Device security capabilities
Information confidentiality
These security capabilities help protect the confidentiality of information through secure protocols that help prevent unauthorized users from reading information in transit.
Physical security
These security capabilities together with perimeter security help prevent unauthorized access to revenue-related parameters and settings or leave clear evidence that the device has been physically tampered with:
-
Physical revenue-lock switch on the meter is used to help prevent unauthorized access to the meter, parameter values and settings.
-
Meter lock status indicators are used to determine if the meter is revenue locked, i.e. LED lock status indicator on device and revenue lock icon on the display.
-
Multiple anti-tamper sealing points are used to help prevent access and leaves evidence of tampering.
Configuration
These security capabilities support the analysis of security events, help protect the device from unauthorized alteration and records configuration changes and user account events:
-
Internal time synchronization.
-
Meter configuration event logging.
-
Timestamps, including date and time, match the meter clock.
-
Internal FTP site to store files in the meter’s flash memory, such as: webpages, COMTRADE records and firmware files.
User accounts
These security capabilities help enforce authorizations assigned to users, segregation of duties and least privilege:
-
User authentication is used to identify and authenticate software processes and devices managing accounts.
-
Least privilege configurable in multiple dimensions: read, peak demand reset, time sync, test mode, meter configuration and security communications configuration.
-
User account lockout with 5 unsuccessful login attempts.
-
Administrators can override user authorizations by deleting their account.