Cyber security is a branch of network administration that addresses attacks on or by computer systems and through computer networks that can result in accidental or intentional disruptions.
The objective of cyber security is to help provide increased levels of protection for information and physical assets from theft, corruption, misuse, or accidents while maintaining access for their intended users.
No single cyber security approach is adequate and effectively resides at the local network level. Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.
WARNING
UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED EQUIPMENT OPERATION
Evaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in- Depth, before connecting the automation system to any network.
Limit the number of devices connected to a network to the minimum necessary.
Isolate your industrial network from other networks inside your company.
Protect any network against unintended access by using firewalls, VPN, or other, proven security measures.
Monitor activities within your systems.
Prevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions.
Prepare a recovery plan including backup of your system and process information.
Failure to follow these instructions can result in death, serious injury or equipment damage.
For more information on organizational measures and rules covering access to infrastructures, refer to ISO/IEC 27000 series, Common Criteria for Information Technology Security Evaluation, ISO/IEC 15408, IEC 62351, ISA/IEC 62443, NIST Cybersecurity Framework, Information Security Forum - Standard of Good Practice for Information Security.
This chapter defines the elements that help you configure a system that is less susceptible to cyber attacks. For detailed information on the defense-in-depth approach, refer to the TVDA: How Can I Reduce Vulnerability to Cyber Attacks in the Control Room on the Schneider Electric website.
To submit a cyber security question, report security issues, or get the latest news from Schneider Electric, visit the Schneider Electric website.
Password Management
Change the passwords every 90 days
Use a unique password (not related to your personal password)
Backing-up and Restoring the Software Configuration
To protect your data, back-up the system and configuration and keep your backup file in a secure place.
Remote Access to the AS-i Gateway
When remote access is used between a device and the AS-i Gateway, ensure your network is secure (VPN, Firewall…).
Data Flow Restriction
To secure the access to the AS-i Gateway and limit the data flow, use a firewall device.
ConneXium Tofino Firewall Product
The ConneXium TCSEFEA Tofino Firewall is a security appliance that provides levels of protection against cyber threats for industrial networks, automation systems, SCADA systems, and process control systems.
This Firewall is designed to permit or deny communications between devices connected to the external network connection of the Firewall and the protected devices connected to the internal network connection.
The Firewall can restrict network traffic based on user-defined rules that would permit only authorized devices, communication types and services.
The Firewall includes built-in security modules and an off-line configuration tool for creating secure zones within an industrial automation environment.
De-activation of unused functions
To help avoid unauthorized access, deactivate unused functions, such as WebServer, Fast Device Replacement, etc.
