Siemens Ruggedcom Crossbow Software
"RUGGEDCOM CROSSBOW" is a scalable solution tailored to the ever-increasing needs of industrial and utility asset owners. It provides secure, local, and remote user access, as well as management of Intelligent Electronic Devices (IEDs) and their associated files. This enterprise-class solution is in compliance with comprehensive cyber security standards, including the evolving US NERC CIP.
The distributed architecture of CROSSBOW, featuring the Station Access Controller (SAC) and the Secure Access Manager Local (SAM-L), ensures local and emergency connectivity to IEDs. This architecture provides full support for all automation functions (SAM-L only), even in scenarios where communication is lost between the central CROSSBOW server (Secure Access Manager Primary or SAM-P) and the remote site.
Designed for simplicity, cost-effectiveness, and intuitiveness, "RUGGEDCOM CROSSBOW" is suitable for operation by large numbers of personnel without hindering their routine responsibilities. Users from diverse groups associated with:
- Asset condition monitoring
- Event response and investigation
- Maintenance (including vendors)
- Control, protection and telecommunications engineering
Main features
- Flexible client-server architecture
- Administrator-defined Role-Based Access Control (RBAC)
- Distributed options CROSSBOW SAC and SAM-L to ensure local and emergency connectivity
- Blocking and logging of specified IED commands on a per device type/per user basis
- Audit log and reports of all activities
- Strong two-factor authentication with Active Directory, RSA SecurID, and RADIUS for process security
- Manage device passwords and configurations
- Compare device configurations and firmware against known approved versions
- Automated file retrieval from IEDs (fault records, SOEs, etc.)
- Vendor agnostic design that works with all common substation gateways and IEDs
Benefits
Comprehensive and scalable with a seamless configuration environment, "RUGGEDCOM CROSSBOW" lets users securely access field IEDs for remote maintenance, configuration, and data retrieval – thus meeting the needs of industrial and utility asset owners.
Scalability
CROSSBOW’s vendor agnostic design works with all common substation gateways and IEDs, the administration interface allows management of thousands of IEDs and hundreds of users. Provides a strong foundation to enable compliance to NERC CIP and IEC 62443 in the areas of remote IED access, user activity (key strokes) logging, and data privacy.
- Complete set of one-click NERC CIP compliance reports
Security
- Integration with Active Directory, RSA SecurID, and other enterprise authentication solutions to provide strong two-factor authentication
- Individual user accounts with highly configurable permissions
- Role-based remote access control
- Audit log/reports of all activities and security events
- Blocking and logging of specified IED commands on a per device type/per user basis to improve security and reduce errors
- Optional encryption between server and remote facility
- Asset Discovery functionality to monitor network for previously unknown or transient devices connected to the IP network
- Configurable settings for preventing sensitive information from appearing in the CROSSBOW logs
Ease of administration
- Vendor agnostic design that works with all common substation gateways and IEDs
- Central point of administration and management of thousands of IEDs and hundreds of users
- Structured view of IEDs (region/substation/gateway)
- Grouping of devices and users
- Configurable sub-admins
- Automation of password management
- Automated verification of configuration and Firmware versions
- Scheduled report generation
- Automated file retrieval from IEDs. Device event records can be extracted and stored without the need for additional substation hardware and software.
- Database Growth Management to allow automatic removal of old records from CROSSBOW database that are beyond a user-specified age
Flexible architecture
- Client-server or “clientless” architecture using virtual desktops
- High availability option with server clustering
- WAN or Dial-up access
- Distributed options of CROSSBOW – Station Access Controller (SAC) and Secure Access Manager Local (SAM-L) ensure local and emergency connectivity. SAM-L provides the full support of advanced automation functions locally within the facility.
Broad device support
- Siemens RUGGEDCOM routers and switches
- Siemens SIPROTEC
- Garrettcom
- SEL
- GE
- ABB
- Novatech
- Cooper
- RFL
- Industrial Defender
- Micom
- ... and many other IEDs
Design
System architecture
The RUGGEDCOM CROSSBOW system consists of a central enterprise server and several clients. The CROSSBOW Secure Access Manager (SAM) server is based on Microsoft SQL Server, contains the system database, and manages all connections from the clients to the remote IEDs. It provides role-based access control, site and IED access management, and supports high availability cluster configuration for increased reliability.
CROSSBOW clients connect to the SAM via secure SSL connections to provide user-access to remote IEDs.
The alternative Application Server architecture also allows for the central management of all native IED applications by locating them on a central server, eliminating the need for client software on the user’s desktop.
The CROSSBOW client-server architecture is designed to be scaled to the needs of small, medium, and large utilities while maintaining peak performance to its entire population of field IEDs.
RUGGEDCOM CROSSBOW - system architecture
System components
CROSSBOW Secure Access Manager – Primary – SAM-P
The Secure Access Management (SAM) server verifies the authenticity of the user, either through a personal username and password login (basic security), or through interaction with a corporate security system (strong authentication), to establish the Role-Based Access Control permissions. It runs on an enterprise-grade Windows server platform, either on dedicated hardware or a virtual machine.
CROSSBOW Station Access Controller – SAC (optional)
CROSSSBOW offers local and emergency connectivity through its optional Station Access Controller (SAC), which can be installed at the local or substation level. The CROSSBOW SAC provides the same level of command control and logging when a user is physically present in the station, even when there is loss of communication path between the central SAM and the remote site. CROSSBOW SAC is completely synchronized with the CROSSBOW SAM server. The SAC may run directly on ROX (e.g., on a RUGGEDCOM RX1500/RX5000) or on the RUGGEDCOM APE1808 module.
CROSSBOW Secure Access Manager Local – SAM-L (optional)
The "RUGGEDCOM CROSSBOW" Secure Access Manager – Local (SAM-L) is a “lite” version of the SAM-P, and is intended for deployment on machines in facility locations. Its purpose is to allow local connectivity and to perform special operations on behalf of the SAM-P on the devices in that facility. SAM-L is installed on a device physically located within the facility, and acts as a local version of the RUGGEDCOM CROSSBOW Server. It can be run from a Windows PC or the RUGGEDCOM APE1808 module.
RUGGEDCOM CROSSBOW – Ensuring High Availability
The RUGGEDCOM CROSSBOW Server or the SAM-P can be licensed to make use of multiple servers configured as a cluster. This allows multiple servers to exist as a single entity, allowing more users to utilize the system at the same time and for faster processing of automated tasks, such as fault record retrieval.
RUGGEDCOM CROSSBOW Application Modules
RUGGEDCOM CROSSBOW Application Modules (CAMs) are separately licensed “plug ins”, which may be added to a CROSSBOW server. CAMs are run by the CROSSBOW scheduler, and may run at the following times:
- On demand, when invoked by a user with rights to do so
- On a periodic, scheduled basis
Configuration management CAM
The configuration management CAM connects to managed devices, reads their settings, and compares them to their latest approved baseline. Any variation from the baseline results in an alert.
Firmware version CAM
The firmware version CAM connects to managed devices, reads the firmware version, and compares the devices’ current value to the values expected for that device. Any variation from the baseline results in an alert.
IED data retrieval CAM
Fault and event data collection is performed by the IED data retrieval CAM. CROSSBOW can gather the following data from IEDs:
- Target status
- Sequence of Events (SOE) data
- Fault reports
- Oscillography files
All gathered data is stored in the CROSSBOW database, along with the time and date it was last updated.
Connectivity CAM
The Connectivity CAM is designed to automate the monitoring of connectivity (i.e., CROSSBOW’s ability to connect to the devices in its database). The intent to ensure that any given end device remains available for other CROSSBOW communications (e.g., end user connections, other CAMs, etc.) and to alert an administrator when it is not.
Time Sync CAM
The Time Sync CAM connects to managed devices, reads the current timestamp, and compares it to the system time on the CROSSBOW server. It raises an alert if the difference is greater than the configured value. Enabled for GE UR relays and SEL relays.
Event Log Distribution Service (ELDS)
The Event Log Distribution Service provides distribution of event information to external tracking systems:
- Windows Event Log
- Syslog
Flexible rule-based notification profiles match items in the CROSSBOW event log for distribution.
External Database Integration Service (EDIS)
The External Database Integration Service allows CROSSBOW to share device/gateway information with a secondary, external SQL database. During operation, CROSSBOW polls the external database at user-specified intervals for new network-based devices and gateways.
File Export Service
The File Export Service allows CROSSBOW to export CAM files to an external SFTP server:
- Updated config files as detected and retrieved by the Config CAM
- New fault and event files as detected and retrieved by the Data CAM
