BU CT Service Products Control System Benchmark Reports User Manual

BU CT Service Products
Control System Benchmark Reports
User Manual
Version 1.8
Power and productivity
for a better world
TM
BU CT Service Products
Control System Benchmark Reports
User Manual
Version 1.8
NOTICE
This document contains information about one or more ABB products and may include a
description of or a reference to one or more standards that may be generally relevant to
the ABB products. The presence of any such description of a standard or reference to a
standard is not a representation that all of the ABB products referenced in this document
support all of the features of the described or referenced standard. In order to determine
the specific features supported by a particular ABB product, the reader should consult the
product specifications for the particular ABB product.
ABB may have one or more patents or pending patent applications protecting the intellectual property in the ABB products described in this document.
The information in this document is subject to change without notice and should not be
construed as a commitment by ABB. ABB assumes no responsibility for any errors that
may appear in this document.
In no event shall ABB be liable for direct, indirect, special, incidental or consequential
damages of any nature or kind arising from the use of this document, nor shall ABB be
liable for incidental or consequential damages arising from use of any software or hardware described in this document.
This document and parts thereof must not be reproduced or copied without written permission from ABB, and the contents thereof must not be imparted to a third party nor used
for any unauthorized purpose.
The software or hardware described in this document is furnished under a license and
may be used, copied, or disclosed only in accordance with the terms of such license. This
product meets the requirements specified in EMC Directive 2004/108/EC and in Low Voltage Directive 2006/95/EC.
TRADEMARKS
All rights to copyrights, registered trademarks, and trademarks reside with their respective owners.
Copyright © 2003 - 2014 by ABB. 
All rights reserved.
Release:
Document number:
April 2014
2PAA108483-110 H
Table of Contents
Table of Contents
About This User Manual
General ..............................................................................................................................9
User Manual Conventions .................................................................................................9
Terminology.......................................................................................................................9
Section 1 - Introduction
System 800xA Core Benchmark Performance Status .....................................................11
System 800xA Core Benchmark Software Status ...........................................................11
Freelance Benchmark Performance Status ......................................................................12
System 800xA Cyber Security Benchmark Performance Status.....................................12
System MOD 300 Benchmark Performance Status ........................................................12
Section 2 - System 800xA Benchmark Performance Status
Interpretation ...................................................................................................................17
Description ......................................................................................................................17
Section 3 - System 800xA Benchmark Software Status
Interpretation ...................................................................................................................20
Description ......................................................................................................................20
Section 4 - Freelance Benchmark Performance Status
Interpretation ...................................................................................................................24
Description ......................................................................................................................24
Section 5 - System 800xA Cyber Security Benchmark
Performance Status
2PAA108483-110 H
5
Table of Contents
Interpretation ................................................................................................................... 28
Description ...................................................................................................................... 28
Section 6 - MOD 300 Benchmark Performance Status
Interpretation ................................................................................................................... 29
Description ...................................................................................................................... 30
Appendix A - System 800xA Benchmark Performance Status
Report
System 800xA Benchmark Performance Status Report.................................................. 33
Appendix B - System 800xA Benchmark Software Status Report
System 800xA Benchmark Software Status Report........................................................ 35
ABB Software...................................................................................................... 35
Third Party Software............................................................................................ 37
Non-validated Software ....................................................................................... 38
Appendix C - Freelance Benchmark Performance Status Report
Freelance Benchmark Performance Status Report for Nodes ........................................ 40
Freelance Benchmark Performance Status Report for Controllers ................................ 42
Appendix D - System 800xA Cyber Security Performance Status
Report
System 800xA Cyber Security Performance Status Report ............................................ 43
A. Procedures and Protocols ................................................................................ 43
B. Group Security Policies................................................................................... 44
C. Computer Settings ........................................................................................... 47
Appendix E - MOD 300 Benchmark Performance Status Report
MOD 300 Benchmark Performance Report.................................................................... 49
Appendix F - Node Functions Abbreviations for Benchmark
Reports
Node Functions Abbreviations ............................................................................ 51
6
2PAA108483-110 H
Table of Contents
Revision History
Revision History ..............................................................................................................53
Updates in Revision B..........................................................................................55
Updates in Revision C..........................................................................................55
Updates in Revision D..........................................................................................55
Updates in Revision E ..........................................................................................55
Updates in Revision F .........................................................................................55
Updates in Revision G..........................................................................................56
Updates in Revision H..........................................................................................56
2PAA108483-110 H
7
Table of Contents
8
2PAA108483-110 H
About This User Manual
General
This manual describes the System 800xA Benchmark reports for the System 800xA
Performance Status and the System 800xA Software Status tools. It also describes
the Freelance Performance Status Report with appropriate examples.
Unless otherwise mentioned, the content and procedures described in this manual
are applicable for the latest revision of the System 800xA 5.1 System 800xA
5.0Sp2and above. A separate information note or a new section is introduced if a
specific feature is applicable to systems other than System 800xA 5.1 and above.
User Manual Conventions
Microsoft Windows conventions are normally used for the standard presentation of
material when entering text, key sequences, prompts, messages, menu items, screen
elements, etc.
Terminology
The listing includes terms and definitions that apply to the System 800xA where the
usage is different from commonly accepted industry standard definitions and
definitions given in standard dictionaries such as Webster’s Dictionary of Computer
Terms.
2PAA108483-110 H
9
Terminology
10
About This User Manual
2PAA108483-110 H
Section 1 Introduction
This section introduces the Benchmark status report available in My Control System
(MCS) for System 800xA, Freelance system, MOD 300 system and also for 800xA
Cyber security.
System 800xA Core Benchmark Performance Status
The System 800xA Benchmark Performance Status report helps the user to identify
the nodes with system performance issues.
The Performance Status Collection utility is used to collect the data (in the XML/
CAB format) from the System 800xA network, to generate the Performance Status
Benchmark report. For more information, refer to the My Control System help.
The .xml/.cab file collected using the Performance Status Collection utility is
uploaded in the recorded data folder of My Control System. A Benchmark report (in
the PDF format) gets generated in the Reports folder of My Control System after
uploading the .xml file.
The terms and conditions on the use of My Control System are explained in the
My Control System document.
The Service Products Data Collector tool is used to collect data from the System
800xA networks to generate the Benchmark Performance Status report.
For more information on the data collection, refer to the Control System Data
Collector User Manual (2PAA110012*).
System 800xA Core Benchmark Software Status
The System 800xA Benchmark Software Status report helps the user to identify the
System 800xA nodes with software issues.
2PAA108483-110 H
11
Freelance Benchmark Performance Status
Section 1 Introduction
The Service Products Data Collector tool is used to collect data from the System
800xA networks to generate the Software Status Benchmark report.
For more information on the data collection, refer to Control System Data Collector
User Manual (2PAA110012*).
Freelance Benchmark Performance Status
The Freelance Benchmark Performance Status report provides the overall details of
both nodes, HSI and the controllers of Freelance system.
The System Configuration Extractor SCX100 tool collects the data from the
Freelance network.
For more information on the data collection, refer to the Control System Data
Collector User Manual (2PAA110012*).
System 800xA Cyber Security Benchmark Performance
Status
The system 800xA Cyber Security Benchmark report provides an overview of the
customer’s Control system and procedures in place in the plant. The report provides
with an instant view of the health of the system’s security with visual representation
of the results. Available immediately for review in My Control System, the report
presents system KPIs in three colors—red, yellow and green—illustrating your
control system risk levels as high, medium or low, respectively.
The Control System Service Products Data Collector tool is used to collect data
from the System 800xA version 5.0SP2 and latest networks to generate the Cyber
Security Benchmark report.
For more information on the data collection, refer to the Control System Data
Collector User Manual (2PAA110012*).
System MOD 300 Benchmark Performance Status
MOD 300 Benchmark reports for System Performance helps the user to identify the
performance of their MOD 300 systems on each node.
12
2PAA108483-110 H
Section 1 Introduction
System MOD 300 Benchmark Performance Status
The MOD 300 Data Collector tool is used to collect the System performance related
data from all nodes connected to the MOD 300 Control Network, including all
Controllers, Engineering, Operator Consoles, and Historians. An automated
analysis compares them against ABB system requirements and best practices.
For more information on the data collection, refer to the Control System Data
Collector User Manual (2PAA110012*).
2PAA108483-110 H
13
System MOD 300 Benchmark Performance Status
14
Section 1 Introduction
2PAA108483-110 H
Section 2 System 800xA Benchmark
Performance Status
This section introduces the System 800xA Benchmark report for Performance
Status of hardware and controllers and helps the user to identify overall health
condition of the same.
2PAA108483-110 H
15
Section 2 System 800xA Benchmark Performance Status
The scope covered under System 800xA Benchmark Performance status is given in
Figure 1.
Figure 1. System 800xA Coverage
16
2PAA108483-110 H
Section 2 System 800xA Benchmark Performance Status
Interpretation
Interpretation
The System 800xA Benchmark report for Performance Status provides an overall
picture of the nodes in the network. The Performance Status report classifies row
items as Category and column items as Node Names as shown in Figure 11.
These reports enable the plant operator/technician to identify the overall status of
nodes that have system performance issues.
Description
This section provides a summary of findings in the System 800xA Benchmark
report for Performance Status.
The status of a checked item is represented in one of the following colors in the
report:
Figure 2. Legend
•
Checks Passed in Green.
If the item indicates in green, then the item is working within normal
operational parameters and without error. No attention is needed.
•
Checks passed with Warning(s) in Yellow.
If the item indicates in yellow, then there are possible problems that might
require user attention.
•
Check with Failure(s) in Red.
If the item indicates in red, then the item is not in working order. It indicates a
severe problem in the system and requires immediate attention from the user.
•
Check Skipped or Not Applicable in Grey.
If the item indicates in grey, then the item is skipped or Not Applicable.
2PAA108483-110 H
17
Description
Section 2 System 800xA Benchmark Performance Status
The Performance Status Benchmark report also includes a Performance Status
Summary table. This table briefly states the problems in the hardware of a node, and
may include the following:
•
Nature of the problem or failure.
Refer Appendix A, System 800xA Benchmark Performance Status Report for
details of report.
18
2PAA108483-110 H
Section 3 System 800xA Benchmark Software
Status
This section introduces the System 800xA Benchmark report for Software Status,
and helps the user to identify the issues of the System 800xA software installed on
each node.
The scope covered under System 800xA Benchmark Software status is given in
Figure 3.
Figure 3. System 800xA Software Status
2PAA108483-110 H
19
Interpretation
Section 3 System 800xA Benchmark Software Status
Interpretation
The System 800xA Benchmark for Software Status provides an overall picture of
nodes in the plant that summarizes the System 800xA software, Third party
software, Operating system, and security patches installed on each node.
These reports enable the plant operator/technician to identify the overall status of
nodes that have software issues.
Description
This section enables the plant operator/technician to identify the overall status of the
nodes that have software issues.
This report is categorized into five broad sections:
•
ABB software - This category lists all the ABB installed softwares versus the
nodes. The columns under the nodes for a specific software indicates the
software status on the node. Refer to Appendix Appendix F Node Functions
Abbreviations for Benchmark Reports.
For an example refer to ABB Software on page 35 in Appendix B.
Software Analysis for 800xA System Version 4.1 always uses the latest released
Revision. ABB recommends to use the latest System Version 4.1.
•
Microsoft Software - This category lists all the Microsoft installed softwares
needed by System 800xA to run optimally on each node. The columns under
the nodes for a specific software indicates the status of the software on the
node.
For an example refer to Microsoft Software on page 36 in Appendix B.
•
Security Updates - This category lists the number of missing security updates/
hotfixes node-wise.
For an example refer to Security Updates on page 36 in Appendix B.
•
Third party Softwares - This category lists all the third party software qualified
by ABB to be used on System 800xA nodes. The columns under the nodes for
a specific software indicates the software status on the node.
For an example refer to Third Party Software on page 37 in Appendix B.
20
2PAA108483-110 H
Section 3 System 800xA Benchmark Software Status
•
Description
Non-validated softwares are listed for user’s information only. No analysis will
be performed on the softwares that are listed under this category.
Any changes performed to these softwares needs to be in accordance with the
vendor of the software.
Checked items in the Software Status report indicate the following color status:
Figure 4. Legend
•
Checks Passed in Green.
If the item indicates in green, then the item is working within normal
operational parameters and without error. No attention is needed.
•
Checks passed with warning(s) in Yellow.
If the item indicates in yellow, then there are possible problems that might
require user attention. The problem may be due to either a missing software or
an incorrect software version. It may also indicate that the server node was not
detected by any node in the System 800xA network.
2PAA108483-110 H
21
Description
Section 3 System 800xA Benchmark Software Status
•
Check with failure(s) in Red.
If the item indicates in red, then the item is not in working order and indicates
that there is a severe problem. This problem is due to missing mandatory
software and requires immediate attention from the user.
•
Check skipped or Not Applicable in Grey.
If the item indicates in grey, then the item is skipped or Not Applicable.
•
Software installed but cannot be validated in White.
•
Node List: This lists the nodes and their respective Node type definitions.
For detailed information, contact the support engineer for the System 800xA
Fingerprint report for Software Status.
Refer Appendix B, System 800xA Benchmark Software Status Report for the
details of report.
22
2PAA108483-110 H
Section 4 Freelance Benchmark Performance
Status
This section introduces the Freelance Benchmark reports for Performance Status
and helps the user to identify overall health condition of all the controllers and the
nodes. The scope covered under Freelance Benchmark Performance is shown in
Figure 5.
Figure 5. Freelance System Coverage
2PAA108483-110 H
23
Interpretation
Section 4 Freelance Benchmark Performance Status
Interpretation
The Freelance Benchmark report for Performance Status provides an overall status
of the controllers and the nodes on the network. The Performance Status report
classifies row items as Category and column items as Controller/Node names as
shown in Figure 17.
These reports enable the plant operator/technician to identify the overall status of
the nodes and the controllers that have system performance issues.
Description
This section provides a summary of findings in the Freelance Benchmark report for
the Performance Status.
The status of a checked item is represented in one of the following colors in the
report:
Figure 6. Legend
•
Checks Passed in Green.
If the item indicates in green, then the item is working within normal
operational parameters and without error. No attention is needed.
•
Checks passed with Warning(s) in Yellow.
If the item indicates in yellow, then there are possible problems that might
require user attention.
•
Check with Failure(s) in Red.
If the item indicates in red, then the item is not in working order. It indicates a
severe problem in the system and requires immediate attention from the user.
•
24
Check Skipped or Not Applicable in Grey.
2PAA108483-110 H
Section 4 Freelance Benchmark Performance Status
Description
If the item indicates in grey, then the item is skipped or Not Applicable.
The Freelance Performance Status report also includes a Freelance Performance
Status Summary table. This table briefly states the problems in the controllers and
the nodes, and may include the following:
•
Nature of the problem or failure.
Refer Appendix C, Freelance Benchmark Performance Status Report for the details
of Report.
2PAA108483-110 H
25
Description
26
Section 4 Freelance Benchmark Performance Status
2PAA108483-110 H
Section 5 System 800xA Cyber Security
Benchmark Performance Status
This section introduces the Cyber Security Benchmark for System 800xA 5.0 Sp2
and newer versions. The overall scope covered under System 800xA Cyber Security
Performance is shown in Figure 7.
Figure 7. System 800xA Cyber Security coverage
2PAA108483-110 H
27
Interpretation
Section 5 System 800xA Cyber Security Benchmark Performance Status
Interpretation
The system 800xA Cyber Security Benchmark report provides an overview of the
customer’s Control system and procedures in place in the plant. The report provides
with an instant view of the health of the system’s security with visual representation
of the results. Available immediately for review in My Control System, the report
presents system KPIs in three colors.
Description
Figure 8. Legend
The benchmark report uses color code to visualize the results. The colors chosen are
green, yellow and red.
•
Red: This indicates an unacceptable high risk level. It is extremely important
that the risk level is lowered and the most critical weaknesses in the system are
addressed.
•
Yellow: This indicates a high risk level and weaknesses should be addressed.
•
Green: This risk level is considered acceptable.
Even if the risk is low it does not mean that the system should be considered safe. It
would, however, indicate that the system has good basic security and that the risk of
an attack is reduced.
Any system, no matter how many precautions are taken, can be compromised.
Refer Appendix Appendix D, System 800xA Cyber Security Performance Status
Report for the details of report.
28
2PAA108483-110 H
Section 6 MOD 300 Benchmark Performance
Status
This section introduces the MOD 300 Benchmark reports for System Performance,
and helps the user to identify the performance of their MOD 300 systems on each
node. The scope covered under MOD 300 System coverage is shown in Figure 9.
Figure 9. MOD 300 Benchmark Coverage
Interpretation
The System MOD 300 Benchmark report for Performance Status provides an
overall picture of the MOD System performance in the network. The Performance
Status report classifies row items as Category and column items as Controller names
as shown in Figure 23.
2PAA108483-110 H
29
Description
Section 6 MOD 300 Benchmark Performance Status
These reports enable the plant operator/technician to identify the overall status of
MOD 300 that have system performance issues.
Description
This section provides a summary of findings in the System MOD 300 Benchmark
report for Performance Status. The generated reports provide advice on the most
important corrective actions to be taken and present a comprehensive list of findings
with detailed technical descriptions and recommendations. This report is
categorized into following broad sections:
30
•
Device Status- Shows the current status of all the nodes configured in the
AdvaBuild database, their "Types", "DeviceID", and "State", with fault
indication of those which are in "State=Off DCN" or "Down".
•
System Performance - System Performance data is available for every node in
the system. It consists of the following components.
–
CPU load - current, peak and average, as well as the number of samples
taken and the time of the last reset of the statistics. These are given as
floating point percentages. The figure for average load is reset after 10,000
samples to prevent overflow.
–
CCF load - current, peak and average, as well as the number of samples
taken.
–
Memory pool usage - current, peak and pool size for each pool, as well as
the number of samples taken. The current and peak values are floating
point values and represent the percentage of the pool that is allocated.
•
DCN Statistics - This data set contains statistics pertaining to the entire DCN,
as opposed to a particular node.
•
DBMS List - DBMS List Usage is a cross-reference matrix that shows the
MOD 300 "List" relationship between each configured node on the control
network.
•
CS Message Statistics - This data set gives the Communications Services
message statistics for a given node. It contains an array of structures with the
following format:
2PAA108483-110 H
Section 6 MOD 300 Benchmark Performance Status
Description
The status of a checked item is represented in one of the following colors in the
report:
Figure 10. Legend
•
Checks Passed in Green.
Item indicated in green is working within normal operational parameters and
without error. No attention is needed.
•
Checks passed with Warning(s) in Yellow.
Item indicated in yellow might have problems that require user attention.
•
Check with Failure(s) in Red.
Item indicated in red is not in working order. It indicates a severe problem in the
system and requires immediate attention from the user.
•
Check Skipped or Not Applicable in Grey.
Item indicated in grey is the item skipped or Not Applicable.
The System MOD 300 Benchmark report also includes a Performance Status
Summary table. This table briefly states the problems in the controller, and may
include Nature of the problem or failure. Refer Appendix Appendix E, MOD 300
Benchmark Performance Status Report.
2PAA108483-110 H
31
Description
32
Section 6 MOD 300 Benchmark Performance Status
2PAA108483-110 H
Appendix A System 800xA Benchmark
Performance Status Report
The report provides summary of findings of System 800xA including AC 800M
controller Benchmark Performance.
System 800xA Benchmark Performance Status Report
The Performance Status report classifies row items as Category and column items
as Node as shown in Figure 11.
Figure 11. Performance Status Report
2PAA108483-110 H
33
System 800xA Benchmark Performance Status Report
Appendix A System 800xA Benchmark
Benchmark Performance Status summary table gives a brief description of the issue
in a specific category with respect to their node as shown in Figure 11.
In Figure 11 performance indicator ClockSynchStatus under Controller
Performance Check is shown in red color denomination because the controller
fetched Time Quality less than TQ5 and hence it shows that the time
synchronization is not done correctly. HeapUtilization indicator is shown in yellow
color because the available memory (non-used heap size) is below 50%.
Graphic Card Hardware Drivers check item is highlighted in color denomination
yellow for nodes A07007, A08002 and A08003. The color denomination is yellow
because the Installed Graphic driver size 'Standard VGA Graphics Adapter' is not
recommended or RAM size '128' is less than the recommended low limit PG2 Quad
monitors. The detailed explanation is available in Fingerprint report.
34
2PAA108483-110 H
Appendix B System 800xA Benchmark
Software Status Report
The summary of findings based on the technical findings checklist is found in this
section.
System 800xA Benchmark Software Status Report
ABB Software
Figure 12 indicates the overall status of ABB Software findings.
Figure 12. ABB Software - Benchmark Status Report
2PAA108483-110 H
35
ABB Software
Appendix B System 800xA Benchmark Software Status Report
Microsoft Software
The summary of findings based on the Microsoft Software checklist is found in this
section. Figure 13 indicates the overall status of the findings.
Figure 13. Microsoft Software - Benchmark Software Status Report
Security Updates
This lists the number of security updates/hotfixes based on the nodes. Figure 14
indicates the overall status of the findings.
Figure 14. Security Updates - Benchmark Software Status Report
System 800xA needs specified microsoft patches to be installed for the execution.
color denomination for all the nodes for the CheckItem Security Patches in
Figure 14 is red as the security patches required for these nodes are not installed.
Detailed explanation is available in Fingerprint report.
36
2PAA108483-110 H
Appendix B System 800xA Benchmark Software Status Report
Third Party Software
Third Party Software
The summary of findings based on the Third Party Software checklist is found in
this section. Figure 15 indicates the overall status of the findings.
Figure 15. Third Party Software - Benchmark Software Status Report
In Figure 15, 3rd party Software McAfee VirusScan Enterprise is shown in color
denomination yellow for the nodes A08002, A08003, A08004, A08005 and
A08006. This is because the Base Version required was 8.7.0 and the installed
Version was 8.5.0.781 which was a lower version.
Again 3rd party Software Microsoft .NET Framework is shown in color
denomination red for the node A08001. The explanation for this is the required base
Version was 3.5 and the Installed Version was 3.5.30729 which was slightly a higher
version and hence fetched the red color. The detailed explanations are available in
Fingerprint report.
2PAA108483-110 H
37
Non-validated Software
Appendix B System 800xA Benchmark Software Status Report
Non-validated Software
This section lists the Non-validated software as shown in Figure 16.
Figure 16. Non-Validated Software
38
2PAA108483-110 H
Appendix C Freelance Benchmark
Performance Status Report
This appendix provides the summary of findings. The Freelance Performance
Benchmark Status report classifies row items as Category and column items as
Node as shown in Figure 17.
2PAA108483-110 H
39
Freelance Benchmark Performance Status Report for Nodes
Appendix C Freelance Benchmark
Freelance Benchmark Performance Status Report for
Nodes
Figure 17. Freelance Performance Benchmark Status Report - Nodes
In Figure 17, check Item, Available Memory under Computer hardware
Performance for both the nodes are shown in yellow color denomination. This is
because the RAM size 5111 MB is less than the recommended low limit.
Available Disk Space check item is shown in red color denomination for the node
CRPC101. This is because only less than 1GB of secondary hard disk space remains
on drive 0.07 GB (F:). The detailed explanations are available in Fingerprint report.
40
2PAA108483-110 H
Appendix C Freelance Benchmark Performance Status Report Freelance Benchmark Performance
The Node check items are detailed in Figure 18
Figure 18. Freelance Performance Benchmark Status Report - Node
2PAA108483-110 H
41
Freelance Benchmark Performance Status Report for Controllers
Appendix C Freelance
Freelance Benchmark Performance Status Report for
Controllers
Figure 19. Freelance Performance Benchmark Status Report - Controllers
Under Controller Check for Freelance let us consider Controller CPU Load.
In Figure 19, the Bench Mark report indicates, CPU Load for the Controller
AC800F as Red and for Controller AC700F as Yellow. Red color denomination
indicates the total CPU load is too high. It is over 90% and yellow color
denomination indicates the total CPU load is higher than the recommended
maximum value of 70%. It is always recommended to maintain the total controller
CPU load not more than 60%.
42
2PAA108483-110 H
Appendix D System 800xA Cyber Security
Performance Status Report
This appendix provides the summary of findings for System 800xA Cyber Security
Performance Status Report.
System 800xA Cyber Security Performance Status Report
A. Procedures and Protocols
The procedures and protocols section gives an overview of which areas are most
vulnerable to security breaches. Information is gathered concerning seven key areas
that influence cyber security for control systems.
The color is an indication of the relative risk to the system from that section.
Figure 20. Procedures and protocols (51 questions divided into 7 groups)
Organization: The organization part covers general measures in the organizational
field and which standard measures are required to achieve an adequate protection
level.
Personnel: Staff must be made aware of the in-house IT-related regulations,
practices and procedures. Security awareness includes everything from the use of
USB sticks to social engineering.
2PAA108483-110 H
43
B. Group Security Policies
Appendix D System 800xA Cyber Security Performance Status Report
Access Control: Access control governs what personnel are allowed to use the
systems, system components and networks.
Administration: To allow a secure operation of IT systems, thorough
administration of all valuable information is a key element.
Maintenance: For secure operation of any control systems, all parts of those
systems must be properly maintained.
Compliance: Regulatory schemes to help to ensure technical installations offer
sufficient protection for the user and security for operations.
Physical Security: Planning physical security measures covers a broad range of
technical and organizational provisions to protect against break-ins and similar
violations.
B. Group Security Policies
Group policies are settings that are controlled from a central location either on a
domain server or, in the case of a workgroup, on each individual computer.
These settings are analyzed one by one and the recommended setting may not the
ideal for all systems.
44
2PAA108483-110 H
Appendix D System 800xA Cyber Security Performance Status Report B. Group Security Policies
Figure 21. Group security policies (67 checks divided into 11 groups)
Policy Enforcement: In a domain, the group policies are enforced by the domain
controllers. The domain controller is updating the settings in each of the connected
computers on a schedule.
Passwords: Password settings are checked to verify adequate system password
strength and age is enforced.
User Accounts: User account settings are checked to verify that user sessions will
lock in an attempted brute force attack, and the principles of least privilege are
applied to the system.
Auditing of Security Events: Audit policies are checked to verify that attempts to
access system resources are properly logged.
Recovery Console: These policies are checked to verify that the Windows
Recovery Console settings are set to prevent unauthorized access by means of the
Recovery Console.
Interactive Logon: These settings are checked to verify that machine user login
access is controlled. If the machine is a member of a domain, the settings are also
verified to ensure proper control if domain connectivity is lost.
2PAA108483-110 H
45
B. Group Security Policies
Appendix D System 800xA Cyber Security Performance Status Report
System and Devices: These policies are checked to verify the highest possible level
of system security for user access to system devices and non-windows subsystems.
Network Access: These policies are checked to verify that network access,
especially anonymous network access, is controlled to prevent certain networkbased attacks.
Network Security: These policies are checked to verify network security; mainly to
verify if network encryption is used properly to prevent certain network-based
attacks.
System Cryptography: To meet Federal Information Processing Standards (FIPS),
System Cryptography settings are checked to verify that system encryption.
46
2PAA108483-110 H
Appendix D System 800xA Cyber Security Performance Status Report
C. Computer Settings
C. Computer Settings
The computer settings portion of the report covers software, versions and settings
that reside on individual computers in the system. If not properly configured, these
could put the overall cyber-security at risk.
Figure 22. Computer Settings
Operating System: The operating system must be supported by Microsoft in order
to receive security updates.
Services: Services that are not required add to the potential vulnerabilities for
malicious behavior or software. Any non-essential services should be disabled.
Firewall: A firewall is a software function within a computer or a device designed
to permit or deny network transmissions based upon a set of rules.
Shares: There should not be any shares on a control system machine that are not
necessary for the function of the control system software.
2PAA108483-110 H
47
C. Computer Settings
Appendix D System 800xA Cyber Security Performance Status Report
Windows Security Updates: Software updates are critical to minimizing
vulnerabilities.
Antivirus: Each computer is checked to see if it has antivirus software installed, and
if so, what manufacturer and version it is and if it is up-to-date.
Active Ports: Each computer is checked for active ports. There should be as few
unapproved active ports as possible in order to minimize the risk.
Startup Items: Each computer is checked for startup items. All items that are not
needed are a potential risk to the system.
Installed Applications: Each computer is checked for installed applications, such
as games, music players and other non-essential.
48
2PAA108483-110 H
Appendix E MOD 300 Benchmark Performance
Status Report
This appendix provides the summary of findings of System MOD 300 Benchmark
Status. The report provide and easy-to-read analysis of the control system
availability and reliability.
MOD 300 Benchmark Performance Report
The Performance Status report classifies row items as Category and column items as
Controller names as shown in Figure 23.
Figure 23. MOD 300 Benchmark Report
Figure 23 shows different color codes for different controllers for the check items.
For eg. MOD 300 Message statistics for controller 0300 is shown in red color
denomination. This is because for the device 0300, communications incoming
2PAA108483-110 H
49
MOD 300 Benchmark Performance Report Appendix E MOD 300 Benchmark Performance Status
maximum message load is 92.60 messages per second which is too high and must
be reduced. ABB recommendation is a maximum of 80.
For controller 0200 the color denomination is yellow because communications
incoming maximum message load is 45.20 messages per second which is
moderately high, but OK.
50
2PAA108483-110 H
Appendix F Node Functions Abbreviations for
Benchmark Reports
Node Functions Abbreviations
Table 1. Node Functions Abbreviations
Abbreviation
Description
AS
Aspect server
AS(PRI)
Aspect Server Primary
CLS
Central Licensing Server
ENG
Engineering node
BAT(PRI)
Batch Primary server
BAT(SEC)
Batch Secondary Server
BAT(CLI)
Batch Client
IM
Information Manager
AO
Asset optimization
PNSM
PNSM server
AC800M
AC 800M Connectivity server
MOD 300
MOD 300 Connectivity server
HAR(CONN)
Harmony Connectivity server
HAR(CFG)
Harmony Configuration server
2PAA108483-110 H
51
Node Functions Abbreviations
Appendix F Node Functions Abbreviations for Benchmark Reports
Table 1. Node Functions Abbreviations
Abbreviation
Description
MEL(CONN)
Melody connectivity server
MEL(CFG)
Melody Configuration server
IEC
IEC 61850 Connectivity server
PLC
PLC connectivity server
FF
Foundation field bus engineering
OC
Operator client
CCF
Configurable Control Functions
DCN
Distributed Communication Network
eDCN
Enhanced Distributed Communication
Network
D2F
DCN to FBUS
() - Unable to determine the node type as the node functionality may not be
supported in this release or the node does not have any ABB software.
52
2PAA108483-110 H
Revision History
This section provides information on the revision history of this User Manual.
The revision index of this User Manual is not related to the actual product System
Revision.
Revision History
The following table lists the revision history of this User Manual:
Revision
Index
Description
Date
-
First version published for BU CT Service
Products
July 2012
A
Published for BU CT Service Products version
1.1
September 2012
B
Published for BU CT Service Products version
1.2
December 2012
C
Published for BU CT Service Products version
1.2
February 2013
D
Published for BU CT Service Products version
1.3
March 2013
E
Published for BU CT Service Products version
1.4
May 2013
2PAA108483-110 H
53
Revision History
Revision
Index
54
Description
Date
F
Published for BU CT Service Products version
1.5
July 2013
G
Published for BU CT Service Products version
1.7
January 2014
H
Published for BU CT Service Products version
1.8
April 2014
2PAA108483-110 H
Updates in Revision B
Updates in Revision B
Section
All
Updates
References and naming conventions. Updated for System
version 4.1.
Updates in Revision C
Section
All
Updates
Names of the tools have been updated.
Updates in Revision D
Section
All
Updates
Performance Status and Software Status reports updated.
Updates in Revision E
Section
Section 1
Updates
Screenshot changes
Updates in Revision F
Section
Updates
Section 4
Inclusion of Freelance Support
Appendix C
Inclusion of Freelance Support
2PAA108483-110 H
55
Updates in Revision G
Updates in Revision G
Section
Front Cover
Updates
Changed Manual Title, Version number and
Document ID revision number.
Section 1
Added sub-section ‘System 800xA Cyber Security
Benchmark Report’
Section 5
Added Section 5 ‘System 800xA Cyber Security Benchmark
Report’
Updates in Revision H
Section
Front Cover
Updates
Changed Version number and
Document ID revision number.
Section 1
Added introduction for System MOD 300
Section 6
Added section on MOD 300 Benchmark Performance Status
Appendix E
56
Added Appendix E- MOD 300 Benchmark Performance
Status Report
2PAA108483-110 H
www.abb.com/800xA
www.abb.com/controlsystems
Copyright© 2014 ABB.
All rights reserved.
Power and productivity
for a better worldTM
2PAA108483-110 H
Contact us