Cybersecurity capabilities

This section describes the security capabilities available with Power Operation and capabilities when configured using Windows Active Directory and authentication.

Information confidentiality
  • Secure protocols that employ cryptographic algorithms, key sizes and mechanisms used to help prevent unauthorized users from reading information in transit and information at rest.
  • Support for McAfee Application Control or similar software to help protect against zero day attacks.
  • Passwords and sensitive or confidential data on disk are encrypted while at rest.
  • Certificates are in compliance with recognized international standards used to encrypt TLS data in transit:
    • Certificates for gRPC and the web are generated during installation and are unique for every installation. Each has its own issuing authority that is also generated during installation.
    • The Citect comms certificate is created during configuration and secures Citect communication.
Configuration

These security capabilities support the analysis of security events, help protect the software from unauthorized alteration, and record configuration changes and user account events:

  • Internal time synchronization.
  • Time source integrity protection and configuration event logging.
  • Timestamps, including date and time.
  • Settings can be saved as a configuration file using Plant SCADA.
  • Offload information to syslog or a protected storage or retention location.
User accounts and privileges

These security capabilities help enforce authorizations assigned to users, segregation of duties, and least privilege:

  • Windows Active Directory integration, role-based access control, and two-factor authentication using YubiKey.
  • Power Operation Runtime user partitioning, eight levels of user privilege, and user event monitoring, including, log in, log out, shutdown, control.
  • Identify and authenticate software processes managing accounts using Windows Active Directory.
  • Least privilege and allowlisting configurable in multiple dimensions: read; control; time sync; alarm acknowledgment; application access; notification, security, and communications configuration.
  • User account lockouts configurable with number of unsuccessful login attempts using Windows Active Directory.
  • Use control is used to restrict allowed actions to the authorized use of the control system.
  • Supervisors can override user authorizations by deleting their account.
  • Password strength feedback using Windows Active Directory.
Hardening

These security capabilities help prohibit and restrict the use of unnecessary functions, ports, protocols, or services:

  • Least functionality can be applied to prohibit and restrict the use of unnecessary functions, ports, protocols, or services.
  • Port numbers can be changed from default values to lower the predictability of port use.
  • Session lock is used to require sign in after a configurable time-period of inactivity using Windows Active Directory.
  • Session termination is used to terminate a session automatically after inactivity or manually by the user who initiated the session.
System upgrades and backups

This security capability helps protect the authenticity of the software and facilitates protected file transfer: digitally signed software is used to help protect the authenticity of the software and only allows software generated and signed by the manufacturer.

Threat intelligence

These security capabilities help provide a method to generate security-related reports and manage event log storage:

  • Machine and human-readable reporting options for current security settings.
  • Audit event logs to identify:
    • Software configuration changes.
    • Energy management system events.
  • Audit storage using event logs by default and alternate methods for log management using Windows Active Directory.