Woodward EasYgen-3000XT Series Security Manual
  1. Manuals
  2. Brands
  3. Woodward Manuals
  4. Controller
  5. easYgen-3000XT Series
  6. Security manual
Woodward EasYgen-3000XT Series Security Manual

Woodward EasYgen-3000XT Series Security Manual

Genset control
Hide thumbs Also See for EasYgen-3000XT Series:
Table of Contents

Advertisement

Quick Links

Download this manual
Released
Product Manual 35244
(Revision -, 02/2025)
Original Instructions
EasYgen-3000XT Series Genset Control
Security Manual
Security Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EasYgen-3000XT Series and is the answer not in the manual?

Questions and answers

Related Manuals for Woodward EasYgen-3000XT Series

Summary of Contents for Woodward EasYgen-3000XT Series

  • Page 1 Released Product Manual 35244 (Revision -, 02/2025) Original Instructions EasYgen-3000XT Series Genset Control Security Manual Security Manual...
  • Page 2 Revisions— A bold, black line alongside the text identifies changes in this publication since the last revision. Woodward reserves the right to update any portion of this publication at any time. Information provided by Woodward is believed to be correct and reliable. However, no responsibility is assumed by Woodward unless otherwise expressly undertaken.

  • Page 3: Table Of Contents

    ................... 21 HAPTER ECURITY EFERENCES How are users notified if a security issue has been discovered? ............... 21 How can users ask questions about security or report security issues to Woodward? ......21 6. P ............. 22 HAPTER RODUCT UPPORT AND...
  • Page 4 Figure 1-1. Purdue Model ..........................9 Figure 2-1. Defense in Depth Diagram ....................... 10 Figure 3-1. Potential Attack Vectors ......................19 Table 1-1. CPU Information .......................... 7 Table 1-2. Glossary of Terms and Abbreviations..................7 Table 2-1. Code Levels and Permissions ....................13 Woodward...

  • Page 5: Warnings And Notices

    Be prepared to make an emergency shutdown when starting the engine, turbine, or other type of prime mover, to protect against runaway or overspeed with possible personal injury, loss of life, or property damage. Start-up Woodward...
  • Page 6 Released Manual 35244 easYgen-3000XT Security Manual On- and Off-highway Mobile Applications: Unless Woodward's control functions as the supervisory control, customer should install a system totally independent of the prime mover control system that monitors for supervisory control of engine (and takes appropriate...

  • Page 7: Electrostatic Discharge Awareness

    Do not touch the components or conductors on a printed circuit board with your hands or with conductive devices. To prevent damage to electronic components caused by improper handling, read and observe the precautions in Woodward manual 82715 , Guide for Handling and Protection of Electronic Controls, Printed Circuit Boards, and Modules.

  • Page 8: Regulatory Compliance

    Manuals, Software, and License Keys. Special Condition for Safe Use The easYgen-3000XT Series of Genset Controls were developed without a secure development life cycle process prior to the realization of current cybersecurity standards, and as such, shall not be considered a cybersecure product.

  • Page 9: Purpose

    Series of Genset Controls. The manual covers security configurations, user access information, decommissioning, and security alert reporting and notification. Scope This manual covers the easYgen-3000XT Series of Genset Controls (3100, 3200, 3400, 3500). CPU Information Table 1-1. CPU Information...

  • Page 10: Chapter 2. Industrial Cyber Security Basics

    Following the defense-in-depth guidelines in this manual and configuring the easYgen-3000XT Series Genset Control appropriately will aid in establishing a security hardened system and a stable and secure operating environment.

  • Page 11: Where Does The Easygen-3000Xt Series Exist In An Ot Network

    The easYgen-3000XT Series of Genset Controls lives at level 1 of the Purdue model illustrated in figure 1. Operators at level 2 can communicate with the control. Devices at level 0 are accessed by the control as inputs and outputs.

  • Page 12: Chapter 3. Defense-In-Depth (Did)

    The concept is that if one layer of defense is compromised, additional layers exist to ensure that threats are stopped before the easYgen-3000XT Control is compromised. Woodward DiD recommendations for secure easYgen-3000XT installations include: • Updating default passwords to more secure passwords •...

  • Page 13: Physical Security

    The easYgen-3000XT Series uses Woodward ToolKit to allow users to change settings on the control using a PC. ToolKit can be used to create and run custom administration tools for many Woodward electronic products. ToolKit can be installed via CD or downloaded on a laptop or PC, then connected to the easYgen to configure, calibrate, monitor, and troubleshoot the device over a serial, CAN, or TCP/IP connection.

  • Page 14: User Accounts

    EasYgen controls can also be configured by users using a Windows laptop or PC with Woodward ToolKit installed. This PC can be connected to the control using either the USB (preferred) or Ethernet service ports.
  • Page 15 Commissioner Level but with AC02 Algorithm Code* Algorithm Code* the following exceptions: • The password for this level is not visible. • Access is dismissed afterwards. The Basic Level CL01 CL0001 Access to a limited number of parameters and configurations. Woodward...

  • Page 16: Passwords

    Commissioner Level Resets Password to “CL0005” Reset Default Password – Super (Requires Woodward Sales Support Commissioner Level Partner) Refer to section 4.3.4.1 of Woodward Manuals B37574, B37580, and B37581 for more details on the ToolKit password system for easYgen. Woodward...

  • Page 17: Denial Of Service (Dos) Protection

    USB Interface The USB interface on the easYgen-3000XT Series is a service port used to connect the control to ToolKit. For all other connections besides ToolKit, the USB interface is read-only. Physically protecting the area that the control is installed in can protect the USB port. Preventing unauthorized access to the control and using monitoring and detection strategies can reduce the chance of someone attempting to use the USB port as an attack vector.

  • Page 18: Malware Prevention

    Default Open Ethernet Ports Below is a list of commonly used Ethernet ports on the easYgen-3000XT Series and applications interfacing with external devices. Not all ports listed may be in use for a particular application.

  • Page 19: Monitoring And Detection

    SNTP Feature The easYgen-3000XT Series can be usable as a SNTP (Simple Network Time Protocol) server within the local area network by its own IP address. This feature is set to internal clock by default, which disables SNTP functionality.

  • Page 20: Decommissioning

    This can also result in damage to the control. See Woodward manual 37630 for more information on the easYgen-3000XT update procedure or contact your Woodward sales or support contact for further information.

  • Page 21: Chapter 4. Attack Scenarios

    DoS attacks and keep the easYgen functional, the system should include network appliances to detect intrusion, provide rate limiting, and provide deep packet inspection. These appliances will be external to the easYgen but should be within the same security zone. Woodward...
  • Page 22 Hardening the defense posture of the easYgen by changing default passwords provides an additional layer of security in the case an attacker gains physical access to the control. Woodward...

  • Page 23: Chapter 5. Security References

    The service bulletin will explain the problem and a suggested course of action and will be emailed to all Woodward product distributors and customers who have purchased or downloaded the product directly from Woodward.

  • Page 24: Chapter 6. Product Support And Service Options

    Service Distributor or the OEM or Packager of the equipment system, based on the standard Woodward Product and Service Warranty (Woodward North American Terms and Conditions of Sale 5-09-0690) that is in effect at the time the product is originally shipped from Woodward or a service is performed: •...

  • Page 25: Returning Equipment For Repair

    All repair work carries the standard Woodward service warranty (Woodward North American Terms and Conditions of Sale 5-09-0690) on replaced parts and labor.

  • Page 26: Replacement Parts

    • The unit serial number, which is also on the nameplate Engineering Services Woodward offers various Engineering Services for our products. For these services, you can contact us by telephone, by email, or through the Woodward website. • Technical Support •...

  • Page 27: Technical Assistance

    Security Manual Technical Assistance If you need to contact technical assistance, you will need to provide the following information. Please write it down here before contacting the Engine OEM, the Packager, a Woodward Business Partner, or the Woodward factory: General   ...

  • Page 28: Revision History

    Released Manual 35244 easYgen-3000XT Security Manual Revision History Revision - • New manual Woodward...
  • Page 29 Email and Website—www.woodward.com Woodward has company-owned plants, subsidiaries, and branches, as well as authorized distributors and other authorized service and sales facilities throughout the world. Complete address / phone / fax / email information for all locations is available on our website.

This manual is also suitable for:

Easygen-3100xtEasygen-3200xtEasygen-3400xtEasygen-3500xt

Table of Contents