Recommended actions

Your device is designed to be used in a protected environment that uses a defense in depth strategy, in compliance with IEC 62443, the global standard for industrial automation control system security.

To help secure your device, you must take specific actions at every stage of the project life-cycle.

NOTE: The list of recommended actions below is not a complete list of possible cybersecurity measures. It is meant to be a starting point to improve the security of your device in a protected environment. Consult with cybersecurity experts to plan, configure, operate, maintain, and decommission your device based on your needs.

The following table lists the actions we recommend you take to help secure your device in a protected environment, organized by life-cycle stage:

Recommended action Defense-in-depth role
Plan
Review cybersecurity awareness Resources to increase your cybersecurity knowledge and awareness.
Review the system defense in depth assumptions Understand the security measures expected to be provided by the external environment in which the device is to be used.
Review the device security capabilities Understand how the device's security capabilities can be used in a protected environment.
Review the Security risks and mitigation strategies Known security risks and the mitigation strategies to help minimize the risks.
Configure
Change the default password * Help reduce unauthorized access. Default account settings are often the source of unauthorized access by malicious users.
Disable meter configuration methods * Limiting configuration options and providing read-only access reduces the attack surface of the meter.
Disable webpages and time sync sources *

Disable webpages to deny a web browser to access the meter data. If your meter can be accessed by a web browser outside your protected network, a malicious user could intercept communications.

Disable the ability to modify the meter’s time source to help protect against disguised communication from an unknown source as being trusted and possibly invalidating timestamps.

Define lockouts and event timeouts *

Lock accounts after a predefined number of unsuccessful login attempts. Lockouts help reduce brute-force password attacks from succeeding.

Limit user access*

Limit user access to the minimum, least privilege level of access needed to perform their job functions.

Revoke user privileges when no longer needed due to role change, transfer, or termination.

Edit meter access event logging * Edit the default meter access event priorities that are logged to the event log to meet your reporting requirements.
Create and change user passwords

Create strong passwords for each user that requires access to the meter. Default account settings and weak passwords are often the source of unauthorized access by malicious users.

Follow user account management tasks as described by your organization or contact your network administrator. For example, maximum password age or history policies.

Set up Advanced security *

Advanced security is the default meter security mode. If your meter uses standard security mode, we recommend you change it to advanced.

Disable unused protocols and change default port numbers

Disable unnecessary and unused communication protocol ports, such as SFTP and network ports, to reduce the meter attack surface.

Change port number default values to reduce the predictability of port use.

See Protocols, ports, and connections.

Revenue-lock the meter and use anti-tamper sealing points Physical lock switch with tamper-evident seal to prevent remote modification of revenue parameters, settings, and data.

Validate security settings

Verify the meter security configuration.

Assign a dedicated reader for event log notifications

Assigning a dedicated reader can help prevent event log entries being overwritten before they are reviewed.

Configure syslog to store event logs

A syslog server can receive logs from multiple devices and store the log information as needed. Syslog helps maintain meter log information for extended periods of time.

See Syslog.

Operate
Monitor the event log Monitor event logs for suspicious activity and to help identify the cause of cybersecurity breaches that could lead to a cybersecurity incident.
Report a cybersecurity incident or vulnerability Report suspicious activity, a cybersecurity incident, or a vulnerability to Schneider Electric.
Maintain
Apply firmware updates Keeping your device firmware up to date helps protect you from security vulnerabilities.
Check the revenue lock and anti-tamper seals Follow your company's policies and standards by periodically checking your device locks and seals to verify that the device has not been tampered with.
Review user accounts on a regular basis

Limit user access to the minimum, least privilege level of access needed to perform their job functions.

Revoke user privileges when no longer needed due to role change, transfer, or termination.

See Limiting user access for details.

Keep your network security up to date.

Helps reduce your attack surface, decreasing the likelihood of a vulnerability.

Perform security audits

Help verify the security status of your system.

Decommission
Record decommissioning activities Document disposal actions according to your company’s policies and standards to keep a record of activities.
Wipe the device Help prevent the potential disclosure of data.
Decommission-related rules and sanitize records

Follow decommission and sanitization tasks as described by your organization or contact your network administrator.

Decommission network and security rules. For example, a firewall rule that could be used to get past the firewall.

Perform records tracking sanitization tasks to remove records in related systems. For example, monitoring SNMP servers.

Dispose, reuse, or recycle the device Follow local disposal regulations.

* For detailed information on the default meter security settings, see Default meter security settings.