Cybersecurity
Copyright © 2019 Eaton Corporation. All Rights Reserved.
IPN March 2019
135
Category
Description
Secure Network Access
Eaton recommends segmentation of networks into logical
enclaves and restriction of the communication to host-to-
host paths. This helps to protect sensitive information and
critical services, and limits damage from network perimeter
breaches. At a minimum, a utility Industrial Control Systems
network should be segmented into a three-tiered
architecture (as recommended by NIST SP800-82[R3]) for
better security control.
Make sure that you deploy adequate network protection
devices like Firewalls, Intrusion Detection / Protection
devices.
Communication Protection
EFX48 provides the option to encrypt the network traffic -
please ensure that encryption options are not disabled.
Following see page 82 for details on how to configure secure
communication capabilities in the product.
Please find detailed information about various Network
level protection strategies in Eaton Cybersecurity
Considerations for Electrical Distribution Systems [Ref1].
Note: Many compliance frameworks and cybersecurity best
practices require an audit of ports and services before and
after applying updates and system changes. An end user
should be able to refer to the ports and services
documentation to determine the expected minimal set of
ports and services on a device.
Remote Access
Remote access to devices/systems represents a provision of
control to an external party. Strict management and
validation of termination of such access is vital for
maintaining control over the overall ICS security.
Logging and Event Management
The EFX48 provides the ability to log all user changes, as
well as all events.
Eaton suggest that all logs are backed up and are retained
for a minimum of 3 months or as per organization’s security
policy.
-
Perform log review at a minimum every 15 days.
-
See the Logging section on page 108
3
rd
Party / COTS Security
Any third party component/libraries used to run software
/application should not have any publicly known
Critical/High vulnerabilities.
-
Users are recommended to keep update the Commercial-
off-the-shelf [COTS] components (e.g. an application
running on Windows). It is recommended to contact the
vendors for security related patches. Vulnerabilities
affecting the COTS components can be tracked on
National Vulnerability Database (NVD)
Summary of Contents for EFX48 e-Fuse Series
Page 9: ......
Page 50: ......
Page 54: ......
Page 88: ......
Page 157: ...Menu Map Copyright 2019 Eaton Corporation All Rights Reserved IPN March 2019 157...