GE MiCOM P40 Agile Technical Manual

Also see for MiCOM P40 Agile: Technical manual Technical manual Technical manual Technical manual Technical manual

Contents

Cyber Security P44x/EN CS/ Hb6MiCOM P40 Agile P441, P442, P444 (CS) 15-154.5 Password RecoveryPassword recovery is the means by which the passwords can be recovered on a device ifthe customer should mislay the configured passwords. To obtain the recovery password thecustomer must contact the General Electric Customer Care Center and supply two pieces ofinformation from the IED – namely the Serial Number and its Security Code. The CustomerCare Centre will use these items to generate a Recovery Password which is then provided tothe customer.The security code is a 16-character string of upper case characters. It is a read-onlyparameter. The IED generates its own security code randomly. A new code is generatedunder the following conditions:• On power up• Whenever settings are set back to default• On expiry of validity timer (see below)• When the recovery password is enteredAs soon as the security code is displayed on the LCD display, a validity timer is started. Thisvalidity timer is set to 72 hours and is not configurable. This provides enough time for theCustomer Care Centre to manually generate and send a recovery password. The ServiceLevel Agreement (SLA) for recovery password generation is one working day, so 72 hours issufficient time, even allowing for closure of the Customer Care Centre over weekends andbank holidays.To prevent accidental reading of the IED security code the cell will initially display a warningmessage:PRESS ENTER TOREAD SEC. CODEThe security code will be displayed on confirmation, whereupon the validity timer will bestarted. Note that the security code can only be read from the front panel.4.5.1 Entry of the Recovery PasswordThe recovery password is intended for recovery only. It is not a replacement password thatcan be used continually. It can only be used once – for password recovery.Entry of the recovery password causes the IED to reset all passwords back to default. This isall it is designed to do. After the passwords have been set back to default, it is up to the userto enter new passwords appropriate for the function for which they are intended, ensuringNERC compliance, if required.On this action, the following message is displayed:PASSWORDS HAVEBEEN SET TO DEFAULTThe recovery password can be applied through any interface, local or remote. It will achievethe same result irrespective of which interface it is applied through.4.5.2 Password EncryptionThe IED supports encryption for passwords entered remotely. The encryption key can beread from the IED through a specific cell available only through communication interfaces,not the front panel. Each time the key is read the IED generates a new key that is valid onlyfor the next password encryption write. Once used, the key is invalidated and a new keymust be read for the next encrypted password write. The encryption mechanism is otherwisetransparent to the user.