RUGGEDCOM CROSSBOW

Secure access management

RUGGEDCOM CROSSBOW is a proven secure access management solution designed to provide NERC CIP compliant access to Intelligent Electronic Devices. CROSSBOW solution focuses on delivering productivity gains for administrators and users while achieving full NERC compliance in managing, securing and reporting on remote access. The combination of the CROSSBOW Secure Access Management server and CROSSBOW Station Access Controller for local substation access form an integrated, comprehensive solution with a seamless configuration environment.

CROSSBOW addresses the need for utilities to interactively access remote field IEDs for maintenance, configuration, and data retrieval. CROSSBOW allows a native IED application to remotely communicate with its associated IEDs, as if the user were directly connected to the IED with a serial cable or network connection. User access is governed by the appropriate authentication model (e.g. RSA SecurID) and all user activity is logged and reported per the NERC CIP specification.


System Architecture

RUGGEDCOM CROSSBOW system consists of a central server, and a number of clients. The clients are typically the user’s desktop or laptop computers. The server contains the system database, based on Microsoft SQL Server, and manages all connections from the clients to the remote IEDs. The central server supports a high availability cluster configuration for increased reliability. The alternative Application Server architecture also allows for the central management of all native IED applications by locating them on a central server, eliminating the need for client software on the user’s desktop.


RUGGEDCOM CROSSBOW Station Access Controller

CROSSBOW Station Access Controller complements the product family by providing a solution at the substation for managing local IED access, while maintaining stringent security methodologies in line with NERC CIP compliance and industry best practices. This allows the software to further enhance productivity gains for administrators and users while achieving full NERC compliance in managing, securing and reporting on remote access.


Configure your RUGGEDCOM product

The RUGGEDCOM-Selector lets you configure RUGGEDCOM products quickly, easily, and efficiently, by using targeted navigation through selection menus or by entering item numbers. Selected products can then be ordered directly by transferring the parts list into the Industry Mall.


Benefits

  • Global Password Management of all applicable relays and gateway devices

  • Configuration and Firmware Management of applicable relays and gateway devices

  • Integrated File Management provides controlled access, version control, and history for all file types

  • Support for third party security event management systems

  • Blocking of specified IED command improves security and reduces errors

  • Automatic, scheduled retrieval of important IED event files

  • Preserves investment in legacy gateway devices and communication infrastructure

  • Meets NERC standards for cybersecurity

  • Individual user accounts and privileges

  • Audit log of activity

  • WAN or Dial-up access

  • Administration interface allows management of thousands of IEDs and hundreds of users

  • Integration with Active Directory, RSA SecurID and other enterprise authentication solutions

  • Complete set of one click NERC CIP compliance reports

  • Support for unattended or scheduled application dial out

  • Comprehensive management of Siemens RUGGEDCOM routers and switches


Automation

  • Support for IED polling applications (e.g. SEL 5040)

  • Scheduling of many activities (e.g. log retrieval, report generation, password changes

  • IED File Retrieval (e.g. event records)

  • Configuration Management of relays and gateways

  • Firmware Management of applicable devices

  • Password Management of many device types



Security

  • Individual user accounts and permissions

  • Two-factor authentication, using RSA SecurID (optional)

  • Audit log of all IED accesses and security events

  • Support for Active Directory domains

  • Blocking and logging of specified IED command

  • Optional encryption between server and substation

  • Support for scheduled polling by applications

  • Designed to NERC CIP-002 through CIP-009

  • Optional Station Access Controller extends offering to the substation


Supports wide range of remote gateways and servers

  • RUGGEDCOM routers and switches

  • SEL PRTU/2020/2030/2032

  • SEL PRTU/2020/2030/2032

  • RUGGEDCOM eLAN Substation Communications Server

  • Novatech Orion

  • Cybectec SMP

  • Telephone port switches

  • Industrial Defender Gauntlet Gateway

  • Other routers and terminal servers WAN or modem access to field

  • Integrated modem pool management


Ease of administration

  • Structured view of IEDs (region/substation/gateway)

  • Supports groups of IEDs and users

  • Transparent integration with Active Directory

  • Database redundancy, including Hot Standby availability