EATON Green Motion AC Chargers Secure Configuration User Guide

Green Motion AC Chargers Secure Configuration

Eaton Cybersecurity Center of Excellence Cybersecurity Recommendations
Eaton Green Motion AC chargers
Secure configuration guidelines

Documentation to securely deploy and configure Eaton products

Eaton Green Motion AC EV chargers have been designed with cybersecurity as an important consideration. A number of features are offered in the product to address cybersecurity risks. These Cybersecurity recommendations provide information to help users to deploy and maintain the product in a manner that minimizes the cybersecurity risks. These Cybersecurity recommendations are not intended to provide a comprehensive guide to cybersecurity, but rather to complement customers’ existing cybersecurity programs.
Eaton is committed to minimizing the cybersecurity risk in its products and deploying cybersecurity best practices in its products and solutions, making them more secure, reliable and competitive for customers.
The following whitepapers are available for more information on general cybersecurity best practices and guidelines:
Cybersecurity Considerations for Electrical Distribution Systems (WP152002EN):
http://www.eaton.com/ecm/groups/public/@pub/@eaton/@corp/documents/content/pct_1603172.pdf
Cybersecurity Best Practices Checklist Reminder (WP910003EN):
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity /white-papers/WP910003EN.pdf
Cybersecurity Best Practices for Modern Vehicles – NHTSA
https://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf

manager or third-party backend connected product. Applicable to end customer. Deployed at customer premises on parking places, private or publicly accessible, to allow charging of EVs, authentication, billing, etc.
Asset Management| Keeping track of software and hardware assets in your environment is a pre-requisite for effectively managing
cybersecurity. Eaton recommends that you maintain an asset inventory that uniquely identifies each important component. To facilitate this, Eaton Green Motion Building supports the following identifying information:
SW release for Green Motion AC Home:
• APP: 108x
• OS: 2.3.1-AC-PROD
• MACH: cm3 or cm4
• MPB: 831
• Version date 25.05.2022 or newer
The information above can be accessed on the configuration Webpage or via the communication protocol OCPP “SystemInformation”.
Risk Assessment| Eaton recommends conducting a risk assessment to identify and assess reasonably foreseeable internal and external risks to the confidentiality, availability and integrity of the Eaton Green Motion Building and its environment. This exercise should be conducted in accordance with applicable technical and regulatory frameworks such as IEC 62443 and NERC-CIP. The risk assessment should be repeated periodically.
Physical Security| An attacker with unauthorized physical access can cause serious disruption to system/device functionality. Additionally, Industrial Control Protocols do not offer cryptographic protections, making ICS and SCADA communications especially vulnerable to threats to their confidentiality. Physical security is an important layer of defense in such cases. Eaton Green Motion Building is designed to be deployed and operated in a physically secure location. Following are some best practices that Eaton recommends to physically secure your system/device:
• Secure the facility and equipment rooms or closets with access control mechanisms such as locks, entry card readers, guards, man traps, CCTV, etc. as appropriate.
• Restrict physical access to cabinets and/or enclosures containing Eaton Green Motion Building.
• Physical access to the telecommunication lines and network cabling should be restricted to protect against attempts to intercept or sabotage communications. It is a best practice to use metal conduits for the network cabling running between equipment cabinets.
• Eaton Green Motion Building supports the following physical access ports: Serial Port, Ethernet, Modbus, CAN bus. Access to these ports should be restricted.
• Do not connect removable media (e.g., USB devices, SD cards, etc.) for any operation (e.g., firmware upgrade, configuration change, or boot application change) unless the origin of the media is known and trusted.
• Before connecting any portable device through a USB port or SD card slot, scan the device for malware and viruses.
Time Synchronization| Many operations in power grids and IT networks heavily depend on precise timing information. Ensure the system clock is synchronized with an authoritative time source (using manual configuration, NTP, SNTP, or
IEEE 1588).
Time synchronization will occur automatically once the device get access to NTP.
Network Security| Eaton Green Motion Building supports network communication with other devices in the environment. This
capability can present risks if it’s not configured securely. Following are Eaton recommended best practices to
help secure the network. Additional information about various network protection strategies is available in Eaton Cybersecurity Considerations for Electrical Distribution Systems [R1]. Eaton recommends segmentation of networks into logical enclaves, denying traffic between segments except that which is specifically allowed, and restricting communication to host-to-host paths (for example, using router ACLs
and firewall rules). This helps to protect sensitive information and critical services and creates additional barriers in the event of a network perimeter breach. At a minimum, a utility Industrial Control Systems network should be segmented into a three-tiered architecture (as recommended by NIST SP 800-82[R3]) for better security control. Communication Protection: Eaton Green Motion Building provides encryption of its network communications.
This encryption is always activated and there is no need to configure it.
• Secure protocol usage HTTPS
• TLS/SSL configuration by default
• Secure cipher suites TLS 1.2 by default
Eaton recommends opening only those ports that are required for operations and protect the network
communication using network protection systems like firewalls and intrusion detection systems / intrusion
prevention systems. Use the information below to configure your firewall rules to allow access needed for
Eaton Green Motion Building to operate smoothly
• TCP port 53 shall be open to allow DNS
• TCP port 80 shall be open for HTTP (Nginx, webpage)
• TCP port 8082 shall be open to allow TCP/UDP
• TCP port 5355 shall be open to allow LLMNR (TCP/UDP)
• TCP port 67 shall be open to allow DHCP server
• TCP port 443 shall be open to allow OCPP connection with CPO backend
4G modem connected through serial USB to CPU, use point-to-point protocol (ppp). It is recommended to use.
4G IoT SIM cards which support below security features to provide internet connectivity between the charging station and server.
Recommended Security features
• To use a private Access Point Name (APN) while installing Green Motion Building and commissioning the Charging network manager.
• To utilize 4G SIM service providers that provide an option to encrypt the data communications using either a Virtual private network (VPN) or IPSec protections to enable Universal integrated circuit card (UICC) pin to prevent unauthorized access to network.
Logging and Event Management| • Eaton recommends logging all relevant system and application events, including all administrative and
maintenance activities.
• Logs should be protected from tampering and other risks to their integrity (for example, by restricting permissions to access and modify logs, transmitting logs to a security information and event management system, etc.).
• Ensure that logs are retained for a reasonable and appropriate length of time.
• Review the logs regularly. The frequency of review should be reasonable, taking into account the sensitivity and criticality of the system | device and any data it processes.
• Logs are available from Eaton Charging network manager, for further details, please see technical documentation or contact your local support team.
Malware Defenses| Eaton recommends deploying adequate malware defenses to protect the product or the platforms used to run the Eaton product.
Secure Maintenance| The device includes SSH remote connection to allow a service engineer with help from site administrator to trouble shoot the device functionality. This connection allows service engineer to perform following tasks. The SSH port is disabled by default and shall only be enabled if strictly necessary.
• Open TCP port 22 to allow the SSH connection to be established when the service engineer requests it. Instructions will be provided by Eaton field service engineer how to enable SSH.
• The Eaton field service engineer will then be able to log into the system using a maintenance account to perform the requested support activities.
• Once the maintenance is over, the service engineer will log off the device and ask to disable the SSH port.
ote: N Enabling of TCP port 22 is provided for diagnostic purposes only and shall not be left enabled.
Best Practices Update device firmware prior to putting the device into production. Thereafter, apply firmware updates and software patches regularly. Eaton publishes patches and updates for its products to protect them against vulnerabilities that are discovered. Eaton encourages customers to maintain a consistent process to promptly monitor for and install new firmware updates.
• Firmware updates shall be managed and installed exclusively through the Eaton Charging Network Manager, which ensures that you are using trusted firmware files.
• For offline devices the following process must be followed:
1. Connect through serial
2. Enable Webserver
3. Login to Webserver (to be implemented)
4. Select firmware GM package and press upload
5. The device download the package and check the signature
6. Once signature verified, shell script update the firmware on the machine
• Local webserver can also be used to update firmware securely. The package is verified before any update with the Eaton secure key.
Sensitive Information Disclosure| Eaton recommends that sensitive information (i.e. connectivity, log data, personal information) that may be stored by Eaton Green Motion Home or Building be adequately protected through the deployment of organizational security practices.
Potential sensitive information stored in the chargers are the RFID serial of the last user of the charging station.
Decommissioning or Zeroization| It is a best practice to purge data before disposing of any device containing data. Guidelines for decommissioning are provided in NIST SP 800-88. Eaton recommends that products containing embedded flash memory be securely destroyed to ensure data is unrecoverable.

• Figure and data from NIST SP800-88
  The charging station will be recycled following process ISO9001.
  Embedded Flash Memory on Boards and Devices
  Eaton recommends the following methods for disposing of motherboards, peripheral cards such as network adapters, or any other adapter containing non-volatile flash memory.
  Clear: Reset the state to original factory settings by pressing and maintaining the reset button for at least 5 seconds.
  Refer to technical documentation for more details.
  Purge: The flash memory cannot be easily identified and removed from the board. For this reason, Eaton recommends to destroy the whole computing board.
  Destroy: Shred, disintegrate, pulverize, or Incinerate by burning the device in a licensed incinerator.

References

[R1] Cybersecurity Considerations for Electrical Distribution Systems (WP152002EN):
http://www.eaton.com/ecm/groups/public/@pub/@eaton/@corp/documents/content/pct_1603172.pdf
[R2] Cybersecurity Best Practices Checklist Reminder (WP910003EN):
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity /white-papers/WP910003EN.pdf
[R3] NIST SP 800-82 Rev 2, Guide to Industrial Control Systems (ICS) Security, May 2015:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
[R4] National Institute of Technology (NIST) Interagency “Guidelines on Firewalls and Firewall Policy, NIST Special Publication 800-41”, October 2009:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-41r1.pdf
[R5] NIST SP 800-88, Guidelines for Media Sanitization, September 2006:
http://ws680.nist.gov/publication/get_pdf.cfm?pub_id=50819
[R6] Cybersecurity Best Practices for Modern Vehicles – NHTSA
https://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf
[R7] A Summary of Cybersecurity Best Practices – Homeland Security
https://www.hsdl.org/?view&did=806518
[R8] Characterization of Potential Security Threats in Modern Automobiles – NHTSA
https://www.nhtsa.gov/DOT/NHTSA/NVS/Crash%20Avoidance/Technical%20Publications/2014/812074_Characterization_PotentialThreatsAutos(1).pdf
[R9] Threat Modeling for Automotive Security Analysis
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-41r1.pdf

Eaton Industries Manufacturing GmbH
Place de la Gare 2
1345 Le Lieu, Switzerland
© 2022 Eaton
All Rights Reserved
Publication No. MZ191002EN
July 2022
Eaton is a registered trademark.
All other trademarks are property of their respective owners.
Follow us on social media to get the latest product and support information.

References

• ws680.nist.gov/publication/get_pdf.cfm?pub_id=50819
• hsdl.org/?view&did=806518

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>