7.1 Cyber security
This product is designed to be connected to and to communicate information and data via a
network interface. It is your sole responsibility to provide and continuously ensure a secure con-
nection between the product and your network or any other network (as the case may be). You
shall establish and maintain any appropriate measures (such as but not limited to the installation
of firewalls, application of authentication measures, encryption of data, installation of anti-virus
programs, etc.) to protect the product, the network, its system and the interface against any kind
of security breaches, unauthorized access, interference, intrusion, leakage and/or theft of data
or information. ABB Ltd and its affiliates are not liable for damages and/or losses related to such
security breaches, any unauthorized access, interference, intrusion, leakage and/or theft of data
or information.
Although ABB provides functionality testing on the products and updates that we release,
you should institute your own testing program for any product updates or other major system
updates (to include but not limited to code changes, configuration file changes, third party
software updates or patches, hardware exchanges, etc.) to ensure that the security measures
that you have implemented have not been compromised and system functionality in your envi-
ronment is as expected. This also applies to the operating system. Security measures (such
as but not limited to the installation of latest patches, installation of firewalls, application of
authentication measures, installation of anti-virus programs, etc.) are in your responsibility. You
have to be aware that operating systems provide a considerable number of open ports that
should be monitored carefully for any threats.
It has to be considered that online connections to any devices are not secured. It is your
responsibility to assure that connections are established to the correct device (and e.g. not to an
unknown device pretending to be a known device type). Furthermore you have to take care that
confidential data exchanged with the PLC is either compiled or encrypted.
Security details for industrial automation is provided on ABB website in a
The firmware update files for the AC500 V3 PLC are digitally signed releases by ABB. During
the update process, these signatures are validated by a hardware security component in the
PLC. This way, the AC500 V3 PLC will only update with valid, authentic firmware, signed by
ABB.
As part of the ABB security concept the AC500 V3 PLC comes with minimal services opened by
default. Only the services needed for initial setup and programming are open before any user
application is downloaded.
Only used services/ports should be enabled (e.g. to enable the functionality of
an FTPS server).
An application can be encrypted and signed in order to protect a running application in an
AC500 V3 PLC and to protect a configured project. How to set-up the user management, the
communication and the boot application in order to prevent unauthorized access is explained in
the application note
AC500 V3 - Encrypt and sign your application
.
Whenever possible, use an encrypted communication between AC500 V3 devices and third
party devices, such as HMI devices. This is necessary to protect passwords and other data.
Cyber security
disclaimer
Security related
deployment
guidelines for
industrial
automation
Signed firmware
updates
Open ports and
services
Encrypted and
signed applica-
tions
Secure commu-
nication
Configuration and programming
Cyber security
2023/03/03
3ADR011074, 1, en_US
74