Issue Security risk Mitigation strategies
User accounts
Default account settings
are oftenthe source of
unauthorized access by
malicious users.
If you do not change the
default password,
unauthorized access can
occur.
Change the default password of 0
(zero) to help reduce unauthorized
access. See "Changing the default
password" on page 34.
Secure protocols
ION, Modbus, DNP, DLMS,
IEC 61850 and some IT
protocols are unsecure.
The device does not have
the capability to transmit
data encrypted using these
protocols.
If a malicious user gained
access to your network,
they could intercept
communications.
For transmitting data over an internal
network, physically or logically
segment the network.
For transmitting data over an
external network, encrypt protocol
transmissions over all external
connections using an encrypted
tunnel, TLS wrapper, or Secure ION.
See "System defense-in-depth
assumptions" on page 27.
Disable unused protocols
Self-signed certificates
Factory shipped meters
include a self-signed SSL
certificate.
An SSL certificate is
required to use webpages
over HTTPS and Secure
ION (ION over TLS).
Self-signed certificates
can't be validated. An
attacker with access to the
network could pose as the
device to obtain credentials
sent over the TLStunnel.
Use a Certificate Authority (CA)
signed SSL certificate and external
network controls.
Configure
This section contains detailed information on the following tasks:
•
"Meter security configuration" on page 33 in a protected environment
•
"Disabling and enabling protocols and changing port numbers" on page 43
•
"Verifying the meter security settings" on page 44
•
"Applying security settings to multiple meters" on page 45
This section also includes the following reference information:
•
"Default meter security settings" on page 47
•
"Advanced security mode" on page 48
9810 series - User manual Cybersecurity
7EN05-0390-08 32
To Next Page
Loading...
