System Defense in Depth

NOTICE
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY Install routers, switches, or hubs that may be needed for interconnection of The Flex-Server and Cloud Portal to be accessible by authorized personnel only. Ensure that the network only opens the ports required by the system. For network segmentation, ensure Flex-Server network design and Cloud API access is planned and implemented according to current guidelines and best practices. The Flex-Server must be isolated from critical systems on the network. Ecostruxure Buildings Activate solution is a connected offer with devices installed at a customer site, and a Cloud portal to manage those devices. Various cybersecurity strategies need to be implemented to protect the system, including perimeter hardening, network hardening and more. The Flex-Server and sensors support signed and authenticated firmware upgrades. Please ensure that the firmware is regularly updated (via the Cloud portal or Flex-Server) to ensure that the latest security and vulnerability patches are implemented. Only firmware signed by the Schneider Electric public key infrastructure is supported by the system. Failure to follow these instructions can result in equipment damage.

NOTICE

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Install routers, switches, or hubs that may be needed for interconnection of The Flex-Server and Cloud Portal to be accessible by authorized personnel only.
Ensure that the network only opens the ports required by the system.
For network segmentation, ensure Flex-Server network design and Cloud API access is planned and implemented according to current guidelines and best practices. The Flex-Server must be isolated from critical systems on the network.
Ecostruxure Buildings Activate solution is a connected offer with devices installed at a customer site, and a Cloud portal to manage those devices. Various cybersecurity strategies need to be implemented to protect the system, including perimeter hardening, network hardening and more.
The Flex-Server and sensors support signed and authenticated firmware upgrades. Please ensure that the firmware is regularly updated (via the Cloud portal or Flex-Server) to ensure that the latest security and vulnerability patches are implemented. Only firmware signed by the Schneider Electric public key infrastructure is supported by the system.

Failure to follow these instructions can result in equipment damage.

All system components that may be used to integrate the Flex-Server and/or the Cloud API must be secured.