Device Features
Security Features
Security features have been built into the Wireless Panel Server to help the device to operate properly and behave according to its intended purpose. These features provide security capabilities which help protect the product from potential security threats that could disrupt the product operation (availability), modify information (integrity) or disclose confidential information (confidentiality). The security capabilities features are intended to mitigate the inherent threats which are linked with the use of the Wireless Panel Server in its environment.
Credential Protection
Protection of credentials is achieved through several features:
-
The LoRa authenticity key of the Wireless Panel Server is stored in a hardware secure element (CC EAL5+ AVA_VAN.5 Common Criteria certified), that helps protect the Wireless Panel Server LoRaWAN unique device identity against physical or electronic intrusion, and damage.
-
User passwords are stored as salted and hashed passwords.
Firmware Update
Update the Wireless Panel Server to the latest firmware version using EcoStruxure Power Commission App. It enables you to obtain the latest features and keep up to date with security patches. All firmware designed for the Wireless Panel Server is signed using the Schneider Electric Public Key Infrastructure (PKI) to help to provide integrity and authenticity of the firmware running on the Wireless Panel Server .
At each firmware update, the Wireless Panel Server verifies the digital signature of the new firmware before installation.
To be informed about security updates, register with the Security Notifications service on Schneider Electric Cybersecurity Support Portal.
Secure Boot
The Wireless Panel Server can execute only authentic Schneider Electric firmware.
At each boot, the firmware digital signature is validated before execution, to help ensure that it has not been tampered with.
Disabling of Unused Features
The EcoStruxure Power Commission App allows you to deactivate unused Wireless Panel Server services and interfaces to help minimize pathways for malicious attackers.
-
The Bluetooth Low Energy interface for communication with a mobile device, such as a smartphone or tablet, is disabled by default.
The interface must first be activated to enable Bluetooth Low Energy communication. See detailed topic.
Audit Logs
The Wireless Panel Server generates audit logs that record events such as invalid login attempts and firmware updates.
The logs do not contain any personal information.
To detect unexpected behaviors (for example, frequent rebooting, incorrect firmware update, or invalid login attempts), EcoStruxure Power Commission App is used to retrieve the audit log file (syslog format).
Wireless Panel Server Pairing Control
Control of wireless communications between the Wireless Panel Server and wireless devices is enforced through a pairing mechanism. Only wireless devices that have been paired with the Wireless Panel Server can join the wireless network.
Using EcoStruxure Power Commission App, you can explicitly select IEEE 802.15.4 wireless devices that are authorized to connect to the Wireless Panel Server . In addition, there is a locate feature for checking pairing with the right device.
Once the pairing is performed, it is recommended to periodically verify the list of paired devices configured in the Wireless Panel Server to make sure that the list of devices contains no unexpected or rogue devices.
Security Events Notification
When the Wireless Panel Server is connected to the Schneider Electric cloud, it sends a security notification through EcoStruxure Facility Expert App if one the following security events occurs:
-
A temporarily-locked user access
-
A denied user access
-
A rejected invalid firmware
-
A password recovery process started
Data Protection
Data collected by the Wireless Panel Server are sent encrypted up to the Schneider Electric cloud over the LoRaWAN network. In this way data in transit over LPWAN network are protected from disclosure and modification.