Cybersecurity Recommendations

Overview

The MasterPacT MTZ circuit breaker with its MicroLogic Active control unit is a key component of your installation. It offers multiple communication features that bring greater efficiency and flexibility in managing your installation. However the features also make it potentially vulnerable to cyber attacks.

This section lists some of the elementary precautions that you must take to protect the communications paths that give access to information about your installation, and control over it.

The communication paths to protect include the following local access communication paths:

Wireless NFC communication
The USB-C port
MicroLogic Active HMI
IEEE 802.15.4 wireless communication paths for MicroLogic Active AP/EP control units

For more detailed information about cybersecurity for the MasterPacT MTZ circuit breakers, refer to DOCA0122•• MasterPacT, ComPacT, PowerPacT - Cybersecurity Guide.

General Cybersecurity Recommendations

WARNING
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY Change default passwords and pin codes at first use to help prevent unauthorized access to device settings, controls, and information. Disable unused ports/services and default accounts to help minimize pathways for malicious attackers. Place networked devices behind multiple layers of cyber defenses (such as firewalls, network segmentation, and network intrusion detection and protection). Use cybersecurity best practices (for example, least privilege, separation of duties) to help prevent unauthorized exposure, loss, modification of data and logs, or interruption of services. Failure to follow these instructions can result in death, serious injury, or equipment damage.

WARNING

POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND CONFIDENTIALITY

Change default passwords and pin codes at first use to help prevent unauthorized access to device settings, controls, and information.
Disable unused ports/services and default accounts to help minimize pathways for malicious attackers.
Place networked devices behind multiple layers of cyber defenses (such as firewalls, network segmentation, and network intrusion detection and protection).
Use cybersecurity best practices (for example, least privilege, separation of duties) to help prevent unauthorized exposure, loss, modification of data and logs, or interruption of services.

Failure to follow these instructions can result in death, serious injury, or equipment damage.

For a general introduction to cybersecurity threats and how to address them, refer to How Can I Reduce Vulnerability to Cyber Attacks?.

Cybersecurity Recommendations for Local Access Communication Paths

To help protect local access communication paths, it is recommended to:

Keep locked the enclosure where the MasterPacT MTZ circuit breaker is located so that no unauthorized person can access the MicroLogic Active control unit.

Specific Cybersecurity Recommendations for Wireless NFC Communication

To protect access to data accessible through NFC, it is recommended to make sure that the smartphones running the EcoStruxure Power Device app are password-protected and for professional use only.

Specific Cybersecurity Recommendations for USB Connection

To protect access to functions accessible through a USB connection on the MicroLogic Active control unit, it is recommended that:

The PCs running the monitoring software are hardened following the guidelines provided in DOCA0122•• MasterPacT, ComPacT, PowerPacT - Cybersecurity Guide.
The most up-to-date hardening methods for the operating system are running on your PCs.

Specific Cybersecurity Recommendations for USB OTG Connection

To protect access to functions accessible through a USB OTG connection on the MicroLogic Active control unit, it is recommended that:

The smartphones running the EcoStruxure Power Device app are hardened following the guidelines provided in DOCA0122•• MasterPacT, ComPacT, PowerPacT - Cybersecurity Guide.
The most up-to-date hardening methods for the operating system are running on your smartphones.

Specific Cybersecurity Recommendations for IEEE 802.15.4 Wireless Communication

IEEE 802.15.4 wireless communication is vulnerable to disruption by unauthorized radio emissions in the operating environment. To protect access to functions accessible through IEEE 802.15.4 wireless communication, it is recommended that:

The MicroLogic Active AP/EP control unit is not connected to malicious networks.
The IEEE 802.15.4 network is checked regularly to ensure that all devices are valid.
The IEEE 802.15.4 network is repaired if any device is invalid.
The commissioning of IEEE 802.15.4 wireless devices is done in a place secure from rogue radio transmitters, such as an administrator room.