ETOS® Cyber Security Confirmed
A technical security examination proves that MR’s open operating system for intelligent transformers – the first in the world – meets the technical requirements of the BDEW Whitepaper in full.
Security is the top priority in energy supply. This is especially true for the area of cyber security. Therefore, one of the most important aspects in the development of ETOS® was to offer our customers a state-of-the-art solution – from product architecture to support. The fact that we have achieved this has now been confirmed by a technical security examination carried out by an independent information-security consulting firm.
The result: The technical implementation of the tested ETOS System¹ satisfies all requirements of the BDEW/OE Whitepaper 2.0 in full.
A hacker attack on the power grid is an absolute worst-case scenario, and not just for utility companies. Attackers can also target control centers of the power grid in order to, for example, carry out unauthorized switching operations. A successful attack on the grid infrastructure could, in the worst case, lead to a supply disruption.
In order to protect ETOS®, our open operating system for intelligent transformers, against hacker attacks from day one, we took IT security into consideration right at the start, in the design phase. The secure development process, secure product architecture, our support services, our involvement in standardization and committee work, and the final rounds of audits ensure the greatest possible security for our customers (operators and manufacturers).
With ETOS®, we have achieved 100% compliance with the applicable regulation – the BDEW Whitepaper 2.0. This was accomplished thanks to the following features:
- Pre-configured, integrated firewall
Availability through network segmentation and reduction of the attack surface
- TLS 1.2 encryption
Validation of authenticity, communication integrity and confidentiality (RSA and ECC)
- Security log for saving security-related changes
Login, logout, value and setting changes, import, export, configuration changes, event acknowledgement, etc.
- "Role-Based Access Control (RBAC)"
Integrity and confidentiality of the data on the device
Need-to-know principle and separation of duties
- Password management
Password complexity and secure password storage
- Defense in depth
Hardened and rugged operating system (VxWorks 5)
Interface control (ability to deactivate hardware interfaces that are not needed)
- Integrity of firmware, software and data
Each ISM® firmware release is signed using cryptographic methods and checked for integrity during installation. This ensures that only released software versions can be used as protection against manipulation.
- Standards compatibility
Various (inter)national norms and standards are consulted during the development of security functions and with regard to device protection including IEC62443, IEC 62351, BDEW Whitepaper, IEEE 1686, OWASP, BSI TR 02102 and FIPS-PUB 180-4.
- Explicit customer interface for IT security
Product security management by the CERT team
Proactive vulnerability management
Recommendations and support in regard to IT security questions
¹ ETOS® ISM, the core component of every ETOS® system, was tested. Since this is secure, the entire ETOS system is secure.
Cybersecurity @ MR
At MR, the subject of cybersecurity is taken into consideration for all components and is implemented right from the start. To this end, MR consistently focuses on producing a high level of product security, continuously optimizes its processes with regard to security, and maintains a comprehensive risk-management system. A dedicated cyber-security emergency response team (CERT) at MR is the central point of contact for all questions relating to IT security. The MR specialists advise customers and are involved in the development of new products from the outset. Among other things, they determine which standards and guidelines must be observed for a specific project.