7EN02-0390-03

Device security capabilities

This section describes the security capabilities available with your device.

Information confidentiality

These security capabilities help protect the confidentiality of information through secure protocols that employ cryptographic algorithms, key sizes and mechanisms used to help prevent unauthorized users from reading information in transit, i.e. SSH, SFTP and HTTPS.

Physical security

These security capabilities together with perimeter security help prevent unauthorized access to revenue-related parameters and settings or leave clear evidence that the device has been physically tampered with:

  • Physical revenue-lock switch on the meter is used to help prevent unauthorized access to the meter, parameter values and settings.

  • Meter lock status indicators are used to determine if the meter is revenue locked, i.e. LED lock status indicator on device and revenue lock icon on the display.

  • Multiple anti-tamper sealing points are used to help prevent access and leaves evidence of tampering.

See “Revenue locking” for details about physically locking and sealing the device.

Configuration

These security capabilities support the analysis of security events, help protect the device from unauthorized alteration and records configuration changes and user account events:

  • Internal time synchronization.

  • Time source integrity protection and meter configuration event logging.

  • Timestamps, including date and time, match the meter clock.

  • SSH server hosts an internal SFTP site and stores files in the meter’s flash memory, such as: webpages, COMTRADE records and firmware files.

  • Settings can be saved as a Security Configuration File (.scf) using ION Setup.

  • Embeds user information with changes.

  • Offload information to syslog or a protected storage or retention location.

User accounts and privileges

These security capabilities help enforce authorizations assigned to users, segregation of duties and least privilege:

  • User authentication is used to identify and authenticate software processes and devices managing accounts.

  • Least privilege configurable in multiple dimensions: read, peak demand reset, time sync, test mode, meter configuration and security communications configuration.

  • User account lockouts configurable with number of unsuccessful login attempts.

  • Use control is used in Advanced security mode to restrict allowed actions to the authorized use of the control system.

  • Supervisors can override user authorizations by deleting their account.

  • Password strength feedback using ION Setup.

Hardening

These security capabilities help prohibit and restrict the use of unnecessary functions, ports, protocols and/or services:

  • Least functionality can be applied to prohibit and restrict the use of unnecessary functions, ports, protocols and/or services.

  • Port numbers can be changed from default values to lower the predictability of port use.

  • Session lock is used to require sign in after a configurable time-period of inactivity for webpages, display, but not ION protocol.

  • Session termination is used to terminate a session automatically after a configurable time-period of inactivity or manually by the user who initiated the session.

  • Concurrent session control to limit the number of concurrent sessions with each interface.

System upgrades and backups

This security capability helps protect the authenticity of the firmware running on the meter and facilitates protected file transfer: digitally signed firmware is used to help protect the authenticity of the firmware running on the meter and only allows firmware generated and signed by Schneider Electric.

Threat intelligence

These security capabilities help provide a method to generate security-related reports and manage event log storage:

  • Machine and human-readable reporting options for current device security settings.

  • Audit event logs to identify:

    • Meter configuration changes.

    • Energy management system events.

  • Audit record storage capacity communication to notify a user when the threshold is approaching.

  • Audit storage capacity of 5,000 event logs by default and alternate methods for log management.

  • Time source integrity protection and event logged when changed.

Secure disposal

These security capabilities help release the device from active service and prevent the potential disclosure of data:

  • Purging of shared memory resources through device wiping and other decommissioning tasks.

  • Physical (recommended) or sustainable device disposal possibilities.

QR code for this page

Was this helpful?