Woodward Flex500 Product Manual
  1. Manuals
  2. Brands
  3. Woodward Manuals
  4. Controller
  5. Flex500
  6. Product manual

Woodward Flex500 Product Manual

Digital engine control
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Released
Product Manual 35238
(Revision -, 11/2024)
Original Instructions
Flex500 Digital Engine Control
Security Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Flex500 and is the answer not in the manual?

Questions and answers

Related Manuals for Woodward Flex500

Summary of Contents for Woodward Flex500

  • Page 1 Released Product Manual 35238 (Revision -, 11/2024) Original Instructions Flex500 Digital Engine Control Security Manual...
  • Page 2 Revisions— A bold, black line alongside the text identifies changes in this publication since the last revision. Woodward reserves the right to update any portion of this publication at any time. Information provided by Woodward is believed to be correct and reliable. However, no responsibility is assumed by Woodward unless otherwise expressly undertaken.

  • Page 3: Table Of Contents

    PTIONS Product Support Options ..........................19 Product Service Options ..........................19 Returning Equipment for Repair ......................... 20 Replacement Parts ............................20 Engineering Services ..........................20 Contacting Woodward’s Support Organization ................... 21 Technical Assistance ..........................22 ........................23 EVISION ISTORY Woodward...

  • Page 4: Illustrations And Tables

    Illustrations and Tables Figure 1-1. Purdue Model ..........................9 Figure 3-1. Defense in Depth ........................10 Figure 5-1. Potential Attack Vectors ......................15 The following are trademarks of Woodward, Inc.: Flex500 Servlink The following are trademarks of their respective companies:...

  • Page 5: Warnings And Notices

    Released Manual 35238 Flex500 Digital Engine Control Warnings and Notices Important Definitions This is the safety alert symbol used to alert you to potential personal injury hazards. Obey all safety messages that follow this symbol to avoid possible injury or death.
  • Page 6 Released Manual 35238 Flex500 Digital Engine Control Be prepared to make an emergency shutdown when starting the engine, turbine, or other type of prime mover, to protect against runaway or overspeed with possible personal injury, loss of life, or property damage.

  • Page 7: Electrostatic Discharge Awareness

    Do not touch the components or conductors on a printed circuit board with your hands or with conductive devices. To prevent damage to electronic components caused by improper handling, read and observe the precautions in Woodward manual 82715 , Guide for Handling and Protection of Electronic Controls, Printed Circuit Boards, and Modules.

  • Page 8: Regulatory Compliance

    MANUAL - 505HT FOR FRANCIS / KAPLAN TURBINES Special Condition for Safe Use The Flex500/505/Vertex Family was developed without a secure development life cycle process prior to the realization of current cybersecurity standards, and as such, shall not be considered a cybersecure product.

  • Page 9: Purpose

    This manual provides a description of the cybersecurity (“security”) context and strategies for the Flex500 digital engine control referred as the Flex500 in the rest of this manual. The manual covers security configurations, user access information, decommissioning, and security alert reporting, and notification.

  • Page 10: Chapter 2. Industrial Cybersecurity Basics

    Where Does the Flex500 Live in a Purdue Model-based OT Network? The Flex500 lives at level 1 of the Purdue model illustrated in Figure 1-1. Level 1 contains basic control equipment. These consist of complex controllers, PLC’s, monitoring equipment, and other equipment required to maintain control of the process.

  • Page 11: Denial Of Service (Dos) Protection

    DoS attacks can occur on the Ethernet and CAN interfaces. The Flex500 does not have integrated capabilities to deal with these attacks. It is up to the system and/or controller network to ensure that communications are clean and do not overload the Flex500.

  • Page 12: Chapter 3. Defense In Depth (Did)

    Defense in Depth is a strategy that leverages multiple layers of security to protect an organization's assets. The concept is that if one layer of defense is compromised, additional layers exist to help ensure that threats are stopped before the Flex500 is compromised. Figure 3-1. Defense in Depth...
  • Page 13 The earlier the warning occurs the better. The Flex500 is a panel mounted control generally in a cabinet on a panel or on a cabinet surface, so physical protection for the cabinet and its environment should be provided to ensure that only approved personnel have access to the control.

  • Page 14: Access Controls

    Flex500 should be hardened and have all security updates applied. Service Tools Woodward provides an array of software tools that can provide functions from monitoring to full Flex500 operation and configuration. Ensure that only Woodward or Flex500 provider approved tools are used to interact with the Flex500.

  • Page 15: Chapter 4. Communication Ports

    Default Open Ethernet Ports Below is a list of commonly used ethernet ports for Flex500 service and application interfacing with external devices; however, not all ports may be in use for a particular application. Contact your application provider for a list of open ports.

  • Page 16: Chapter 5. Attack Scenarios

    To help combat DoS attacks, the system should provide network appliances to detect intrusion, provide rate limiting, and provide deep packet inspection. The appliances should be external to the control, but within the same secure network zone. This will help ensure that the Flex500 remains responsive. Woodward...
  • Page 17 Released Manual 35238 Flex500 Digital Engine Control Security Appliances CAPEC Attack (Vectors) • Altered OPC S/W Digital • File Integrity Man- Signatures communication in-the- • Injection of Modbus Middle commands • Policy LDAP Protected Components • No Defaults RADIUS User Commands and Input •...

  • Page 18: Chapter 6. Flex500 Security Overview

    DoS attacks and malicious messaging. From a physical accessibility perspective, the Flex500 is located within a cabinet or on a panel. As such, the cabinet and cabling shall be safeguarded in order to protect datalink and hardwired sensor and actuation interfaces with the Flex500.

  • Page 19: Chapter 7. Security References

    Examples of these actions range from simple human error up to and including malicious attacks resulting in damage to the Flex500 and damage to equipment connected to the Flex500.

  • Page 20: Chapter 8. Security Notifications And Patching

    The Woodward Product Security Incident Response Team (PSIRT) is notified of security incidents related to Woodward secure products. The PSIRT analyzes the incident report and decides how best to deal with the issue. Depending on the severity of the issue, the PSIRT may: •...

  • Page 21: Chapter 9. Product Support And Service Options

    Service Distributor or the OEM or Packager of the equipment system, based on the standard Woodward Product and Service Warranty (Woodward North American Terms and Conditions of Sale 5-09-0690) that is in effect at the time the product is originally shipped from Woodward or a service is performed: •...

  • Page 22: Returning Equipment For Repair

    • The unit serial number, which is also on the nameplate Engineering Services Woodward offers various Engineering Services for our products. For these services, you can contact us by telephone, by email, or through the Woodward website. • Technical Support •...

  • Page 23: Contacting Woodward's Support Organization

    Field Service engineering on-site support is available, depending on the product and location, from many of our worldwide locations or from one of our Full-Service Distributors. The field engineers are experienced both on Woodward products as well as on much of the non-Woodward equipment with which our products interface.

  • Page 24: Technical Assistance

    Flex500 Digital Engine Control Technical Assistance If you need to contact technical assistance, you will need to provide the following information. Please write it down here before contacting the Engine OEM, the Packager, a Woodward Business Partner, or the Woodward factory: General...

  • Page 25: Revision History

    Released Manual 35238 Flex500 Digital Engine Control Revision History Revision – • New manual Woodward...
  • Page 26 Released Manual 35238 Flex500 Digital Engine Control THIS PAGE INTENTIONALLY LEFT BLANK Woodward...
  • Page 27 Released Manual 35238 Flex500 Digital Engine Control THIS PAGE INTENTIONALLY LEFT BLANK Woodward...
  • Page 28 Email and Website—www.woodward.com Woodward has company-owned plants, subsidiaries, and branches, as well as authorized distributors and other authorized service and sales facilities throughout the world. Complete address / phone / fax / email information for all locations is available on our website.

Table of Contents

Save PDF