4 CAE 000545 V 1 00 JAN 25

— 4 CAE 000545 V 1. 00, JAN 25 2018 RTU 500 series RTUtil 500 Rel. 12. 2. 4 Engineering Webinar Jacek Gronowski, PGGA-PT RTU Technical Support at http: //abb. custhelp. com RTU 500 Geeks Group on ABB Yammer

— Introduction Presenter Jacek Gronowski RTU Technical Support line engineer URL Email March 3, 2021 Slide 2 : http: //abb. custhelp. com : rtu-technical-support. deabb@de. abb. com

— Introduction Go. To. Webinar environment Presentation, recording and Q&As will be shared with you after the webinar. March 3, 2021 3

— RTUtil 500 Rel. 12. 2. 4 Engineering Agenda Introduction – General (1) – RTU 500 Software release designation (2) New functions – Windows 10 Support (1) – Multiprog PRO (v 5. 5) Support (2) – Command Control Authority Handling (3) – HMI Server uniquely identifies every HMI client (4) – New 1 -out-of-n control modes (5) – Process image size and 'Transmitted'-flag in PLC (6) March 3, 2021 Slide 4 Communication – SNMP HCI Support with SNMPv 2 and -v 3 agent functionality (1) – IEC 60870 -5 -104 BCI supports peer-to-peer communication (2) – IEC 870 -5 -104 HCI. Support of IEC 62351 -3 (TLS 1. 2) (3) – IEC 60870 -5 -104 SCI. IED polling sequence is configurable (4) – IEC 60870 -5 -103 HCI. Generic Services support (5) – IEC 61850 SCI/HCI. Support of Edition 2 (6) – DNP 3. 0 (serial and LAN/WAN) HCI. Support of IEC 62351 -5 (7) – Modbus TCP/IP SCI. New parameters added (8) Others Questions and Answers

— RTUtil 500 Rel. 12. 2. 4 Engineering Introduction Slide March 53, 2021

— RTUtil 500 Rel. 12. 2. 4 Engineering Introduction (1) General RTU 500 Software Rel. 12. 2 includes: – Windows 10 Support, – Support of new hardware modules, – A number of new functions, – Engineering improvements, – Corrections of functional issues in RTU 500 series related to cyber security, All introduced changes have been documented in Release Notes document of a given engineering tool: : – Release note - RTU 500 series version 12. 2 – Release Note (Partner) - CMU Firmware Release 12 – Release Note (Partner) - Software RTUtil 500 Release 12 – Release Note (Partner) - Software Integrated HMI 2. 0. 2 See as well other documents and presentations available on : RTU 500 Partners Portal: – Release of RTU 500 version 12. 2 – RTU 500 Sales Webinar - Unveiling the potential of Release 12. 2 – RTU 500 series release 12. 2 Sales webinar – RTU 500 Cyber Security Deployment Guideline Release 12 March 3, 2021 Slide 6

— RTUtil 500 Rel. 12. 2. 4 Engineering Introduction (2) RTU 500 Software release designation RTU 500 software release designation contains 4 parts: aa. bb = a major. minor release number cc = a build number dd = for ABB internal use only if not equal to 0 RTU 500 software with the same major. minor release number part e. g. 12. 2. 1 and 12. 2. 2 share the same functional concept. It means that they can be freely mixed - RTUtil 500 Rel. 12. 0. 3 can be used with RTU firmware 12. 0. 7. New release of RTU 500 software starts with a build number 1 e. g. 12. 2. 1. Bugfix releases with corrected bugs are designated with increasing build number. Higher build number means simply that more bugs have been corrected without changing of RTU 500 software functionality. Changing RTU 500 firmware from 12. 0. 1 to 12. 0. 7 does not require rebuilding of RTU 500 configuration file with possibly newer RTUtil 500 release. This is not considered as a migration. March 3, 2021 Slide 7 Before migration of old project to RTU 500 Software Rel. 12. 2 please read Migration Guide of RTU 500 Release 12 Specifically note the following: – Chapter 7. Migration of communication units. • Consider using 560 CMR 01 instead of 560 CMR 02 if you do not need more than 2 serial communication interfaces. • Note that all new communication units use SD (Secure Digital) instead of CF (Compact Flash) Cards. There is no way to migrate an RTU Software license from CF to SD Card. It has to be purchased separately. – Chapter 9. Migration of Multiprog 2. 11 projects to Multiprog 5. 5.

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions Slide March 83, 2021

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (1) Windows 10 Support All RTU 500 engineering tools support now Windows 10 as well. This includes: – RTUtil 500 Rel. 12. 2 used for RTU project engineering. – Multiprog Rel. 5. 5 used for PLC programming. – HMI Editor Rel. 2. 0 used for HMI engineering. March 3, 2021 Slide 9

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (2 a) Multiprog PRO (v 5. 5) RTUtil 500 Rel. 12. 2 supports new engineering tool Multiprog 5 PRO Multiprog 5 introduces several important Improvements: Multiprog 5 PRO is an IEC 61131 Control technology component of Phoenix Contact. – Better Windows like user interface. – Library protection with Multiprog 5 function is now available. Knowhow and Intellectual property (IP) of PLC logic can be protected by the owner/developer. – When starting Multiprog export RTUtil 500 opens the target project in Multiprog application and the I/O information is directly updated in the project. No more explicit export/import is necessary. – Export messages are logged to inform the user about the process. RTUtil 500 Rel. 12. 0 supports Multiprog 2 only. Hardlock key (Dongle) supports Multiprog 2. xx only. New software license has to be purchased in order to support Multiprog 5. You receive PDF file with Registration Code (33 characters long) per workplace. Do not enter the License Number (14 characters) during the product activation process. March 3, 2021 Slide 10 – When exporting into an old Multiprog 2. 11 project the project will be migrated. Additional steps are described in the log messages.

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (2 b) Multiprog PRO (v 5. 5) Use always the newest Multiprog 5 setup file version: ABBRTU 500 PLCEngineering_1_0. exe Note the new name of Multiprog 5 PLC application: Note as well an updated Multiprog 2 setup file: MULTIPROG_wt_2_11_283 -11_02. exe This version installs the newest (11. 2) version of RTULIB/FW_LIB libraries and support for new CMU modules (560 CMR 01, 560 CMR 02, 540 CMD 01 and 540 CID 01). Please check your Multiprog 2 installation folder. As a result the only valid entry which has to be used to uninstall this software is (never use Multiprog wt): : March 3, 2021 You cannot engineer PLC application for a new CMU hardware if SH 03_32 subfolder is not present. Slide 11

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (2 c) Multiprog PRO (v 5. 5) Multiprog 5 uses RTULIB library to support RTU 500 functionality of the corresponding firmware version. In a current release RTU 500 Lib 1 library project located in c: UsersPublicDocumentsMULTIPROGLibraries subfolder is used. From functional point of view this project corresponds to RTULIB file Rel. 11. 2 in Multiprog 2. LIB_RELEASE POU is obsolete in Multiprog 5. To see version of RTULIB used in a PLC project please use standard Multiprog 5 functionality. Library version is available in properties (use right-click). PLC function blocks needed to support a new Command Control Authority function have been added to the new RTU 500 firmware function block library FW_LIB. It means that this FW_LIB library has to be updated in Multiprog 2 runtime as well. This has been included in the newest setup file MULTIPROG_wt_2_11_283 -11_02. exe. Alternatively you can copy contents of the FW_LIB subfolder of Multiprog 5: - c: Program. DataPHOENIX CONTACT SoftwareMULTIPROG5_51_257plcFW_LIB to the corresponding FW_LIB subfolder of Multiprog 2: - c: ABBKWSoft 211MWTPLCFW_LIB Please make a backup of FW_LIB original contents in case somethings goes wrong. March 3, 2021 Slide 12

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (2 d) Multiprog PRO (v 5. 5) RTUtil 500 12. 2 with build number 1, 2 and 3 support Multiprog 5 only. Starting from RTUtil 500 Rel. 12. 2. 4 both Multiprog 5 and Multiprog 2 are supported and Multiprog 5 is set by default for a new project. Multiprog version supported is a global project option selectable by a user. Known issues: – Multiprog 2 does not support Windows 10. – Prerequisite for Multiprog 5 is an installed. NET framework 3. 5. Depending on the installation of the operating system, . NET framework 3. 5 may not be installed. This was especially noticed on Windows 10 systems. – Multiprog 5 installer provided by ABB does not contain the. NET framework installer. You have to install correct one manually or computer has to be connected to the Internet during the installation process. ) – Evaluation license of Multiprog 5 has a restriction on the amount of handled input and output data. Never use this evaluation license for real projects executed on site. March 3, 2021 Slide 13

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (3 a) Command Control Authority Handling One side of every communication function in RTU 500 is always RTU 500 Database. A new Command Control Authority function handles commands received by the RTU 500 Database from HCI, Integrated HMI or PLC. This function allows to assign received process commands to a selected Control authority group identified by a unique number in the range from 1 to 200. Value 0 means disabled state. Details have been described in Chapter 2. 3. 1 Configurable control authority in RTU 500 series Function Description Release 12 Part 6, RTU 500 Functions NCC 1 NCC 2 Remote HMI WAN Local HMI RTU 500 Blocking signal L/R switch Group 1 Group 2 March 3, 2021 Slide 14

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (3 b) Command Control Authority Handling Command originators are identified for: – Host interfaces (HCI, type=0) by the host number (1. . 16), – Integrated HMI (type=1) by the HMI client number (1. . 16), – PLCs (type=2) by the CMU number (1. . 16) the PLC is configured on. By default all control operations of all Control Authority Groups are allowed. For a given Control Authority Group Logic or PLC function has the task to control and signalize the Control Authority State of a specific Command Originator. Depending on this Control Authority State all commands of the specified group and originator are allowed or rejected. March 3, 2021 Slide 15 – PLC engineering is no more necessary. – EXCEL import interface is supported.

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (3 c) Command Control Authority Handling Still you can use PLC to evaluate Command Authority of the selected command. Three new PLC function blocks have been added to the RTU 500 firmware function block library FW_LIB: – 'CTRL_AUTH_DENY_SET' function block is intended to set for a specific control originator a control denied state of a given Control Authority Group. It has four inputs: • 'Group': selects the control authority group, as configured in RTUtil 500. This is an USINT (IEC 61131 type of integer). • 'Originator. Type': is an enumeration which selects the originator type HCI (=0), Integrated HMI (=1) and PLC (=2). • 'Originator. Identifier' specifies the originator within an originator type: - 'Host Number‘ for HCI, - 'HMI Client Number‘ for Integrated HMI, - 'CMU number' for PLC (the CMU a PLC is located). • 'Deny' sets the state for the previously selected control authority group and originator. March 3, 2021 Slide 16 – 'CTRL_AUTH_DENY_GET' function block gives the user the possibility to get, if commands assigned to a control authority group are denied for an originator specified by originator type and identifier. – 'PLC_ICO_ADDR_GET' function block returns the 'int. Originator' of the running PLC function. Using this information, a PLC function can identify, if command confirmations received by a PLC function are originated by itself.

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (4) HMI Server uniquely identifies every HMI client In previous RTUtil 500 releases it was not mandatory to assign HMI client numbers. An HMI client number now uniquely identifies HMI clients even if they do not have a configured IP address. When an HMI server is added to an Ethernet interface, an HMI client with client number 1 is automatically configured. For HMI client configuration of HMI server, IP address '0. 0' is now allowed, which is a wildcard for any connected HMI client. March 3, 2021 Slide 17 To improve diagnostics and allow blocking of command with control authority of HMI clients not explicitly identified by their IP address, now it is mandatory to assign HMI client numbers. For signalization purposes, 8 more system events - SEV#261 -276: 'HMI client x online' -were added.

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (5 a) New 1 -out-of-n control modes New process command Interlocking modes for commands executed by SCIs, IObus and PLC have been added. Rel. 12. 2. 4: Depending on the selection, commands are interlocked against each other within groups or on an object level. Technical details have been explained in Chapter 3. 2. 2 Command output procedures of RTU 500 series Function Description Release 12 Part 6, RTU 500 Functions March 3, 2021 Slide 18 Previous releases:

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (5 b) Enhanced 1 -out-of-n control (SCI, PDP and PLC) New modes have been introduced: – Global: independent of the type only one command can be operated at a time in RTU 500. As long as a command is in operation (not yet completed or terminated by a time out) any further command operation will be rejected. – Configured: Commands not assigned to any group by configuration are interlocked on object basis only. '1 -out-of-n control group' parameters of command data points are editable to assign commands to a project specific '1 -of -n-control groups'. March 3, 2021 – Selection values '…with command priority' allow originators with higher priority (e. g. HCIs with lower host number) to break a selection of a '1 -of-n-control group' by an originator of lower priority. Still it is not possible to break execution of a command. Slide 19 For compatibility with older versions of RTU 500 software the default setting is:

— RTUtil 500 Rel. 12. 2. 4 Engineering New functions (6) Process image size and 'Transmitted'-flag in PLC It is possible to increase the RTU application latency where only the current value of process data is relevant for a PLC application. – Maximum amount of binary and measurement process information entries in PLC queue are now separately configurable. Default value is to keep up to 4 changes and the current value in the image. – Behavior of ‘transmitted’-flag at AMI and MFI input variables can be now configured. • 'Edge‘: a rising edge informs about a new value. New changes are available in the PLC program every second PLC cycle only as an extra cycle is available for a falling edge. • 'State‘: as long as the ‘transmitted’-flag is TRUE, a changed value is available. In this case new changes are available every PLC cycle. Note that for outputs you can send out a new value still every second task cycle. March 3, 2021 Slide 20

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication Slide March 21 3, 2021

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (1 a) SNMP HCI Support with SNMPv 2 and -v 3 agent functionality SNMP HCI can be used to connect the RTU 500 to the asset management and/or TCP/IP net monitoring systems operating in parallel to a SCADA system. It exposes RTU 500´s system events as well as other diagnostic information (e. g. CPU and memory utilization, diagnostic counters). Network Monitoring System SNMP Trap SNMP Get/Respond SNMP v 3 protocol defines a secure version of SNMP providing: – Confidentiality (Encryption of packets) – Integrity (Message Integrity) – Authentication (verify source) Graphical network analyze is possible via monitoring systems (AFS View, MRTG, Whats. Up Gold, SUPROS…) as with SNMP you can collect data periodically or on event based method (TRAPS) March 3, 2021 Slide 22 Device Status Monitoring

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (1 b) SNMP HCI Support with SNMPv 2 and -v 3 agent functionality SNMP HCI agent has been described in a new RTU 500 manual: – SNMP Host Communication Interface The agent provides a number of Object Identifiers (OIDs). An OID can be thought as the “name of a variable". The agent populates values of variables and makes them available. An SNMP manager (client) can then query the agent’s OIDs for a specific information. The collection of all the objects of an SNMP agent makes up the MIB (Management Information Base), which can be described according to the standard in a text file: – ABB RTU 500 MIB file for SNMP Host Communication Interface March 3, 2021 Slide 23 For spontaneous reporting SNMP TRAPs can be enabled.

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (2 a) IEC 60870 -5 -104 BCI supports peer-to-peer communication. A new activity type - Bi-directional communication interface (BCI) has been added to RTU 500 software to support bi-directional (peer-topeer) communication lines. Bi-directional activity means that subordinated as well as super ordinated devices (RTUs, IEDs) on such line can contain data points and these data points can be exchanged in both directions between all devices connected to the same bi-directional communication topology using own pair of links. Every Bi-directional communication interface (BCI) can play the role of: – a data point producing device, like IEDs, – a data point consuming device, like control systems. March 3, 2021 Slide 24 The visualized parent child relationship presentation in RTUtil 500 network tree does not reflect the communication relationship between devices connected to a bi-directional topology. In fact all linked devices are functionally on the same level. Any device can be selected as a root node in order to support traditional engineering tools.

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (2 b) IEC 60870 -5 -104 BCI supports peer-to-peer communication. Bi-directional communication interface (BCI) in RTU 500 has been implemented on top of IEC 60870 -5 -104 specification. Not all aspects of the current IEC 60870 -5 -104 SCI/HCI functionality have been included. The following functions supported in IEC 60870 -5 -104 (SCI) are not available in bidirectional communication interface (BCI): – Structured addresses for ASDU and IOA. – Read commands (C_RD), reset process command (C_RP) and test command (C_TS). – File transfer. March 3, 2021 Slide 25 The following functions supported in IEC 60870 -5 -104 (HCI) are not available in bidirectional communication interface (BCI): Structured addresses for ASDU and IOA. – The configuration of control systems as communication partner (for the BCI external device are configured as IED). – Simultaneous communication with up to 8 hosts (Multi-Host connection). – Configuration and exclusive connection to host IP addresses. (BCI supports redundant connections with 2 links). – Counter interrogation commands (C_CI) and counter modes B, C, D. – Read commands (C_RD), reset process command (C_RP) and test command (C_TS). – Parameter download and file transfer. – Supervision of maximum delay in command direction of commands and setpoints.

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (2 c) IEC 60870 -5 -104 BCI supports peer-to-peer communication. Monitoring direction Command direction All Event/Measurement information from one device could be available at all linked devices without sending them to a control system and back to another device. Note that any linked device can have independent SCI, HCI in order to acquire and/or distribute available process data to control systems. Commands can be executed from every device to any other device linked to the same bi-directional topology. March 3, 2021 Slide 26

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (2 d) IEC 60870 -5 -104 BCI supports peer-to-peer communication. A device can be linked to a bi-directional topology as an IED node or RTU 500 node. Every device linked to a bi-directional topology is addressed using unique IP Address. – RTU 500 node is fully engineered (communication and data) in the same RTUtil 500 project as the root node. – IED node is engineered externally (can be another RTUtil 500 project or device of any type or vendor) Redundant communication (second IP address) is supported. TCP port used for a communication can be configured when required. This can simplify firewall configuration. Note that every device linked to a bi-directional topology creates a separate pair of Sub/Host like communication interface with every other device connected to the same topology. March 3, 2021 Slide 27

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (2 e) IEC 60870 -5 -104 BCI supports peer-to-peer communication. In case of RTU 500 node device IP address has to the same as IP address of E 1 or E 2 port of CMU where engineered BCI is linked. No other IP addresses are allowed. March 3, 2021 Slide 28

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (2 f) IEC 60870 -5 -104 BCI supports peer-to-peer communication. All devices linked to a bi-directional topology share the same process database. As a result Information Object Address (IOA) of any process data must not overlap with IOA of any other process data located on the other device connected to the same bidirectional topology. Any shared process data is available on any device connected to engineered bi-directional topology. For IED Node there is no way to configure Host activity parameters as this is engineered in an external project. March 3, 2021 Slide 29 For RTU 500 Node configuration of selected Host activity parameters is possible similarly as in a standard HCI.

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (3) IEC 870 -5 -104 HCI. Support of IEC 62351 -3 (TLS 1. 2) Only available with license feature "Advanced security". Data traffic will be secured by Transport Layer Security (TLS) encryption and authentication by means of X. 509 certificates. IEC 62351 -3 provide end-to-end encryption between RTU 500 and Network control centers. Provide protection against (secured by): – Eavesdropping (TLS encryption) – Man-in-the-middle attacks (message authentication) – IP spoofing (Certificates) – Replay attacks (TLS encryption) RTU 500 provides now the separate TCP/IP port 19998 to exchange TLS secured traffic. This will allow for the possibility of unambiguous secure and non-secure communications simultaneously. March 3, 2021 Slide 30 Configuration of secure IEC 60870 -5 -104 HCI needs extra 2 parameters only: Securing data traffic and Certificate selection.

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (4) IEC 60870 -5 -104 SCI. IED polling sequence is configurable In a setup with both Ethernet interfaces on the same subnet a new dropdown list 'Routing' is available with two options: – Static assignment of IP addresses (E 1 -> IP 1, E 2 ->IP 2), behavior as before. – Dynamic usage of configured network interfaces. IP addresses 1 and 2 of the IED are polled on both interfaces sequential. March 3, 2021 Slide 31

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (5) IEC 60870 -5 -103 HCI. Generic Services support Generic data (type identification 10) is supported now for the following RTU data types: – in control direction : ASO, FSO, BSO 01, BSO 02, BSO 08, BSO 16 – in monitoring direction : AMI, MFI, STI, BSI 08, BSI 16, BSI 32. This allows e. g. to support TAPCON devices. The following GDD data types (Generic Data Description) are supported by RTU 500: – <4> signed integer – <7> R 32. 23 Short real IEEE 754 General interrogation of generic data (GGI) is also supported. For more detailed information see protocol documentation IEC 608705 -103 Subdevice Communication Interface March 3, 2021 Slide 32

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (6 a) IEC 61850 SCI/HCI. Support of Edition 2 The RTU 500 series IEC 61850 client and server supports Edition 1 (IEC 61850 -7 -x: 2003 A) and Edition 2 (IEC 61850 -7 -x: 2007 B) of the standard. The following restrictions apply: – Only one type of protocol Edition can be started on one CMU. – During engineering put IEDs of different Editions into different Subnetworks (requires a separate CMU). – No RCBs can be exchanged between Edition 1 and Edition 2 IEDs. – The GOOSE communication in RTU 500 series is restricted to IEDs of the same edition. The configuration tool RTUtil 500 checks this restriction and GOOSE data points from IEDs with the wrong edition are ignored (Presenting a warning message for the user). – For extensions of existing Edition 1 systems (Edition 1 SCD) the RTU 500 series must be configured as Edition 1 IED. – The extension of Edition 1 system with Edition 2 devices is not supported. March 3, 2021 Slide 33 Mixed systems (the SCD file is Edition 2 including Edition 1 data models) are supported for client/server communication. There is one SCD file only for mixed systems. See Chapter 26. 3 Mixed Systems, Engineering in IET 600 Integrated Engineering Tool User Manual for more details. Mixed systems are not part of SVC system tests (not verified) anymore.

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (6 b) IEC 61850 SCI/HCI. Support of Edition 2 Protocol Edition has to be defined separately for any client or server interface in the RTU 500 project. Key features: – Higher RTU System Limits documented in RTU 500 series Function Description (Parts 2 and 3, Chapter: System Limits). – PRP redundancy is supported both for the client and the server. The supervision of the channel status can be engineered with GGIO’s for the server. The client’s redundant channels can only be supervised from the NCC. Due to the differences in the data model between Edition 1 and Edition 2 the selected protocol edition of communication interface cannot be changed anymore after an SCD import was done or after any data points are configured for the client or server. Change of selected Protocol Edition requires the complete repetition of IEC 61850 Integration procedure. March 3, 2021 Slide 34 – RTU 500 does not support HSR. You have to use an external switch/bridge/router if you need to connect RTU to such network.

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (7 a) DNP 3. 0 (serial and LAN/WAN) HCI. Support of IEC 62351 -5 Only available with license feature "Advanced security". Key features: DNP 3 with secure authentication (SA) based on IEC 62351 -5 has been implemented as an extension. – Session Key exchange with AES 128 and AES 256. It enables secure communication (serial and LAN/WAN) with connected SCADA systems (NCC/DMS, tested with Micro. SCADA Pro). – Aggressive mode can be configured This is an Application Layer (on ASDU level) extension only. DNP 3 Secure Authentication does not provide complete encryption of transported data. Traffic is still vulnerable for sniffing. – Request authentication with HMAC of SHA 1 and SHA 256. – Protocol extension of handling new function codes when SA is enabled. – Implementation of set of function codes that are protected by SA. – Handling of new DNP 3 objects g 120 v 1 to g 120 v 7 and g 120 v 9. – Object g 121 v 1 – Security statistics was implemented March 3, 2021 Slide 35

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (7 b) DNP 3. 0 (serial and LAN/WAN) HCI. Support of IEC 62351 -5 Feature can be configured in RTUtil 500 in line configurator window. With Secure Authentication enabled RTU keeps track of events like unsuccessful Session Keys exchange. Increased number of these events may indicate that RTU is misconfigured and master with different Update Key is trying to connect or that outstation may be under attack. All events are available under group 120. They are also returned in Class 0 request if Secure Authentication is enabled. Several of different events may be logged. More details about the implemented functionality, like a full list of implemented critical request function codes, can be found in: DNP 3. 0 Host Communication Interface March 3, 2021 Slide 36

— RTUtil 500 Rel. 12. 2. 4 Engineering Communication (8) Modbus TCP/IP SCI. New parameters added – New checkbox option: ‘Allow only one query simultaneously’. By default the functionality is deactivated for compatibility with older RTUtil 500 Releases. If the option is checked RTU sends the Modbus TCP queries in such order, that no new query is sent before the previous one is not completed (responded or timed out). This option is required for some simple Modbus TCP/IP to Modbus serial converters which do not handle frame buffering correctly. March 3, 2021 Slide 37 – New settings value 30 ms is now supported for 'Cycle time for line 1' and 'Cycle time for line 2‘ Be aware that using low values for cycle time may reduce overall system performance.

— RTUtil 500 Rel. 12. 2. 4 Engineering Others Slide March 38 3, 2021

— RTUtil 500 Rel. 12. 2. 4 Engineering Others (1) Changed RTUtil 500 operation – Default location of RTUtil 500 data folder has been modified. Now ABB has been inserted. – SEVs are no longer automatically added to the SDI node In older releases in a new project, a lot of unwanted system events have been automatically added to the System Data Interface (SDI) node. This is not done anymore. The firmware ensures at startup that all needed SEVs are created if they are not configured in RTUtil 500. Uncheck “Link functionalities to all network interfaces…” to follow Cyber Security rules. Typically operation of a configured function is expected on one dedicated communication interface. March 3, 2021 Slide 39 Never add SEV #48 (Device inoperable) to SDI of the configured RTU. This SEV has to be always evaluated by a host/client as it is never sent by HCI.

— RTUtil 500 Rel. 12. 2. 4 Engineering Others (2) / New functions Support of new hardware modules The following hardware modules have been introduced with RTU 500 Rel. 12. x: – 560 CMR 01, 560 CMR 02 – 560 BIR 01, 560 BOR 01, 560 AIR 02 – 540 CMD 01, 540 CID 01 – 520 CSD 01 They are more flexible, consume much less power. Note new RTU System Limits presented in: – RTU 500 series Function Description Release 12 Part 2, Rack Mounted Solutions – RTU 500 series Function Description Release 12 Part 3, DIN Rail Solutions March 3, 2021 Slide 40 RTUtil 500 Rel. 12. 2. 4 supports directly all new hardware modules. 560 BIR 01, 560 BOR 01 and 560 AIR 01 are 100% function and pin compatible with corresponding 23 BE 23, 23 BA 20 and 23 AE 23. They can be freely used as a spare part of old (phase-out) module without any RTUtil 500 re-engineering. It means that you can configure in your RTU project old modules but in fact you can mount new ones. 560 AIR 02 is a cost optimized m. A solution without any jumper or dip switches. This is a new card supported by RTUtil 500 Rel. 12. 2 or newer.

— RTUtil 500 Rel. 12. 2. 4 Engineering Others (3) / New functions New parameter: 'Command operation timeout' The maximum time until a started command operation procedure is released, in case it was not completed before, can be customized with the introduced parameter. This prevents long blocking of subsequent commands execution in RTU. March 3, 2021 Slide 41

— RTUtil 500 Rel. 12. 2. 4 Engineering Others (4) / Communication IEC 61850 SCI. Scaling of acquired measurements. New parameter Multiplier is now available for incoming MFI data point which allows to rescale the RTU internal representation of received measurement. The multiplier scaling is executed at the incoming value, before threshold supervision check if this is configured. Always configure threshold supervision check for incoming analog data. This always decreases the load of CMU. March 3, 2021 Slide 42

— RTUtil 500 Rel. 12. 2. 4 Engineering Others (5) / Communication IEC 60870 -5 -101/104 HCI. New parameters added – New background cycle time interval 15 minutes has been introduced for AMIs and MFIs. This allows better support data used in trend reports. – New configuration option to disable parameter loading per HCI has been added. In older releases of RTUtil 500 parameter loading is enabled per default. Deviating from standard in RTU 500 the IOA (Information Object Address) used to carry information in control and monitor direction are the same for the parameter types. As specified in IEC 60870 -5 -101 clause 7. 2. 5, this is not allowed and the return information should be addressed by a different IOA. To achieve conformity with standard in RTUtil 500 there is now a new configuration option to disable parameter loading per HCI at all. If parameter loading is disabled, requests will be responded with negative activation confirmation. That applies for the following type identifications: P_ME_NA_1, P_ME_NB_1, P_ME_NC_1. March 3, 2021 Slide 43

— RTUtil 500 Rel. 12. 2. 4 Engineering Others (6) / Communication IEC 60870 -5 -101 HCI. Redundancy switchover condition An additional parameter 'redundancy switch over condition' has been added for IEC 60870 5 -101 protocol. This parameter defines how the switchover of the controlling station is done: – According to IEC standard (Norwegian user convention) RTU 500 switches to redundant line upon 'reset of remote link' (FC 0) command (default state for older RTU software releases), – The switchover to redundant line should be done by 'request of user data' command. (FC 11). Precondition: Redundant lines and transmission mode unbalanced. This scheme is used in Company PSI (Germany/Malaysia) controlling systems. March 3, 2021 Slide 44

— RTUtil 500 Rel. 12. 2. 4 Engineering Questions and Answers Slide March 45 3, 2021

— RTUtil 500 Rel. 12. 2. 4 Engineering Questions & Answeres (1) # Slide 1 10, 11 2 10 Question Answer Do you see any option to work with Windows 10 laptop and with the Multiprog WT Hardlock key (Dongle)? Hardlock key (Dongle) supports Multiprog 2. xx only. Multiprog 2 does not support Windows 10. You can use Virtual Machines running Win 7 as a workaround. See related thread on our RTU 500 geeks Group. How Multiprog 5 is licensed. New software license has to be purchased in order to support Multiprog 5. You receive PDF file with Registration Code (33 characters long) per workplace. Multiprog 5 software requires Registration Code for every location (workplace) where this software has been installed. You have to remove Multiprog 5 software from an old computer before registration with the same Registration Code on a new computer. Note that we are reselling only licensees purchased from Phoenix Contact. They can explain you any legal details related to this topic. 3 10 Does Multiprog 5 support symbolic variables. Yes, it does. This is even easier than in Multiprog 2. See Step by step guide for PLC programming using Multiprog 5 4 11 Can you explain a note about usage of new CMUs in Multiprog 2. 11 See Chapter 8, 9 in Migration Guide of RTU 500 Release 12. New CMU types require new PLC resource type (SH 03_32). This is created automatically after the first Import in Multiprog 2. 5 12 How is Multiprog 5 RTULib identified See added slide 12 for an explanation. March 3, 2021 Slide 46

— RTUtil 500 Rel. 12. 2. 4 Engineering Questions & Answeres (2) # Slide Question Answer 6 22 Do we need separate firmware for SNMP HCI? No, according to our licensing policy all communication protocols are included in a Basic License. 7 27 Is it mandatory to configure all RTU 500 devices and other IEDs in one RTUtil 500 project? No, this is not mandatory and even sometimes not possible. Note that IED Node is engineered externally (in a different project). It can be a device of another type than RTU 500, engineered using different tool than RTUtil 500. In the current RTUtil 500 release there is no consistency check that every Information Object Address (IOA) is unique in the engineered bi-directional topology even in case all nodes are RTU 500 nodes engineered in the same RTUtil 500 project. 8 30, 35 How to order "Advanced security“ feature? "Advanced security“ feature needs to be separately specified (1 KGT 036600 R 0001) in the order of the specific SD/CF license. This is required for Secure IEC 870 -5 -104 and DNP 3. 0 communication, 9 34 How many IEDs are supported by IEC 61850 client? For new CMUs we have raised the limit to 30 IEDs per IEC 61850 client. See System Limits chapter in: - RTU 500 series Function Description Release 12 Part 2, Rack Mounted Solutions - RTU 500 series Function Description Release 12 Part 3, DIN Rail Solutions Why it is not possible to issue commands in Hardware Tree in RTU Web Server This has been moved in RTU Software Rel. 12. 0 to Test Mode option. See Chapter 4. 4. 4 in Web-Server Users Guide, Release 12 for a description how to simulate commands in RTU. 10 March 3, 2021 Slide 47

March 3, 2021 Slide 48