Identifying and Protecting Sensitive and Critical Information and Operations
Overview
When planning and designing an operational technology network, it is important to identify information that is critical or sensitive for your operations. Once identified, this information must be protected.
As a general principle:
-
Critical information includes data and operations accessible through the MasterPacT, ComPacT, and PowerPacT IMU (for example, status of the circuit breaker, trip, or open/close command).
-
Sensitive information includes any information that can be used to access your installation and your operational technology network (for example, passwords or access codes for equipment or for locked rooms).
It is your responsibility to determine how this information could be analyzed and used against your organization best interest.
Information About the Enterprise Communication Network
Sensitive information that can be used to access your installation and control network includes:
-
Your system architecture
-
IP addresses or MAC addresses of networked communicating devices
-
Port numbers used for Ethernet communication
-
User IDs and user passwords
This list is not exhaustive, and it is important to consider all information specific to your organization that can facilitate access to critical systems.
Access Control
An important part of cybersecurity consists in designing an effective access control policy. Access control consists in identifying groups of users or individual employees within your organization, and determining the type and the level of access they need to carry out their jobs effectively.
Summary of Information and Operations Accessible Through Each Access Path
Depending on the communication interface or the communication path used to access the MasterPacT, ComPacT, and PowerPacT intelligent modular unit (IMU), the information and control operations available are different.
The following table summarizes access to information and control operations through the MasterPacT MTZ IMU with MicroLogic X control unit:
|
Information and control operations |
Local access |
Remote access |
||||
|---|---|---|---|---|---|---|
|
MicroLogic X HMI |
FDM121 display |
Bluetooth Low Energy technology |
USB |
Ethernet / Modbus-SL |
||
|
Data monitoring |
Read |
Read |
Read |
Read |
Read |
Read |
|
Protection settings |
Read/Write |
Read |
Read |
Read/Write |
Read/Write |
Read/Write |
|
Other settings |
Read/Write |
Read |
Read |
Read/Write |
Read/Write |
Read/Write |
|
Open/Close/Reset |
No |
Yes |
No |
Yes |
Yes |
Yes |
The following table summarizes access to information and control operations through the MasterPacT MTZ IMU with MicroLogic Active control unit:
|
Information and control operations |
Local access |
Remote access |
||||
|---|---|---|---|---|---|---|
|
MicroLogic Active HMI |
FDM121 display |
USB |
Ethernet / Modbus-SL |
|||
|
Data monitoring |
Read |
Read |
Read |
Read |
Read |
Read |
|
Protection settings |
Read/Write |
Read |
Read |
Read/Write |
No |
Read |
|
Other settings |
Read/Write |
Read |
Read |
Read/Write |
Read |
Read |
|
Open/Close/Reset |
No |
Yes, in Auto Local control mode only |
No |
Yes |
No |
Yes, in Auto Remote control mode only |
The following table summarizes access to information and control operations through the MasterPacT NT/NW, ComPacT NS, and PowerPacT P- and R-Frame IMU:
|
Information and control operations |
Local access |
Remote access |
||
|---|---|---|---|---|
|
MicroLogic HMI |
FDM121 display |
Test port |
Ethernet / Modbus-SL |
|
|
Data monitoring |
Read |
Read |
Read |
Read |
|
Protection settings |
Read/Write |
Read |
Read/Write |
Read/Write |
|
Other settings |
Read/Write |
Read |
Read/Write |
Read/Write |
|
Open/Close/Reset |
No |
Yes |
Yes |
Yes |
The following table summarizes access to information and control operations through the ComPacT NSX and PowerPacT H-, J-, and L-Frame IMU:
|
Information and control operations |
Local access |
Remote access |
||
|---|---|---|---|---|
|
MicroLogic HMI |
FDM121 display |
Test port |
Ethernet / Modbus-SL |
|
|
Data monitoring |
Read |
Read |
Read |
Read |
|
Protection settings |
Read/Write |
Read |
Read/Write |
Read/Write |
|
Other settings |
Read/Write |
Read |
Read/Write |
Read/Write |
|
Open/Close/Reset |
No |
Yes |
Yes |
Yes |
For information on protecting each communication interface and access path, see the recommendations for local access or for remote access, as appropriate.