We strongly recommend the following industry cybersecurity best practices such as:

• Configure IP Access Control List and restrict connection to the devices *
• Locate control and remote devices behind firewalls, and isolate them from the business network.

• Physical controls should be in place so that no unauthorized person would have access to the ICS, peripheral equipment or the ICS
• All Settings software should be kept in locked cabinets and should have restricted connection to network for the devices that it is intended.

• Laptops that have connected to any other network besides the intended network should never be allowed to connect to the  control networks without proper sanitation.
• Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the any untrusted network.

To minimize network exposure, it is recommended to define strong hardening rules in Network Devices like Disable Unused Services and port, use Least privilege principal, configure Access control list and port filtering, enable log and monitoring functionalities

*To configure Access control List at Device level use the IP filtering features in the SEPAM, ACE850 Advanced Parameters.

發佈於: 施耐德電機Taiwan