• Micro Motion 1600 signed firmware (refer to Upgrade the transmitter firmware)
• Write protect physical lock switch (refer to Configure security for the display)
Mitigation strategies
Any device in the field is prone to a physical attack, which must be mitigated by physical security controls.
If a device can access the worldwide internet, then it can be discoverable by malicious actors. As a result,
field devices must be in a dedicated and actively-managed network. If an input or an output is described as
insecure, it means that it is unencrypted (available in clear text) and does not have access control capabilities
(for example there is no way to tell who is communicating with the transmitter).
The following are inputs and outputs of the device that can be utilized for the Micro Motion 1600 device.
Note
If a protocol is licensed, you must call support to have it disabled. If a protocol is not licensed, it is disabled.
(Refer to View the licensed features (optional)).
• Local Operator Interface (LOI) – four-character passcode (refer to Configure security for the display)
• USB service port – disable option (refer to Enable or disable the service port)
• For the inputs and outputs available on this transmitter with different channels, refer to Rules for channel
combinations.
• Both HART and RS-485 Modbus are inherently insecure protocols. As a result, Emerson recommends using
these protocols while the transmitter is within a physically secure environment, according to a company's
security policy.
The physical write protect switch controls all the interfaces. The physical write protect (dip) switch is located
behind the display. More information can be found in Security and write protection.
Security defense-in-depth measures
The device is not intended to be directly connected to an enterprise or to an internet-facing network without a
compensating control in place. Do not connect the device without mitigation measures in place.
1.3.2 Security hardening guidelines
Product integration
The device has optional applications for configuration and data viewing. When such applications are used,
they must run on devices that are configured according to the security policy of the company using the device.
Defense-in-depth strategy
This transmitter device has been developed using secure coding principals and procedures, including threat
modeling and security specific testing. It has several interfaces developed using the Secure Development
Lifecycle (SDL), according to IEC 62443-4-1, which is the recognized standard for the oil and gas, and
manufacturing industries.
Configuring the device
There are multiple ways to configure the Micro Motion 1600 device securely including:
Issue:
Local display allows the user a default passcode that is known publicly. Anyone in physical proximity
to the device could log into it.
Resolution: Change the passcode upon the first use and do not share passcodes.
Before you begin Configuration and Use Manual
May2024 MS-00809-0200-1600
8 Emerson.com
To Next Page
Loading...
