Recommended Secure Hardening Guidelines - Eaton PowerXL DM1 Series Applications Manual

Recommended secure hardening guidelines

Introduction
This section "secure configuration" or "hardening" guidelines provide information to the users to securely deploy and
maintain this product to adequately minimize the cybersecurity risks to their system.
Eaton is committed to minimizing the Cybersecurity risk in its products and deploys cybersecurity best practices and
latest cybersecurity technologies in its products and solutions; making them more secure, reliable and competitive for our
customers. Eaton also offers Cybersecurity Best Practices whitepapers to its customers that can be referenced at
www.eaton.com/cybersecurity
PowerXL - secure configuration guidelines
Category
Asset identification and Inventory
Restrict Physical access
POWERXL DM1 SERIES VARIABLE FREQUENCY DRIVE
Description
Keeping track of all the devices in the system is a pre-requisite for effective management of Cybersecurity of a
system. Ensure you maintain an inventory of all the components in your system in a manner in which you uniquely
identify each component. To facilitate this PowerXL Series VFD supports the following identifying information -
manufacturer, type, serial number, f/w version number, and location.
Customers/users can read following information from product label
• Model Number
• Serial Number
• Device Name
Information specific to communication protocols is available form parameter menu as below
• IP Address Mode
• Active IP Address
• MAC Address
See application manual for these parameter locations.
Industrial Control Protocols don't offer cryptographic protections at protocol level leaving them exposed to
Cybersecurity risk. Physical security is an important layer of defense in such cases. PowerXL Series VFD is
designed with the consideration that it would be deployed and operated in a physically secure location.
• Eaton suggests that physical access to cabinets and/or enclosures containing PowerXL Series VFD and the
associated system should be restricted, monitored and logged at all times.
• Physical access to the communication lines should be restricted to prevent any attempts of wiretapping,
sabotage. It's a best practice to use metal conduits for the communication lines running between one cabinet
to another cabinet.
• Attacker with unauthorized physical access to the device could cause serious disruption of the device
functionality. A combination of physical access controls to the location should be used, such as locks, card
readers, and/or guards etc.
• PowerXL Series VFD supports the following physical access ports,
• RJ45 connector for removable keypad as well as Modbus RTU communications
• RJ45 for EtherNet IP/Modbus TCP communications
• Terminal block for Modbus RTU and other Digital IOs
Eaton suggests access to above physical ports need to be restricted.
MN040049EN—September 2021 www.eaton.com
Application notes
243