Issue:

Customer requests confirmation whether the Sage RTU products supports DNP3 Secure Authentication  (DNP SA), along with guidance on upgrade paths and options to meet security requirements.

Product:

SAGE 2400

SAGE 3030M

SAGE  4400

SAGE 14x0

Environment:

• Multiple substations standardized on Sage RTUs with standard DNP3 (non-SA)
• Organizations-wide push to adopt more secure DNP3.
• Installed base includes hardwired I/O connected via expansion cards.

Cause:

• The Sage RTU’s DNP3 implementation supports only up to a specific Secure Authentication Version.
• No further firmware developments about DNP SA will be released.
• Achieving DNP3 SAv5 or higher would require newer hardware.

Resolution:

• Current Capability: The Sage RTUs supports DNP3 SAv2 only; it does not support SAv5/SAv6.
• Roadmap / Firmware: There is no indication for a new firmware releases enabling SAv5+ on Sage RTUs.
• Recommended Path: To attain DNP3 SAv5 or newer, plan to transition to Powerlogic T500 hardware.
• Gateway Options: If an interim solution is needed, explore secure gateway approaches; however, validation and compatibility with Sage environments should be confirmed case-by-case.

Next Steps:

1. 1. Engage Marketing/Offer Management for roadmap, timelines, validated gateway options, and migration guidance.
      • Point of contact: T500 Offer Manager for US/Canada/Mexico (for accurate, current information).
   2. Assess I/O Migration: For sites with hardwired I/O expansion cards, ensure the proposed solution includes a migration or retention plan (e.g., compatible I/O modules, remote I/O, or structured cutover strategy).
   3. Plan Phased Upgrade: Prioritize high-risk substations, conduct a pilot with Powerlogic T500, and verify DNP3 SA configuration, interoperability with the SCADA/EMS, and commissioning procedures.
   4. Document Cybersecurity Posture: Update site standards and commissioning checklists to reflect SA keys management, authentication policies, and fallback behavior.

פורסם עבור: שניידר אלקטריק ישראל