Cybersecurity Recommendations

Overview

The MasterPacT MTZ circuit breaker with its MicroLogic Active control unit is a key component of your installation. It offers multiple communication features that bring greater efficiency and flexibility in managing your installation. However the features also make it potentially vulnerable to cyber attacks.

This section lists some of the elementary precautions that you must take to protect the communications paths that give access to information about your installation, and control over it.

The communication paths to protect include:

Local access communication paths
- FDM121 display
- Wireless NFC communication
- The USB-C port
- MicroLogic Active HMI
- Zigbee wireless communication paths for MicroLogic Active AP/EP control units
Remote access communication paths
- The Ethernet network when the IFE or EIFE interface is present
- The Modbus-SL network when the IFM interface is present

For more detailed information about cybersecurity for the MasterPacT MTZ circuit breakers, refer to DOCA0122•• MasterPacT, ComPacT, PowerPacT - Cybersecurity Guide.

General Cybersecurity Recommendations

WARNING
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY Change default passwords and PIN codes at first use to help prevent unauthorized access to device settings, controls, and information. Disable unused ports/services and default accounts to help minimize pathways for malicious attackers. Place networked devices behind multiple layers of cyber defenses (such as firewalls, network segmentation, and network intrusion detection and protection). Use cybersecurity best practices (for example, least privilege, separation of duties) to help prevent unauthorized exposure, loss, modification of data and logs, or interruption of services. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Change default passwords and PIN codes at first use to help prevent unauthorized access to device settings, controls, and information.
Disable unused ports/services and default accounts to help minimize pathways for malicious attackers.
Place networked devices behind multiple layers of cyber defenses (such as firewalls, network segmentation, and network intrusion detection and protection).
Use cybersecurity best practices (for example, least privilege, separation of duties) to help prevent unauthorized exposure, loss, modification of data and logs, or interruption of services.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

For a general introduction to cybersecurity threats and how to address them, refer to How Can I Reduce Vulnerability to Cyber Attacks?.

Cybersecurity Recommendations for Local Access Communication Paths

To help protect local access communication paths, it is recommended to:

Keep locked the enclosure where the MasterPacT MTZ circuit breaker is located so that no unauthorized person can access the MicroLogic Active control unit.

Specific Cybersecurity Recommendations for Wireless NFC Communication

To protect access to data accessible through NFC, it is recommended to make sure that the smartphones running the EcoStruxure Power Device app are password-protected and for professional use only.

Specific Cybersecurity Recommendations for USB Connection

To protect access to functions accessible through a USB connection on the MicroLogic Active control unit, it is recommended that:

The PCs running the monitoring software are hardened following the guidelines provided in DOCA0122•• MasterPacT, ComPacT, PowerPacT - Cybersecurity Guide.
The most up-to-date hardening methods for the operating system are running on your PCs.

Specific Cybersecurity Recommendations for USB OTG Connection

To protect access to functions accessible through a USB OTG connection on the MicroLogic Active control unit, it is recommended that:

The smartphones running the EcoStruxure Power Device app are hardened following the guidelines provided in DOCA0122•• MasterPacT, ComPacT, PowerPacT - Cybersecurity Guide.
The most up-to-date hardening methods for the operating system are running on your smartphones.

Specific Cybersecurity Recommendations for Zigbee Wireless Communication

Zigbee wireless communication is vulnerable to disruption by unauthorized radio emissions in the operating environment. To protect access to functions accessible through Zigbee wireless communication, it is recommended that:

The MicroLogic Active AP/EP control unit is not connected to malicious networks.
The Zigbee network is checked regularly to ensure that all devices are valid.
All devices on the Zigbee network are rediscovered if any device is invalid.
The commissioning of Zigbee wireless devices is done in a place secure from rogue radio transmitters, such as an administrator room.

Cybersecurity Recommendations for Remote Access Communication Paths Through a Communication Network

When the MasterPacT MTZ circuit breaker is connected to a communication network through the IFE, EIFE or IFM interface, it is recommended to:

Follow general security rules to protect your network.
Only activate Auto Remote control mode when required.
Make sure that the PCs running the monitoring software are hardened following the guidelines provided in DOCA0122•• MasterPacT, ComPacT, PowerPacT - Cybersecurity Guide, and with the most up-to-date hardening methods for the operating system running on your PCs.