NovaTech Connection Manager (NCM) provides an encrypted connection between the enterprise and an OrionLX/LXm running a Connection Manager Agent. NovaTech Identity Manager™ (NIM) software provides centralized management of both system Users and system IEDs (called Hosts) using role-based access privileges. Passwords for Users and Hosts/IEDs (currently OrionLX/LXm and SEL® relays) are also centrally managed, including special modes for managing password changes.
NovaTech Connection Manager (NCM) and Agent
NCM software runs at the enterprise level and establishes encrypted connections to the OrionLX Cyber Secure Gateway in a substation. Within the OrionLX, the Connection Manager Agent allows transparent pass-through connection (using apprpriate keys and certificates) to serially-connected or LAN-connected SEL® relays at the appropriate user access level (e.g. access level 1, access level 2, etc.). The software monitors un-permitted keystroke combinations when accessing SEL® relays (e.g. “PAS”, “SET”)
NovaTech Identity Manager (NIM)
User Identity and User Password Management
NIM software provides centralized LDAP-based user authentication, and can be configured to set up a Trust with an Active Directory authentication system. Strong password generation rules meet IT industry standards, and complete logging of all changes is provided for audits. Role-based Authentication assigns specific user privileges to each user or group of users, and rules can vary for different User Groups. “Manager Group” may require stronger password construction, or more frequent password changing than “General Group”. Other examples include:
Technician Group Permitted to view relay settings but not change settings, view HMI but not control critical devices, only acknowledge non-critical alarms, attach using SSH but not HTTPS, etc.
Manager Group Same privileges as Technician group but additional privileges to change settings, control critical devices, acknowledge critical alarms
IT Group Permitted to change IP addresses, firewall settings, etc. but not permitted to have access to “non-IT” settings or controls
IED Password Management
Centralized administration of IED passwords is currently designed for management of SEL relay passwords, with other IEDs to be added in future development phases. SEL relays can be placed into groups for simplified administration such as “Transmission Relays”, “Distribution Relays”, “Critical Relay Assets”, “Non-critical relay Assets”, etc. IED-specific password rules are created for specific IED password construction. For example, the password construction rules for an SEL-421 can be different than the rules for an SEL-501. This enables SEL relays to be secured with the strongest passwords possible without running into password requirement conflicts. All activity is logged for auditing purposes.
There are four SEL relay Password Change Modes:
Normal Password Change Mode Users can select specific SEL relays or groups to be changed, view the password policies for the SEL relays in the selected group (different relays in the group may have different password policies), enter or generate new random passwords according to those rules, and then send the passwords to all the relays in the group, with all actions logged.
Maintenance ModeThis mode is for when crews are in the substation performing upgrades and reconfigurations. Passwords for substation IEDs are temporarily changed to a well-known “maintenance” password.
Emergency Mode (or “Password Checkout” Mode)Generally only used if the broadband connection to the substation has been lost. An administrator can view passwords and divulge them to utility people in substation, with all administrator actions logged.
Local Password Caching in the Security GatewayCaching includes settings to enable or disable caching, and set time limits for how long caching is enabled after connection to the remote server is lost.
The Orion Family of Substation Automation Platforms and I/O perform an expanding array of automation and security applications in electric utility substations, with minimal setup and maintenance. A single Orion can replace multiple legacy boxes in a substation, reducing hardware, design, wiring, and panel costs.
A Hot Active – Standby Redundancy capability is now available for the OrionLX and OrionLXm. This new design simplifies operation and diagnostics in multiple redundant substation automation and SCADA applications.
NovaTech Orion I/O™ is an extension of the family of OrionLX™ Automation Platforms for substation automation and incorporates the same security features, software tools and “NCD” configuration as the OrionLX. It is a rack-mountable I/O assembly with four slots—A, B, C, and D—that can be filled with any combination of I/O cards: currently 16-Point Discrete Input Card,
NovaTech now offers complete packaged solutions for pole top mounting to support distribution automation applications. Solutions are engineered and packaged per customer specification and can include a user-specified enclosure, locking door with door switch, radio and associated distribution sensors.
NovaTech, in partnership with Caral Soluciones Energeticas (Peru) donated OrionLX Substation Automation Platform equipment that will assist students and teachers in the development of new ecosystems through simulation and modern technology.
At DistribuTECH 2017, NovaTech is exhibiting the new Orion I/O™ for substations. It delivers NERC CIP-compliant security, the highest I/O density (up to 64 in 2 RU) and the lowest cost per point (under $20). Orion I/O is a member of the OrionLX™ family, which means the right combination of flexibility and ease-of-use.
Rep. Kevin Yoder (3rd Congressional District of Kansas) presented NovaTech a letter of recognition from and an American flag that flew over the Capitol. This award was in recognition of shipping over 20,000 American manufactured products worldwide.
The NovaTech Orion WEBserver uses open-source graphics development, a pre-defined library of faceplates, a tiled alarm annunciator and simple setup to provide small and medium-sized utilities with a robust, low-cost SCADA solution for substation monitoring.