WIXLIB

RUGGEDCOMCROSSBOWSecure Access Management SolutionBrochure10/2017siemens.com/ruggedcom

RUGGEDCOM CROSSBOW ContentsRUGGEDCOM CROSSBOW is a proven Secure AccessManagement solution designed to provide cybersecurity compliance including NERC CIP access toIntelligent Electronic Devices.ContentsProduct overview 3Application overview 4System overview 6Secure Access Managerand Station Access Controller 8Server and client requirements 10Component options 112

Product overview RUGGEDCOM CROSSBOWProduct overviewRUGGEDCOM CROSSBOW is a scalable solution tailored to the ever increasing industrial and utilityasset owners needs. It provides secure, local and remote user access, as well as management ofIntelligent Electronic Devices and their associated files. It is an enterprise class solution incompliance with comprehensive cyber security standards including the ever evolving US NERC CIP.RUGGEDCOM CROSSBOW is a unique cyber security systemdesigned to be simple, economical and intuitive enoughto be operated by large numbers of personnel accordingto, and without inhibiting their normal duties. Users ofthe system could be from a diverse group of staffassociated with: Asset condition monitoring Event response and investigation Maintenance (including vendors) Control, protection and telecommunicationsengineeringUser access is governed by the appropriate authenticationmodel (e.g. Active Directory, RSA SecurID) and alluser activity is logged and reported per the NERC CIPspecification. When used in combination with theRUGGEDCOM CROSSBOW Station Access Controller forlocal substation access, the RUGGEDCOM CROSSBOWsystem provides an integrated, comprehensive solutionwith a seamless configuration environment, ensuring IEDconnectivity and activity logging is maintained at thesubstation level, even if the connection to the centralserver is disabled.CROSSBOW allows an Intelligent Electronic Device (IED)maintenance application to remotely communicate withits associated IEDs as if the users were directly connectedto the device. CROSSBOW’s client-server architecture isdesigned to allow a large utility to easily manage remoteconnectivity to its entire population of field IEDs. Useraccess is role based, and the user is not provided withany device password or network topology detail.In addition, CROSSBOW allows extensive automation ofcommon device management tasks, such as passwordchanges, file retrieval, and configuration management.CROSSBOW functionality may be extended through scriptsand plug-ins, allowing users to develop automatedsolutions to their unique requirements.CROSSBOW also provides a mechanism to discoverpreviously unknown or transient devices connected tothe IP network, providing an additional tool to enhancenetwork security and maintainability.3

RUGGEDCOM CROSSBOW Application overviewApplication overview4

Application overview RUGGEDCOM CROSSBOWClient server architectureThe CROSSBOW client-server architecture is designed toscale to the needs of small, medium and large utilitieswhile maintaining peak performance to its entirepopulation of field IEDs. Key features include: Vendor agnostic design that works with all commonsubstation gateways and IEDs, allowing deploymentwithout adding or upgrading substation devices; An intuitive, complete product solution for ease of useand configuration:–– Competitive solutions rely more heavily onintegrating multiple 3rd party technologies together,making deployment and maintenance morecomplicated; A scalable, extendable platform, including:–– Password management of relaysand gateway devices;–– Firmware management of relaysand gateway devices;–– Device configuration management (e.g. relay settings);–– Event file (e.g. fault/oscillography) retrieval, eitheron demand or automatically scheduled. Integrated file management facility allows utilitystaff to control and retrieve device related files:–– Includes version control, check-in/check-out,access control, and reporting;–– Includes management of files associated withelectromechanical and non-communicatingdevices, which may otherwise have no meansof file management.A unique solution for local or emergency substation access,the CROSSBOW Station Access Controller provides the samelevel of security at the substation by pushing CROSSBOWdatabase updates out to the field. This unique offering runsnatively on the RUGGEDCOM Multi-Service Platforms basedon ROX (Rugged Operating System), so no additionalsubstation computers are required.Benefits Meets NERC standards for cyber security Strong (2-factor) authentication Individual user accounts and privileges Audit log of activity WAN or dial-up access to remote devicesSecurity Integration with Active Directory, RSA SecurID andother enterprise authentication solutions Individual user accounts with highlyconfigurable permissions Audit log/reports of all activity Ability to block commands on a per devicetype/per user basis Role based user access control Local substation access control throughStation Access Controller Blocking and logging of specified IED commands Optional encryption between server and remote facilityEnterprise integration Reporting interface into event management systems(Industrial Defender, TDi, OSIsoft) Microsoft SQL server-basedNERC CIP complianceAs the first commercially available application for helpingcustomers with achieving NERC CIP compliance,RUGGEDCOM CROSSBOW has maintained a leadership rolein the field. When combined with RUGGEDCOM routersand multi-service platforms, CROSSBOW offers one of theonly completely integrated solutions for the substation: One-click compliance reports Following the CIP requirements setout for access control and change management User activity (key stroke) loggingEase of administration Administration interface allows managementof thousands of IEDs and hundreds of users Structured view of IEDs (region/substation/gateway) Grouping of devices and users Configurable sub-adminsFlexible architecture Client-server or “clientless” architecture usingvirtual desktops Available redundancy Dial-up or WAN accessBroad device supportPreserves investment in legacy gateway devicesand communication infrastructure Siemens RUGGEDCOM routers and switches Siemens SIPROTEC Garrettcom SEL GE ABB Novatech Cooper RFL Industrial Defender Micom Many other IEDs5

RUGGEDCOM CROSSBOW System overviewSystem overviewControl Center NetworkLAN / WAN ConnectionSecure Remote Access (SSL)RUGGEDCOMCROSSBOWSecure LANCEW788-2 M12 henticationServer(optional)WAN or Dial up ConnectionRUGGEDCOM RX1500 withCROSSBOW ADM Agent on APE CardRemote FacilityOption:RUGGEDCOM CROSSBOWStation Access ControllerGateway For local and emergency substationuser accessIEDIEDIEDLicensed IED CountIndustrial Wireless LAN6Industrial EthernetIED Can run on ROX (RX1500, RX5000)or on RUGGEDCOM APE RUGGEDCOM CROSSBOW AssetDiscovery & Management (ADM)- can run on RX1500 APE or RX1400 VPEG RCM0 XX 00017 Preserves user roles and permissions

System overview RUGGEDCOM CROSSBOWSystem architectureThe diagram on the left illustrates a typical utilityarchitecture using RUGGEDCOM CROSSBOW. TheCROSSBOW Secure Access Manager (SAM) is the centralenterprise server through which all remote connectionsare made, and is the only trusted client source for the IEDs.This is the heart of the system, providing user role-basedaccess control, site and IED access management.CROSSBOW clients connect to the SAM via secure SSLconnections to provide user access to remote IEDs. TheSAM is connected over a secure WAN to substation gatewaydevices, such as RUGGEDCOM RX1500, or other supporteddevice. The gateway connects to IEDs either directly orthrough downstream RTUs.CROSSBOW SAM also connects through to IEDs withtheir own direct modem access such as for pole topapplications, meters or process control, conditionmonitoring IEDs, and other host computer/servers.This ability of CROSSBOW to provide secure RBACremote access to any IED makes it an essential toolfor any IED based application for: Utilities (electricity, water, gas) Transport control systems Industrial and mining applications Building/site management systemsTypical workflowRUGGEDCOM CROSSBOW is specifically designed to beintuitive and enhance users’ normal activity. After loggingin to the central SAM server, the user will be presentedwith a simple directory structure displaying regions,substations and devices, to which that user has beengranted access to by the administrator.From there, the user simply clicks on a chosen device todisplay a list of applications associated with the device.Selecting a program will instruct CROSSBOW to launchthe application and initiate a connection to the device– no need to negotiate connections, boot applications,or remember passwords. In most cases - just one click and the user is interacting directly with the device.Sophisticated password management functionalityallows remote management of all router, gateway,and IED passwords.7

RUGGEDCOM CROSSBOW Secure Access Manager and Station Access ControllerSecure Access Managerand Station Access ControllerRUGGEDCOM CROSSBOW Secure Access ManagerThe CROSSBOW Secure Access Manager (SAM) runson an enterprise grade Windows server platform,either on dedicated hardware or a virtual machine.When a CROSSBOW client initiates a connectionfrom its maintenance application to a remote device’smaintenance interface, it contacts the CROSSBOW server.The SAM server verifies the authenticity of the user, eitherthrough a personal user name and password login (basicsecurity), or through interaction with a corporate securitysystem (strong authentication), in order to establish theRole Based Access Control permissions. After verification,the SAM allows the logged-in user to view all availabledevices. When a device is selected for connection, theCROSSBOW SAM server establishes a communicationpath to the device, either directly or through one ormore remote gateways. The RBAC is configured duringinstallation to control individual users and user groupsto have varying arrangements of read/write access toIEDs, which can be controlled by region/facility/IED oreven command level. The strong authentication optionallows for integration of the user identification andpermissions to be linked to the corporate system suchas Active Directory, RSA SecurID or a RADIUS server.8RUGGEDCOM CROSSBOW Station Access ControllerCROSSSBOW offers local and emergency connectivitythrough its optional Station Access Controller (SAC),which can be installed at the local or substation level.The CROSSBOW SAC provides the same level of commandcontrol and logging when a user is physically present inthe station, even when there is loss of communicationpath between the central SAM and the remote site.The CROSSBOW SAC is completely synchronized with theCROSSBOW SAM server. The SAC may run directly on ROX(e.g. on a RUGGEDCOM RX1500/RX5000), or on theRUGGEDCOM APE module.Enterprise integrationMost customers of RUGGEDCOM CROSSBOWwill have their own enterprise security componentssuch as Active Directory, RSA, or RADIUS, as well as SQLdatabases. CROSSBOW can integrate and make use of thesecomponents for authentication. The use of SQL server isrequired by CROSSBOW SAM to store its database. It isrecommended that the utility makes use of its enterpriseSQL servers to hold this database, as the enterprise willhave its own backup and redundancy systems in place.