................................................................................................................................. 7
2 Objectives..................................................................................................................................................... 9
Literature.................................................................................................................................................... 51
Glossary...................................................................................................................................................... 53
This document describes the conformance of the Reyrolle 7SR5 and Reydisp Manager 2 products with the
security requirements set forth in the BDEW White Paper – Requirements for Secure Control and Telecom-
munication Systems.
• To protect control systems including subsystems appropriately against security threats during daily opera-
tion, to minimize the consequences of threats to operations, to maintain business operations even in the
event of security related incidents and to restore a defined minimum of service and service quality as
quickly as possible.
• To continuously adapt these systems to changing security threats so that they are adequately protected,
and the residual risk is minimized.
Chapter 4 BDEW Whitepaper Security Requirements describes the implementation of the requirements speci-
fied in the BDEW White Paper. To facilitate the correlation between the requirements set forth in the BDEW
White Paper and their implementation in Reyrolle 7SR5, Reydisp Manager 2, Virtual EN100, chapter numbers
and names from the BDEW White Paper have been applied to this document.
Reyrolle 7SR5, Reydisp Manager 2 and Virtual EN100 support techniques for the implementation of system
designs that ensure the secure operation of the entire system.
NOTE
• Instructions for security conscious behavior (patch management, anti-virus protection, backup/
restore)
• Explanation of security specific log and audit messages; possible causes; suitable countermeasures
Reyrolle 7SR5
For Reyrolle 7SR5 products, any firmware can be reloaded and updated individually which ensures the patch
ability of the system.
During the firmware update process, the device is not operational. If an interruption of normal operations is
unacceptable, the use of redundant systems can ensure uninterrupted operation.
For the product development of Reyrolle 7SR5, Siemens has a patch-management process in place according
to all firmware releases, as well as enhancements and bug fixes included. They are documented in a traceable
manner.
Reydisp Manager 2
Reydisp Manager 2 is patched by means of maintenance releases and hotfixes.
For Reydisp Manager 2 product development, Siemens has a patch-management process in place according to
all releases, as well as enhancements and bug fixes included. They are documented in a traceable manner.
Security updates for third-party components used by Reydisp Manager 2 (for example for a Windows operating
system) are also tested within this framework and released for use with Reydisp Manager 2.
Updates are made available by Siemens free of charge. The corresponding installation is usually performed by
the system operator or the service technician responsible for system maintenance.
NOTE
Depending on the contractual terms, Siemens provides security updates for Reyrolle 7SR5, Reydisp Manager 2,
and Virtual EN100 throughout the entire life cycle of a product.
• Updates must be installed by the operating personnel responsible for the administration of these
systems.
• The installation of patches must be authorized by the system operator and must not be performed auto-
matically.
Reyrolle 7SR5
Updates of basic components not developed by Siemens, for example of operating systems or libraries, are
obtained from the corresponding manufacturers, tested and made available within the scope of new firmware
releases.
Reydisp Manager 2
Updates of basic components not developed by Siemens are obtained from the corresponding manufacturers
tested and made available within the scope of new firmware releases (maintenance releases, hotfixes). Within
the framework of patch management Siemens also provides a list of released security updates for third-party
components of this type. These components were tested for compatibility with Reydisp Manager 2.
It is ensured that support is available during the scheduled product life-cycle for those system components
that are not developed by Siemens, but are an integral part of Reyrolle 7SR5, Reydisp Manager 2 and Virtual
EN100 products.
NOTE
With Reydisp Manager 2, version V2.00 or higher, and Reyrolle 7SR5 devices equipped with the EN100
Ethernet communication module with IEC 61850 firmware version V1.00 or higher, the Ethernet connection
between Reydisp Manager 2 and the device is made secure using the HTTPS protocol (Hypertext Transfer
Protocol Secure).
Furthermore the aforementioned Virtual EN100 firmware version also supports HTTPS-secured Web sites as
standard configuration for web-based maintenance and diagnostics of the Virtual EN100 modules.
Reyrolle 7SR5
During parameterization in Reyrolle 7SR5 using Reydisp Manager 2 the numeric passcodes (as “passwords” in
the user documentation) are saved in an encrypted manner as salted hashes in the parameter set and trans-
ferred to the device.
All Reyrolle 7SR5 device types support the storage and handling of passwords as salted hashes.
Reydisp Manager 2
The numeric passcodes are transmitted between Reydisp Manager 2 and the protection devices via the
Siemens-specific Reydisp Manager 2 protocol. Reydisp Manager 2 can set up a connection to the Reyrolle 7SR5
device via several interfaces. With the secure Reydisp Manager 2 engineering option, the passcode hashes are
transported over a DTLS-secured channel as a part of the parameter set from Reydisp Manager 2 to the device.
A private protocol used for communication between Reydisp Manager 2 and the protection device does not
correspond to a published standard (such as IEC 61850 or IEC 60870-5-103).
NOTE
Considering device constraints on operational performance in the substation environment, the following
HTTPS (for engineering with Reydisp Manager 2 and Virtual EN100 Web-access) cipher suites are supported:
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
In the original delivery state, the devices must be initialized primarily by the customer. Only after that the
devices are ready for operation. For further information on secure standard configuration refer to chapter
4.1.5 Encryption of Sensitive Data during Storage and Transmission.
NOTE
Reyrolle 7SR5
The firmware versions and parameter blocks of Reyrolle 7SR5 are protected by check sums and continuously
subjected to integrity tests during operation. Virtual EN100 (as Ethernet interface of Reyrolle 7SR5) integrity
check is checked; digitally signed firmware and signature verification during firmware update.
Reydisp Manager 2
Reydisp Manager 2 can be used to compare firmware versions and parameter states in the target system and
in the Reydisp Manager 2 project in order to detect any possible changes. Within the same device, the files are
protected against each other by means of different check-sum tests.
The integrity of the application data is ensured by the mechanisms on operating system level.
This requirement is not relevant for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 as they are not using
any cloud services.
For Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100, the high-level design and the fundamental system
structure are described in typical system configurations in the Reyrolle 7SR5 device manuals.
NOTE
4.2.1 Contacts
NOTE
An IT security specialist has been appointed by Siemens within the framework of the product development
process.
In Reyrolle 7SR5, Reydisp Manager 2 and Virtual EN100 products, the individual system components (for
example firmware, hardware, communication) and the key functions of an integral Reyrolle 7SR5/Reydisp
Manager 2 system are subjected to extensive function, security and stress testing by departments inde-
pendent of the development teams, using representative test configurations.
The test results and the relevant documentation (software versions, test configurations, etc.) are managed.
BDEW ISO/IEC 27002:2013 / 27019:2017: 6.2.1, 8.3.3, 10.1.1, 13.2.2, 13.2.3, 13.2.4, 14.3.1
4.2.3 Confidential client data that is required or processed during the development and maintenance
process shall be encrypted during transmission via insecure connections. When saved on mobile
storage media or systems, such data shall only be stored encrypted. The amount and duration of
data storage shall be limited to a contractually specified minimum.
This requirement is not relevant because no customer data is captured for product development.
NOTE
This requirement is not relevant because no customer data is captured for product development.
NOTE
NOTE
i Siemens precludes a source code escrow. As a rule, an escrowed source code is not subject to maintenance
and hardly usable if needed in the event of insolvency.
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.4, 12.6.2, 13.1.2, 14.2.4, 14.2.10 ENR
4.3.1 All components of the base system shall be permanently hardened according to recognized best
practice guidelines and the latest service packs and security patches shall be installed. Unnecessary
users, default users, software, network protocols and services shall be uninstalled or – where an
uninstall isn’t possible – permanently deactivated and protected from accidental reactivation. The
entire system’s secure basic configuration shall be reviewed and documented.
Maintenance releases, hotfixes and firmware including security patches are made available for Reyrolle 7SR5,
Reydisp Manager 2, and Virtual EN100 products in a timely manner.
Hardening information for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 products is provided
in /4/ IEEE 1686 – IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities. Additionally, the
Secure Substation manual covers hardening of substations including protection, substation automation and
networking components.
NOTE
The Reyrolle 7SR5 device is based on a Siemens-specific operating system. No special anti-malware programs
are available. Furthermore, the Reyrolle 7SR5 device is equipped with an internal firewall for protection from
attacks from the network. The firewall is enabled by default in order to enhance the standard level of protec-
tion.
All the files which can be loaded into the Reyrolle 7SR5 device are provided with a check sum which protects
them against suspicious changes by malware. Authentication/authorization between Reydisp Manager 2 and
the device prevents other applications than Reydisp Manager 2 being able to access the configuration (IEC
60870-5-103).
NOTE
Reyrolle 7SR5 devices have no user management because all the parameters are defined via Reydisp Manager
2. The system operator or the system maintenance technician in charge are responsible for setting up user
management on the Reydisp Manager 2 computer. The setup of user management must be considered
accordingly during system planning and configuration.
Reyrolle 7SR5, Reydisp Manager 2, and EN100 do not support virtualization technology.
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.1, 9.4.2, 10.1.1, 10.1.2, 12.9.1 ENR, 13.1.1, 13.1.2,
4.4.1 13.1.3, 13.1.4 ENR
a) In general, only secure communication standards and protocols that include integrity protec-
tion, authentication and, if applicable, encryption shall be used if and where the technology
allows. This is a non-negotiable requirement for any protocols used for remote administration
and parameterization and shall also be taken into account where non-standard resp. propri-
etary protocols are used.
b) It shall be possible to integrate the entire system and any associated network components into
the overall company’s network concept. Central administration for relevant network configura-
tion parameters like IP addresses shall be possible. For administration and monitoring secure
protocols that ensure integrity protection, authentication and encryption shall be used.
Network components shall be hardened, unnecessary services and protocols deactivated and
management interfaces protected via ACLs.
c) Network components provided by the supplier shall be capable of integrating into a central
inventory and patch management.
d) Where the technology allows it, WAN connections shall use the IP protocol and unencrypted
application protocols shall be secured by encryption on the lower network layers (e.g. via TLS
encryption or encrypted VPN technology).
e) Where network infrastructure components are shared (e.g. by the use of VLAN or MPLS tech-
nologies), the network with the highest protection requirement level shall indicate the respec-
tive hardware and parameterization requirements. The shared use of network components
shall only be shared in case of different protection requirements when this shared use can in
no way decrease the protection level or availability.
a) Standard protocols such as IEC 61850 are used for the transmission of process data. Neither authentica-
tion nor encryption is provided for these protocols. Integrity checks are performed by means of CRC or
check sums.
b) Integration into the network design is possible and related recommendations and notes are provided
in /3/ Secure Substation Manual – System Hardening for Substation Automation and Protection. For a
description of secure protocols supported, refer to 4.1.5 Encryption of Sensitive Data during Storage
and Transmission.
NOTE
c) Network components are not included in the scope of delivery of Reyrolle 7SR5.
NOTE
d) IP-based communication between Reydisp Manager 2 and the Reyrolle 7SR5/Compact Virtual EN100
communication module can be secured with the HTTPS and DTLS protocol. In addition, the setup of VPN
connections can be considered in the system design.
e) Engineering and maintenance operations over UDP and HTTP protocol are only supported in the Virtual
EN100 communication module for backward compatibility and can be activated after disabling their
secure variants. For further information refer to 4.1.7 Secure Standard Configuration and 4.1.5 Encryp-
tion of Sensitive Data during Storage and Transmission.
NTP over UDP is supported for time synchronization. Other communication protocols such as IEC 61850
are set up according to the corresponding standards.
NOTE
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.1, 12.9.1 ENR, 13.1.1, 13.1.2, 13.1.3, 13.1.4 ENR, 13.1.5
4.4.2 ENR
a) Vertical network segmentation: Where applicable and technologically feasible, the system’s
underlying network structure shall be divided into zones with different functions and protec-
tion requirements. Where the technology allows it, these network zones shall be separated by
firewalls, filtering routers or gateways. Communications with other networks shall only occur
via the communication protocols approved by the client and in compliance with the applicable
security guidelines.
b) Horizontal network segmentation: Where applicable and technically feasible, the system’s
underlying network structure shall also be subdivided horizontally, into independent zones
(e.g. according to sites) that are also separated by firewalls, filtering routers or gateways.
NOTE
NOTE
NOTE
i Information for system design, product/system service and control center/system operation:
This requirement is considered by the operators. Reydisp Manager 2 does not influence in which network
environment it is used. For more detailed information refer to /3/ Secure Substation Manual – System Hard-
ening for Substation Automation and Protection.
Since Reyrolle 7SR5 devices are not equipped with wireless technologies, this requirement is not relevant for
Reyrolle 7SR5.
NOTE
Since Reydisp Manager 2 devices are not equipped with wireless technologies, this requirement is not relevant
for Reydisp Manager 2.
NOTE
4.5 Application
• Administrator: User who installs, maintains and manages the system. Among others, this
gives the administrator the right to change security and system configurations.
• User: User who operates the system according to the intended usage scenario, including the
right to change operationally relevant settings.
• Read-only user: User permitted to access the system status and pre-defined operating data
without the right to make any changes.
The standard access rights shall reflect a secure system configuration. Only the administrator role
shall be able to read and change security-related system settings and configuration values. Regular
system use shall only require user or read-only user rights. It shall be possible to deactivate user
accounts individually without having to remove them from the system.
Reyrolle 7SR5 and Reydisp Manager 2 offer limited support for user/role functions (refer to 4.5.3 Authorization
of Actions at the User and System Levels).
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.3.1, 9.4.2, 9.2.1, 9.2.2, 9.4.3, 12.4.1
4.5.2
The application shall use personal users to identify and authenticate each individual user; group
accounts require special permission by the client and shall only be used in narrowly defined excep-
tional cases.
a) Without successful user authentication, the system shall only allow a range of narrowly
defined actions.
b) The system shall support a state-of-the-art password policy.
c) Where technologically possible, strong two factor authentication shall be employed, e.g. via
tokens or smart cards.
d) Data required for user identification and authentication shall not be obtained exclusively from
outside the process network.
e) Any successful or failed login attempts shall be centrally logged. It shall also be possible to
centrally alarm in case of unsuccessful login attempts.
Reyrolle 7SR5 and Reydisp Manager 2 offer limited support for user/role functions (refer to 4.5.3 Authorization
of Actions at the User and System Levels).
Reydisp Manager 2 over IP. Both of these passwords can be managed only over the Virtual EN100 HTTPS-
secured Web interface. Both of the passwords support 8 to 24 ASCII characters that must include upper-case
and lower-case letters, numbers, and special characters. If non-ASCII characters are used in these passwords,
then a password length restriction of 8 to 24 characters applies.
The Virtual EN100 maintenance and connection passwords can only be reset locally through the HMI interface
of the Reyrolle 7SR5 device.
For further information on Web security in the Virtual EN100 communication modules equipped with
IEC 61850 firmware, refer to 4.1.5 Encryption of Sensitive Data during Storage and Transmission and
4.5.3 Authorization of Actions at the User and System Levels.
Parameter sets are only transferred from the Reydisp Manager 2 to the Reyrolle 7SR5 if the previous automatic
check (plausibility, value range and dependency of the parameters) has been successful. If the check fails, the
user is notified by messages and can correct the corresponding parameters.
The individual elements of the parameter set are protected internally and against each other by means of
check sums.
4.5.6 Logging
Reyrolle 7SR5
4.6 Development
BDEW ISO/IEC 27002:2013 / 27019:2017: 9.4.5, 14.2.2, 14.2.3, 14.2.4, 14.2.5, 14.2.6, 14.2.7, 14.2.8,
4.6.1 14.2.9, 14.3.1
a) The system shall be developed by reliable and professionally trained employees. Where the
development or parts thereof are subcontracted to a third party, this requires written permis-
sion by the client. The subcontractor shall meet at least the same security requirements as the
supplier.
b) The supplier shall develop the system in line with recognized development standards and
quality management/assurance processes. As part of the development process, the following
security-related development steps require special attention:
a) Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 are developed by trustworthy and trained
employees. For example, the entire development team is trained in secure coding.
b) Siemens develops Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100 in accordance with the recog-
nized CMMI development and quality assurance process. Our strict QA processes cover the practices
recommended by IEEE Std. C37.231.
c) Development and tests are performed by different persons. Test plans and procedures as well as
expected and actual test results are documented and comprehensible.
d) Siemens maintains a documented development security process for Reyrolle 7SR5, Reydisp Manager 2,
and Virtual EN100 which covers physical, organizational, and personnel security and protects the integ-
rity and confidentiality of the system. The effectiveness of the above-mentioned process can be
checked by an external audit.
e) Siemens has set up a programming guideline for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100
which explicitly addresses security-relevant requirements: For example, insecure programming
methods and functions are avoided. Data input is verified, e.g. to prevent buffer overflow errors. Where
possible, security enhancing compiler options and libraries are used.
f) The approval of new firmware releases for Reyrolle 7SR5 devices and new releases of the Reydisp
Manager 2 product is based on a specified and documented approval process. This also applies to
security patches for the two products.
Reyrolle 7SR5
a) Product development for Reyrolle 7SR5 devices are conducted on secure systems. The development
environment, the source code and binaries are protected against unauthorized access. The develop-
ment computers are always kept updated through the use of continuously updated anti-virus scanners
and central update mechanisms for operating system and application patches. Furthermore, the
Siemens-internal information security guidelines that are implemented across all businesses in adher-
ence to the ISO 27001 standard.
b) Testing of the Reyrolle 7SR5 system and testing of updates, enhancements and security patches are
conducted in an environment that is separated from the product development systems.
c) The source codes for Reyrolle 7SR5 are only available from Siemens. No source code is stored on or
made available to live systems.
d) The integrity of Reyrolle 7SR5 firmware and parameter binaries is verified in the target system to detect
unauthorized changes. Reydisp Manager 2 is installed using a signed installer, so as to protect the integ-
rity of the application.
e) For Reyrolle 7SR5 devices, a version history for the entire software is maintained and allows all software
changes to be traced.
Reydisp Manager 2
a) Product development for Reydisp Manager 2 is conducted on secure systems. The development envi-
ronment, the source code and binaries are protected against unauthorized access. The development
computers are always kept updated through the use of continuously updated anti-virus scanners and
central update mechanisms for operating system and application patches.
b) Product development and testing of Reydisp Manager 2 and updates, enhancements and security
patches are conducted in an environment that is separated from the live system.
c) The source code for Reydisp Manager 2 is only available from Siemens. No source code is stored on or
made available to live systems.
d) Since Reydisp Manager 2 is installed using an Installer, the Installer's security mechanisms are available
to protect the integrity of the application.
e) The version history maintained for the entire software of the Reydisp Manager 2 product allows all soft-
ware changes to be traced.
4.7 Maintenance
NOTE
NOTE
BDEW ISO/IEC 27002:2013 / 27019:2017: 12.1.2, 12.5.1, 12.6.2, 12.9.1 ENR, 14.2.2, 14.2.9
4.7.3 a) The system shall be developed and operated with a configuration and change management in
place.
b) The system shall support rollback to a pre-defined number of configuration states.
a) Reyrolle 7SR5, Reydisp Manager 5, and Virtual EN100 products are developed on the basis of a configu-
ration and change management process.
b) See NOTE below.
NOTE
For Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100, Siemens has set up a documented process to
address security vulnerabilities. Based on this process all the parties involved, and also external parties, can
report actual and potential security vulnerabilities for Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100.
For Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100, up-to-date information on security problems is
available even if a patch for the elimination of the problem has not yet become available.
This information is published in the form of security advisories on the Siemens ProductCERT Website (https://
www.siemens.com/cert/advisories).
Backups must be created by the customer for systems set up using Reydisp Manager 2.
For Reyrolle 7SR5, Reydisp Manager 2, and Virtual EN100, procedures are available for the backup and
recovery of the individual applications, the entire system and the corresponding configuration. The data-
backup procedure is made available via configuration management (CM).
NOTE
NOTE
Legend:
n.a.
exception
comply
partial
exceed
CR 1.5 Authenticator manage- User access to the device by Reydisp Manager 2 can be
ment protected by passwords. Password rules are imple-
mented. Users must set the password for access to
security-related topics, i.e. Security log. Users can
change the password periodically as per their policies.
Passwords are stored and transmitted in a secure
manner.
RE (1) Hardware security for Not implemented
authenticators
NDR 1.6 Wireless access manage-
ment
RE (1) Unique identification and
authentication
CR 1.7 Strength of password- Password complexity rules are implemented for local
based authentication user management. These rules are predefined and
cannot be modified.
RE (1) Password generation and Not implemented
lifetime restrictions for
human users
RE (2) Password lifetime restric- Not implemented
tions for all users (human,
software process, or
device
CR 1.8 Public key infrastructure Not implemented
certificates
CR 1.9 Strength of public key- As part of the DTLS handshake of the engineering
based authentication connection establishment Reydisp Manager 2 checks
the status of the offered DTLS server certificate. Like-
wise, the HTTPS Web browser access involves checks of
the server certificate of the device.
Mutual authentication is not supported for HTTPS and
DTLS connections.
CR 2.9 Audit storage capacity A circular buffer with a capacity of 2048 events is
supported. Old log entries are overwritten by new log
entries once the buffer is full.
RE (1) Warn when audit record A security warning message is logged when the buffer
storage capacity threshold capacity reaches 80 %.
reached
CR 2.10 Response to audit
processing failures
CR 2.11 Timestamps Timestamps are implemented according to the syslog
format.
RE (1) Time synchronization NTP Client is implemented.
CR 3.9 Protection of audit infor- All events in the Security log are stored and are read
mation only. A password protects from unauthorized access.
RE (1) Audit records on write-
once media
EDR 3.10 Support for updates
HDR 3.10
NDR 3.10
RE (1) Update authenticity and Only signed software components are accepted.
integrity
CR 7.3 Control system backup Backup can be fulfilled with minimal impact of availa-
bility.
RE (1) Backup integrity verifica- Not implemented
tion
CR 7.4 Control system recovery
and reconstitution
CR 7.5 Emergency power
CR 7.6 Network and security Siemens offers a freely available secure substation
configuration settings manual for a network and security setup. All needed
communication ports and services are documented in
the device user manual.
RE (1) Machine-readable Not implemented
reporting of current
security settings
CR 7.7 Least functionality Only required ports are opened at the device startup.
All needed communication ports and services are
documented.
CR 7.8 Control system compo- Installed firmware versions can be retrieved via IEC
nent inventory 61850.
AAA Server
An AAA Server (Authentication, Authorization and Accounting) is a system that manages fundamental system
access functions, i.e., authentication, authorization and use, as well as the related accounting.
Authentication
Procedure used to verify the identity of a person.
BDEW
Bundesverband der Energie- und Wasserwirtschaft (German Federal Association of Energy and Water Manage-
ment)
CIP
Critical Infrastructure Protection
CRC
Cyclic Redundancy Check
CRL
Certificate Revocation List
cRSP
Common Remote Service Platform
DMZ
De-Militarized Zone
DoS
Denial of Service
In digital data processing, this is the term used to denote the consequence of the overloading of infrastructure
systems. This can be caused by inadvertent overloading of – or by a deliberate attack on – a host (server), a
computer, or other components in a data network.
EICAR
European Institute for Computer Antivirus Research
EST
Enrollment over Secure Transport
GPO
Group Policy Object
HSM
Hardware Security Module
Identifier
Symbol, unique within its security domain, that identifies, indicates, or names an entity which makes an asser-
tion or claim of identity.
IDS
Intrusion Detection System
IEC
International Electrotechnical Commission, standards organization; communication standard for substations
and protection equipment
IEEE
Institute of Electrical and Electronics Engineers, organization for electronic and electrical engineering
Malware
or malicious code = malicious software
MBSA
Microsoft Baseline Security Analyzer
Mesh topology
Network setup where each node is interconnected to every other node.
NERC
North American Electric Reliability Corporation
NTP
Network Time Protocol
OTP
One Time Password
Patch
A patch (also referred to as a "bug fix") is a small program that repairs bugs (flaws) in generally large applica-
tion programs.
PKI
Public Key Infrastucture
RBAC
Role-Based Access Control
RODC
Read-Only Domain Controller
SDA
Secondary Distribution Automation
SIEM
Security Information and Event Management
SiESTA
Siemens Extensible Security Testing Appliance
SSL
Secure Sockets Layer -> TLS
TLS
Transport Layer Security
TLS, more widely known under its old name of Secure Sockets Layer (SSL), is a hybrid encryption protocol for
the secure transmission of data in the Internet. Since version 3.0 the SSL protocol has been developed further
and standardized under its new name of TLS. Thus, version 1.0 of TLS corresponds to version 3.1 of SSL.