Security is the top priority in energy supply. This is especially true for the area of cyber security. That is why this was one of the most important aspects in the development of ETOS®. We offer a state-of-the-art solution – from the product architecture to support.
At MR, the subject of cybersecurity is taken into consideration for all components and implemented right from the start. To this end, MR consistently focuses on producing a high level of product security, continuously optimizes its processes with regard to security, and maintains a comprehensive risk management system.
- Pre-configured, integrated firewall in accordance with IEC 62443
Availability through network segmentation and reduction of the attack area
- SSL/TLS (HTTPS) encryption (256-bit) in accordance with BSI TR 02102
Validation of authenticity, integrity and confidentiality of the communication (RSA and ECC in accordance with NIST)
- Security log for saving security-related changes
Login, logout, changing values and settings, import, export, configuration changes, event acknowledgement, etc.
- "Role-Based Access Control (RBAC)" role-based user management in accordance with IEC 62351
Integrity and confidentiality of the data on the device
Need-to-know-principle and separation of duties
- Password management in accordance with NERC-CIP
Encrypted password storage in accordance with FIPS-PUB 180-4
- Defense in depth
Hardened and rugged operating system (VxWorks 5)
Interface control (Ability to deactivate hardware interfaces that are not necessary)
Communication switch (Forwarding communication, redundancy (RSTP, PRP))
- Integrity of firmware, software and data
Each version of the ISM® firmware is created using cryptographic methods and checked for integrity during installation. This ensures that only released software versions can be used as protection against manipulation
General IT security recommendations for using our products
- Ensure that only authorized individuals have access to the device
- Use the device exclusively within an electronic security perimeter (ESP). Do not use an unprotected Internet connection with the device. Use mechanisms for vertical and horizontal network segmentation and firewalls at the transitions
- Ensure that the device is operated exclusively by trained personnel who are conscious of IT security
A dedicated cybersecurity emergency response team (CERT) at MR is the central point of contact for all questions relating to IT security.