Eaton Ccoe Cybersecurity Recommendations - Eaton LoadStar-S JSB Mounting And Operating Instruction

43 Eaton CCOE Cybersecurity Recommendations

43 Eaton CCOE
Cybersecurity Recommendations
Product Team Guidlines
LoadStar-S has been designed with cybersecurity as
an important consideration.
offered in the product to address cybersecurity risks.
These Cybersecurity Recommendations provide informa-
tion to help users to deploy and maintain the product in
a manner that minimizes the cybersecurity risks. These
Cybersecurity Recommendations are not intended to pro-
vide a comprehensive guide to cybersecurity, but rather to
complement customers' existing cybersecurity programs.
Eaton is committed to minimizing the cybersecurity risk
in its products and deploying cybersecurity best practices
in its products and solutions, making them more secure,
reliable and competitive for customers.
The following Eaton whitepapers are available for more
information on general cybersecurity best practices and
guidelines:
Cybersecurity Considerations for Electrical Distribution
Systems (WP152002EN):
http://www.eaton.com/ecm/groups/public/@pub/@eaton/@
corp/documents/content/pct_1603172.pdf
Cybersecurity Best Practices Checklist Reminder
(WP910003EN):
http://www.cooperindustries.com/content/dam/public/
powersystems/resources/library/1100_EAS/WP910003EN.
pdf
Category
Asset Management
Risk Assessment
Physical Security
92
Mounting- and Operating Instruction Eaton LoadStar-S JSB 40071860396 March 2021 www.ceag.de
A number of features are
Description
Keeping track of software and hardware assets in your environment is a pre-requisite for effectively
managing cybersecurity. Eaton recommends that you maintain an asset inventory that uniquely identifies
each important component. To facilitate this, LoadStar-S supports the following identifying information:
- manufacturer, type, serial number, f/w version number, and location.
- publisher, name, version, and version date.
Please read the corresponding pages of the manual to get information how to find out these parameters.
Eaton recommends conducting a risk assessment to identify and assess reasonably foreseeable internal
and external risks to the confidentiality, availability and integrity of the system | device and its environ-
ment. This exercise should be conducted in accordance with applicable technical and regulatory frame-
works such as IEC 62443. The risk assessment should be repeated periodically.
An attacker with unauthorized physical access can cause serious disruption to system functionality.
Additionally, Industrial Control Protocols don't offer cryptographic protections, making ICS and SCADA
communications especially vulnerable to threats to their confidentiality. Physical security is an impor-
tant layer of defense in such cases. LoadStar-S is designed to be deployed and operated in a physically
secure location. Following are some best practices that Eaton recommends to physically secure your
system:
- Secure the facility and equipment rooms or closets with access control mechanisms such as locks,
entry card readers, guards, man traps, CCTV, etc. as appropriate.
- Restrict physical access to cabinets and/or enclosures containing LoadStar-S and the associated sys-
tem. Monitor and log the access at all times.
- Physical access to the telecommunication lines and network cabling should be restricted to protect
against attempts to intercept or sabotage communications. It's a best practice to use metal conduits
for the network cabling running between equipment cabinets.
- LoadStar-S supports the following physical access ports: RJ-45 / USB / SD-Card slot
Access to these ports should be restricted.
- Do not connect removable media (e.g., USB devices, SD cards, etc.) for any operation (e.g., firmware
upgrade, configuration change, or boot application change) unless the origin of the media is known and
trusted.
- Before connecting any portable device through a USB port or SD card slot, scan the device for malware
and viruses.
References
[R1] Cybersecurity Considerations for Electrical
Distribution Systems (WP152002EN):
http://www.eaton.com/ecm/groups/public/@pub/@eaton/@
corp/documents/content/pct_1603172.pdf
[R2] Cybersecurity Best Practices Checklist Reminder
(WP910003EN):
http://www.cooperindustries.com/content/dam/public/
powersystems/resources/library/1100_EAS/WP910003EN.
pdf
[R3] NIST SP 800-82 Rev 2, Guide to Industrial Control
Systems (ICS) Security, May 2015:
https://ics-cert.us-cert.gov/Standards-and-References
[R4] National Institute of Technology (NIST)
Interagency "Guidelines on Firewalls and Firewall
Policy, NIST Special Publication 800-41" , October 2009:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpub-
lication800-41r1.pdf
[R5] NIST SP 800-88, Guidelines for Media
Sanitization, September 2006:
http://ws680.nist.gov/publication/get_pdf.cfm?pub_
id=50819