Access Management Software

Access, Identity and Password Mangement for Utility Users Groups and Substation IEDs

NovaTech Connection Manager (NCM) provides an encrypted connection between the enterprise and an OrionLX/LXm running a Connection Manager Agent. NovaTech Identity Manager™ (NIM) software provides centralized management of both system Users and system IEDs (called Hosts) using role-based access privileges. Passwords for Users and Hosts/IEDs (currently OrionLX/LXm and SEL® relays) are also centrally managed, including special modes for managing password changes.

NovaTech Connection Manager (NCM) and Agent

NCM software runs at the enterprise level and establishes encrypted connections to the OrionLX Cyber Secure Gateway in a substation.  Within the OrionLX, the Connection Manager Agent allows transparent pass-through connection (using apprpriate keys and certificates) to serially-connected or LAN-connected SEL® relays at the appropriate user access level (e.g. access level 1, access level 2, etc.).  The software monitors un-permitted keystroke combinations when accessing SEL® relays (e.g. “PAS”, “SET”)

NovaTech Identity Manager (NIM)

User Identity and User Password Management

NIM software provides centralized LDAP-based user authentication, and can be configured to set up a Trust with an Active Directory authentication system. Strong password generation rules meet IT industry standards, and complete logging of all changes is provided for audits. Role-based Authentication assigns specific user privileges to each user or group of users, and rules can vary for different User Groups. “Manager Group” may require stronger password construction, or more frequent password changing than “General Group”.  Other examples include:

  • Technician Group Permitted to view relay settings but not change settings, view HMI but not control critical devices, only acknowledge non-critical alarms, attach using SSH but not HTTPS, etc.
  • Manager Group Same privileges as Technician group but additional privileges to change settings, control critical devices, acknowledge critical alarms
  • IT Group Permitted to change IP addresses, firewall settings, etc. but not permitted to have access to “non-IT” settings or controls

IED Password Management

Centralized administration of IED passwords is currently designed for management of SEL relay passwords, with other IEDs to be added in future development phases.  SEL relays can be placed into groups for simplified administration such as “Transmission Relays”, “Distribution Relays”, “Critical Relay Assets”, “Non-critical relay Assets”, etc.  IED-specific password rules are created for specific IED password construction.  For example, the password construction rules for an SEL-421 can be different than the rules for an SEL-501. This enables SEL relays to be secured with the strongest passwords possible without running into password requirement conflicts.  All activity is logged for auditing purposes.

There are four SEL relay Password Change Modes:

  • Normal Password Change Mode Users can select specific SEL relays or groups to be changed, view the password policies for the SEL relays in the selected group (different relays in the group may have different password policies), enter or generate new random passwords according to those rules, and then send the passwords to all the relays in the group, with all actions logged.
  • Maintenance Mode This mode is for when crews are in the substation performing upgrades and reconfigurations. Passwords for substation IEDs are temporarily changed to a well-known “maintenance” password.
  • Emergency Mode (or “Password Checkout” Mode) Generally only used if the broadband connection to the substation has been lost. An administrator can view passwords and divulge them to utility people in substation, with all administrator actions logged.
  • Local Password Caching in the Security Gateway Caching includes settings to enable or disable caching, and set time limits for how long caching is enabled after connection to the remote server is lost.

 

    July 17, 2018 Overland Park, KS

    Kansas Technical Symposium

    NovaTech welcomes you to join your peers and NovaTech technical experts for the complimentary 2018 Kansas Technical Symposium.

    August 8, 2018 – August 10, 2018 Chattanooga Marriott Downtown

    TVPPA Conference

    NovaTech is exhibiting (Booth #53) at the Engineering & Operations Conference which is TVPPA's annual educational meeting for electric utility operations managers and professional engineers.

    October 15, 2018 – October 18, 2018 Spokane Convention Center

    Western Protective Relay Conference

    Please join NovaTech at The Western Protective Relay Conference (WPRC) at the Spokane Convention Center in Spokane Washington October 15-18 to hear from and network with industry professionals on broad and detailed technical aspects of power system protection.

  • NovaTech Orion WEBserver SCADA & HMI

    The NovaTech Orion WEBserver uses open-source graphics development, a pre-defined library of faceplates, a tiled alarm annunciator and simple setup to provide small and medium-sized utilities with a robust, low-cost SCADA solution for substation monitoring.

    April 3, 2018

  • Hot Standby Redundancy in OrionLX and OrionLXm

    Hot standby redundancy allows continuous synchronization of substation data in two OrionLX or OrionLXms, providing additional reliability for critical substation automation and SCADA applications.

    April 3, 2018

  • NERC CIP Cyber Security Solutions

    Tripwire and NovaTech jointly present on security solution to meet the latest NERC CIP requirements including Access Management, Security Monitoring, Configuration Management, and Event Analysis.

    March 18, 2016

Your browser is out-of-date!

Update your browser to view this website correctly.Update my browser now

×