Schneider Electric EIO0000004948_00 Harmony HMI-iPC Installation Guide
- June 9, 2024
- Schneider Electric
Table of Contents
- EIO0000004948_00 Harmony HMI-iPC
- Safety Information
- About This Manual
- Introduction
- Product Defense-in-depth
- Defense-in-depth Measures Expected in User Environment
- Secure Deployment
- Secure Account Management
- Secure Maintenance
- Secure Decommissioning
- Secure Disposal
- Security Notification
- Vulnerability Reporting
- References
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
Harmony HMI/iPC
Cybersecurity Guide
EIO0000004948_00
12/2022
EIO0000004948_00 Harmony HMI-iPC
Legal Information
The Schneider Electric brand and any trademarks of Schneider Electric SE and
its subsidiaries referred to in this guide are the property of Schneider
Electric SE or its subsidiaries. All other brands may be trademarks of their
respective owners.
This guide and its content are protected under applicable copyright laws and
furnished for informational use only. No part of this guide may be reproduced
or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), for any purpose, without the prior
written permission of Schneider Electric.
Schneider Electric does not grant any right or license for commercial use of
the guide or its content, except for a non-exclusive and personal license to
consult it on an “as is” basis. Schneider Electric products and equipment
should be installed, operated, serviced, and maintained only by qualified
personnel.
As standards, specifications, and designs change from time to time,
information contained in this guide may be subject to change without notice.
To the extent permitted by applicable law, no responsibility or liability is
assumed by Schneider Electric and its subsidiaries for any errors or omissions
in the informational content of this material or consequences arising out of
or resulting from the use of the information contained herein.
As part of a group of responsible, inclusive companies, we are updating our
communications that contain non-inclusive terminology. Until we complete this
process, however, our content may still contain standardized industry terms
that may be deemed inappropriate by our customers.
Safety Information
Important Information
Read these instructions carefully, and look at the equipment to become
familiar with the device before trying to install, operate, service, or
maintain it. The following special messages may appear throughout this
documentation or on the equipment to warn of potential hazards or to call
attention to information that clarifies or simplifies a procedure.
The addition of this symbol to a “Danger” or “Warning” safety label indicates
that an electrical hazard exists which will result in personal injury if the
instructions are not followed.
This is the safety alert symbol. It is used to alert you to potential personal
injury hazards. Obey all safety messages that follow this symbol to avoid
possible injury or death.
DANGER
DANGER indicates a hazardous situation which, if not avoided, will result
in death or serious injury.
WARNING
WARNING indicates a hazardous situation which, if not avoided, could
result in death or serious injury.
CAUTION
CAUTION indicates a hazardous situation which, if not avoided, could
result in minor or moderate injury.
NOTICE
NOTICE is used to address practices not related to physical injury.
Please Note
Electrical equipment should be installed, operated, serviced, and maintained
only by qualified personnel. No responsibility is assumed by Schneider
Electric for any consequences arising out of the use of this material.
A qualified person is one who has skills and knowledge related to the
construction and operation of electrical equipment and its installation, and
has received safety training to recognize and avoid the hazards involved.
About This Manual
Document Scope
The Cybersecurity Guide defines the elements that help you configure a system
that is less susceptible to cyber attacks.
NOTE: The term security is used throughout this document in reference to
cybersecurity topics.
Validity Note
This documentation is valid for Harmony Human Machine Interface (HMI) and
industrial PC (iPC) products.
The technical characteristics of the devices described in the present document
also appear online. To access the information online, go to the Schneider
Electric home page
www.se.com/ww/en/download/.
The characteristics that are described in the present document should be the
same as those characteristics that appear online. In line with our policy of
constant improvement, we may revise content over time to improve clarity and
accuracy. If you see a difference between the document and online information,
use the online information as your reference.
Registered Trademarks
Microsoft® and Windows® are registered trademarks of Microsoft Corporation in
the United States and/or other countries.
Product names used in this manual may be the registered trademarks owned by
the respective proprietors.
Related Documents
You can download the technical publications and other technical information from our website. www.se.com
Introduction
Cybersecurity is intended to help, protect your communication network and all
equipment connected to it from attacks, that could disrupt operations
(availability), modify information (integrity), or give away confidential
information (confidentiality). The objective of cybersecurity is to provide
increased levels of protection for information and physical assets from theft,
corruption, misuse, or accidents while maintaining access for their intended
users. There are many aspects to cybersecurity including designing secure
systems, restricting access using physical and digital methods, identifying
users, as well as implementing security procedures and best practice policies.
This section provides information on how and help to secure your system from a
malicious cyber-attack.
For essential cybersecurity best practices, refer to Schneider Electric’s
Recommended Cybersecurity Best Practices.
https://www.se.com/en/download/document/7EN52-0390/
WARNING
POTENTIAL COMPROMISE OF SYSTEM AVAILABILITY, INTEGRITY, AND
CONFIDENTIALITY
- Change default passwords at first use to help prevent unauthorized access to device settings, controls and information.
- Disable unused ports/services and default accounts, where possible, to minimize pathways for malicious attacks.
- Place networked devices behind multiple layers of cyber defenses (such as firewalls, network segmentation, and network intrusion detection and protection).
- Apply the latest updates and hotfixes to your Operating System and software.
- Use cybersecurity best practices (for example: least privilege, separation of duties) to help prevent unauthorized exposure, loss, modification of data and logs, interruption of services, or unintended operation.
Failure to follow these instructions can result in death, serious injury, or equipment damage.
Product Defense-in-depth
Secure Development Lifecycle
Schneider Electric use a Secure Development Lifecycle (SDL) process, a key product development-based framework that helps ensure products follow secure design processes across all lifecycle stages. The Schneider Electric SDL process complies with IEC 62443-4.1.
Security Features Provided
For the cybersecurity features provided by the Schneider Electric product, refer to the user manual. The features provide security capabilities which contribute towards protecting the product from potential security threats.
Defense-in-depth Measures Expected in User Environment
Defense-in-depth Approach
Schneider Electric recommends a defense-in-depth approach to cybersecurity for its customers. Defense-in-depth is a hybrid, multi-layered security strategy that provides holistic security throughout an industrial enterprise. The following are recommendations for a defense-in-depth approach to cybersecurity.
Cybersecurity Policy
Formulating a security plan, policies and procedures that cover risk assessment, risk mitigation and methods to recover from disaster. Developing an available and up-to-date guidance on governing the use of information and technology assets in your company.
Network Separation
Separating the industrial automation and control system from other networks by creating Demilitarized Zones (DMZ) to protect the industrial system from enterprise network requests and messages.
Perimeter Security
Using firewalls, authentication, authorizations, VPN (IPsec) and antivirus software to prevent unauthorized access. Installed devices, and devices that are not in service, are to be in an access-controlled or monitored location.
Network Segmentation
Containment of a potential security breach to the only affected segment by using switches and VLANs to divide the network into sub-networks and by restricting traffic between segments. This helps contain malware impact to one network segment; thus limiting damage to the entire network.
Device Hardening
Password management, user profile definition and deactivation of unused services to strengthen security on devices. Controls against malware – detection, prevention and recovery controls to help protect against malware are implemented and combined with appropriate user awareness.
Security Practices for Removable Devices
When using removable devices such as external hard drives or USB drives, refer to the following recommended actions to protect against unauthorized access and unintended disclosure of data.
- Scan any devices used to exchange data before using them in any node connected to the network.
- Encrypt your files.
- Use password protection.
- Do not store sensitive data in removable media, or if you need to store sensitive data in removable media, manage it properly in a secure location.
Monitoring and Update
Surveillance of operator activity and network communications. Regular updates of software and firmware.
Secure Deployment
Network
Improve security of networked devices by using multiple layers of cyber
defense (such as firewalls, network segmentation, and network intrusion
detection and protection). Disable unused ports/services and default accounts
to help minimize pathways for malicious attackers.
To reduce the security risks associated with networks, follow these
guidelines:
- Use firewalls and other security devices or settings to limit access to the host network, based on your security risk assessment.
- When using a firewall: Restrict communication to the expected ports, as per your network configuration. Only open those ports that are necessary for network communication.
- When using network switches: Close or disable unused network ports to prevent unauthorized connection of network nodes or other devices.
Patching
Be sure that all Windows updates and hotfixes, especially Windows security updates are regularly applied on the operating system.
Allow listing
Zero-day cybersecurity attacks take place before a software vendor is aware of
a cybersecurity exploit. Meaning that neither software, nor anti-virus
programs have been created or updated to protect against the zero-day threat
or attack.
Application allow listing is recommended to protect against zero-day attacks.
This specifies an index of approved software applications and processes that
are permitted to be present and active on the operating system.
Secure Account Management
User Access
Cybersecurity policies that govern user accounts and access, such as least privilege and separation of duties, vary from site to site. Work with the facility IT System Administrator to ensure that user access adheres to the site-specific cybersecurity policies.
Account Management
Windows-based products require the sign-in password to be set in order to
reduce the risks of unauthorized access, intrusion and infection of malicious
software.
NOTE: In order to build and operate a secure system, we strongly
recommend that you use a different authority account in each phase as follows.
Phase | Account type (authority) |
---|---|
System development | Administrator |
Operation | Standard user |
Maintenance | Administrator |
Use the product in an environment that takes into account the above items to reduce security risks.
Secure Maintenance
Software Update
Maintain up-to-date version of any software related to the product, such as
security updates, drivers, utilities, configuration tools.
For the latest version of the software we provide, refer to the following URL.
www.se.com
Network Monitoring
When using a firewall:
-
Periodically monitor the firewall to ensure the configuration has not been changed, and that the firewall status does not indicate communication has occurred on unexpected ports.
-
Only open those ports that are necessary for network communication.
When using network switches: -
Periodically monitor the switch to ensure the configuration has not been changed, and that the switch status does not indicate communication has occurred on unexpected ports.
Monitoring Operating System
Install operating system patches and anti-virus software updates on the
product, as they are released.
Periodically monitor the Windows accounts available on the product to ensure
that only the necessary personnel can log on to the product, with the
appropriate level of access. Remove inactive or unnecessary user accounts.
Review the Windows System Events Log to monitor logon and logoff activity, and
to detect attempted unauthorized activity.
Periodically review user accounts and their roles and privileges to ensure
compliance with your organization’s policy.
Maintaining Current Backups
The most effective way to recover from a malware attack, unauthorized access
or unintended data exposure is backing up your systems and data regularly and
store it in a secure, separate, non-shared location.
Back up all critical resources off the network and keep a copy in a secure,
tamperproof, or offline environment.
Secure Decommissioning
Before decommissioning the product, review the following recommended actions to decommission it in a protected environment:
- Ensure all important data from the product is saved before performing a reset.
- Document disposal actions according to your company’s policies and standards to keep a record of activities.
- Wipe the device before decommissioning it to help prevent potential disclosure of data.
- Follow decommission and sanitization tasks as described by your organization or contact your network administrator.
Secure Disposal
Follow device removal tasks described by your organization or contact your
network administrator to determine a responsible method of disposal.
Dispose the device according to the legislation of the country.
Security Notification
Product security notification posted can be viewed via the following URL.
https://www.se.com/ww/en/work/support/cybersecurity/security-
notifications.jsp
Vulnerability Reporting
Cybersecurity incidents and potential vulnerabilities can be reported via the following URL. https://www.se.com/ww/en/work/support/cybersecurity/report-a-vulnerability.jsp
Schneider Electric
35 rue Joseph Monier 92500 Rueil Malmaison France
+ 33 (0) 1 41 29 70 00
www.se.com
As standards, specifications, and design change from time to time, please ask
for confirmation of the information given in this publication.
© 2022 Schneider Electric. All rights reserved.
EIO0000004948_00
References
- Recommended Cybersecurity Best Practices | Schneider Electric
- Report a cybersecurity vulnerability | Schneider Electric Global
- Security notifications | Schneider Electric Global
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>