Security
consideration
Configuration
Interfaces
• Enabled interfaces are limited (only BLE enabled).
• WiFi is disabled by default.
• Hardware-based debug is restricted (Physical connectors are removed)
Network
• Firewall-based access is enforced
• Data flow to headend is encrypted via TLS 1.2 with strong ciphers
• BLE 5.0 incorporated.
• Cloud back-end is continuously monitored by Xylem product security operations
center (PSOC)
Mobile Application • Mobile application authentication is implemented
• Application is hardened with upgrades available on App Store
• Sensitive data is not stored in mobile application storage
• Security-relevant events are logged
10.3 Optimyze Security Recommendations for End-User
While such measures are desirable and are strictly implemented by Xylem during the
development process and have been rigorously tested by the security engineers, it is also
recommended that customers apply additional safeguards consistent with their cybersecurity
policy.
Safeguard
Rationale
References
• Ensure access to customer-
managed assets in the
Customer’s Operating
Environment is limited. Include
physical isolation to protect the
environment and equipment
therein.
• Ensure strict control over
physical access in and out of
the customer’s facility.
• Report any security-related
incidents associated with
Optimyze device to Xylem.
These might include
unexpected operations,
confirmed tampering, or theft of
the device.
(
Supports the ability to further limit
exposure (or damage) as
associated with network-based
threats and physical threats.
ATT&CK for ICS: M0801
NIST SP 800-53 Rev. 5: AC-3
ISA/IEC 62443-3-3:2013: SR 2.1
ISA/IEC 62443-4-2:2019: CR 2.1
Role Based Access Control
(RBAC) is recommended: User
registration is performed by the
user via app. Recommend that
each account is tied to an
individual.
Ensures low level accounts do not
perform privileged actions.
ATT&CK for ICS: M0801
NIST SP 800-53 Rev. 5: AC-3 (7)
Ensure Magnet Key is removed
after putting the device in
Configuration Mode so that the
device does not re-enter
Configuration Mode unexpectedly
and enable alternative access to
your data.
Provides additional checks and
ensures no unexpected
connections from Bluetooth
devices.
ISA/IEC 62443-4-2:2019: CR.4.1
NIST SP 800-53 Rev. 5: AC-18
ISA/IEC 62443-4-2:2019:
NDR.1.6
10 Cybersecurity
Smart Pump Range INSTRUCTION MANUAL
51
Содержание GOULDS e-AB Series
Страница 1: ...INSTRUCTION MANUAL IM326 Rev 2 Smart Pump Range Variable Speed Pump Unit...
Страница 2: ......
Страница 55: ......
