Device security capabilities

This section describes the security capabilities available with your device.

Standard meter security

Anytime you make configuration changes to your device, you must enter a password. Standard security is enabled by default from the factory. See Standard meter security.

Advanced meter security

Advanced meter security restricts allowed actions to the authorized use of the control system. See Advanced meter security.

Information confidentiality

These security capabilities help protect the confidentiality of information through secure protocols that employ cryptographic algorithms, key sizes and mechanisms used to help prevent unauthorized users from reading information in transit, i.e. SSH, SFTP, and information at rest.

Physical security

These security capabilities together with perimeter security help prevent unauthorized access to revenue-related parameters and settings or leave clear evidence that the device has been physically tampered with:

  • Physical revenue-lock protection is used to help prevent unauthorized access to the meter, parameter values and settings.
  • The hardware-lock feature is an ordering option that locks the ION module parameters specific to revenue data so that these parameters cannot be altered.
  • Multiple anti-tamper sealing points are used to help prevent access and provide evidence of tampering.

Configuration

These security capabilities support the analysis of security events, help protect the device from unauthorized alteration, and record configuration changes and user account events:

  • Internal time synchronization.
  • Time source integrity protection and meter configuration event logging.
  • Timestamps, including date and time, match the meter clock.
  • SSH server hosts an internal SFTP site and stores files in the meter’s flash memory, such as COMTRADE records.
  • Settings can be saved as a Security Configuration File (.scf) using ION Setup.
  • Embeds user information with changes.
  • Offload information to syslog or a protected storage or retention location.

User accounts and privileges

These security capabilities help enforce authorizations assigned to users, segregation of duties and least privilege:

  • User authentication is used to identify and authenticate software processes and devices managing accounts.
  • Least privilege configurable in multiple dimensions: read; peak demand reset; time sync; test mode; meter, security and communications configuration.
  • User account lockouts configurable with number of unsuccessful login attempts.
  • Use control is used to restrict allowed actions to the authorized use of the control system.
  • Supervisors can override user authorizations by deleting their account.
  • Password strength feedback using ION Setup.

Hardening

These security capabilities help prohibit and restrict the use of unnecessary functions, ports, protocols and/or services:

  • Least functionality can be applied to prohibit and restrict the use of unnecessary functions, ports, protocols and/or services.
  • Port numbers can be changed from default values to lower the predictability of port use.
  • Session lock is used to require sign in after a period of inactivity for SFTP, SSH and the display, but not ION protocol.
  • Session termination is used to terminate a session automatically after inactivity or manually by the user who initiated the session.
  • Concurrent session control to limit the number of concurrent sessions with each interface.

Threat intelligence

These security capabilities help provide a method to generate security-related reports and manage event log storage:

  • Machine and human-readable reporting options for current device security settings.
  • Audit event logs to identify:
    • Meter configuration changes.
    • Energy management system events.
  • Audit record storage capacity communication to notify a user when the threshold is approaching.
  • Audit storage capacity of 5,000 event logs by default and alternate methods for log management.
  • Time source integrity protection and event logged when changed.

Secure disposal

These security capabilities help release the device from active service and prevent the potential disclosure of data:

  • Purging of shared memory resources through device wiping and other decommissioning tasks.
  • Physical (recommended) or sustainable device disposal possibilities.