800xA Built in security

System 800xA provides a comprehensive set of embedded mechanisms to manage cyber security risks. Some of them are listed below.

Are you looking for support or purchase information?

Role based access control

User Authentication in System 800xA is based on Windows Authentication through active directory or workgroups. The user access control is based on user, role and location and can be made on object and attribute level. Controlling “Who is allowed to do what actions from where, with which object”

The log over function enables a fast and temporary switch between users in the Operator environment, primarily to allow temporary usage for a user with more user rights than the logged in user. Thanks to this, access rights for the regular operator can be restricted to only the necessary functions but still allowing easy temporary access for more privileged users.

IPSec

The Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. A tool, IPSec Configuration Tool, assists in configuring IPSec to protect the communication between clients and servers that are members of the Active Directory Domain in the 800xA system. It also offers the possibility to allow system nodes to communicate without using IPSec towards explicitly defined nodes that do not support IPSec.

Back-up and restore

Larger losses due to incidents are avoided through efficient disaster recovery. Total and selective backup and restores are possible through system administration features.

System configuration & maintenance

ABB projects follow strict security guidelines during engineering and commissioning. ABB maintenance work also follow stringent processes. The guidelines used been developed based on best practices, standards, and frameworks. Here are some of the areas covered:

  • Secure Default Settings & Hardening
  • Antivirus Software
  • Patch Management
  • Access & Account Management
  • Backup & Recovery
  • Plant Network Topology
  • Secure Remote Access

Network redundancy

The 800xA system network is built up by network areas with dual independent network paths.

Possibly malicious traffic can be isolated so that it only affects a limited part of the system, e.g. if one of the two network paths is affected by a network storm the nodes can continue to operate with full performance using the secondary network.

Storm protection & network filtering for controllers & communication cards

Controllers and communication modules use a network filter that blocks unsupported traffic and protects the host in case of a network storm. Thus these devices provide the communication robustness which significantly reduce the need for a dedicated firewall for each device.

Robustness testing for controllers & communication cards

Controllers & communication cards are tested at ABB’s Device Security Assurance Center (DSAC). DSAC, a Wurldtech accredited testing facility, performs “Level 2”-tests utilizing Wurldtech’s Achilles test platform. In addition, DSAC also test the devices with tools from for example Tenable networksNMAP, and Spirent.

Recommended links

Loading documents
Select region / language