Cybersecurity

Cybersecurity is a branch of network administration that addresses computer systems and networks vulnerabilities that can result in accidental or intentional disruptions.

The objective of cybersecurity is to help provide increased levels of protection for information and physical assets while maintaining access for their intended users.

No single cybersecurity approach is adequate and effectively resides at the local network level. Schneider Electric adheres to industry best practices in the development and implementation of control systems. This includes a "Defense-in-Depth" approach to secure an Industrial Control System. This approach places the controllers behind one or more firewalls to restrict access to authorized personnel and protocols only.

 WARNING

UNAUTHENTICATED ACCESS AND SUBSEQUENT UNAUTHORIZED EQUIPMENT OPERATION

  • Evaluate whether your environment or your machines are connected to your critical infrastructure and, if so, take appropriate steps in terms of prevention, based on Defense-in- Depth, before connecting the automation system to any network.

  • Limit the number of devices connected to a network to the minimum necessary.

  • Isolate your industrial network from other networks inside your company.

  • Protect any network against unintended access by using firewalls, VPN, or other, proven security measures.

  • Monitor activities within your systems.

  • Prevent subject devices from direct access or direct link by unauthorized parties or unauthenticated actions.

  • Prepare a recovery plan including backup of your system and process information.

Failure to follow these instructions can result in death, serious injury or equipment damage.

For more information on organizational measures and rules covering access to infrastructures, refer to ISO/IEC 27000 series, Common Criteria for Information Technology Security Evaluation, ISO/IEC 15408, IEC 62351, ISA/IEC 62443, NIST Cybersecurity Framework, Information Security Forum - Standard of Good Practice for Information Security.

To submit a cybersecurity question, report security issues, or get the latest news from Schneider Electric, visit the Schneider Electric website.

Password Management

  • Change the passwords every 90 days

  • Use a unique password (not related to your personal password)

Backing-up and Restoring the Software Configuration

To help protect your data, back-up the system and configuration and keep your backup file in a secure place.

Remote Access to the ASi Gateway

When remote access is used between a device and the ASi Gateway, ensure your network is secure (VPN, Firewall…).

Data Flow Restriction

To secure the access to the ASi Gateway and limit the data flow, use a firewall device.

For example, the ConneXium TCSEFEA Tofino Firewall provides levels of protection against cyber threats for industrial networks, automation systems, SCADA systems, and process control systems.

This Firewall is designed to permit or deny communications between devices connected to the external network connection of the Firewall and the protected devices connected to the internal network connection.

The Firewall can restrict network traffic based on user-defined rules that would permit only authorized devices, communication types and services.

The Firewall includes built-in protection modules and an off-line configuration tool for creating protected zones within an industrial automation environment.

De-activation of unused functions

To help avoid unauthorized access, deactivate unused functions, such as WebServer, Fast Device Replacement, SafeLink etc.