•
General:
o Has the system (including all equipment and interconnections) been
reviewed for vulnerability / susceptibility weakness appropriate to the
environment in which it is used?
o Has a plan been drawn up to ensure that the findings of this analysis are
implemented and maintained?
•
Configuration:
o Is configuration of equipment suitably protected?
o Are only the services & features which are necessary enabled?
o Is encryption used where privacy is required?
o Is authentication used where trust is required?
o Are firewalls in place to ensure traffic only flows as expected?
•
Maintenance:
o Is there a plan and means to apply security fixes to firmware used in all
elements of the system?
o Are secrets (e.g. passwords, encryption / authentication keys) held
securely?
o Is there a plan and means to update secrets as required (e.g. password
update & strength)?
•
Disposal:
o Is equipment which is replaced or no longer required disposed of in a
way which does not compromise the system (e.g. through leakage of
secrets, configuration, etc.)?
Note that this consideration applies to all types of networks including those
considered "private". Often "private" networks will have external connections to
some services and may also have some internal threats. These need to be
identified and considered in order to ensure that the system is secure.
Connection
When connecting to systems other than Stratos it is important to set the network
configuration before connecting the controller to a network using the Ethernet port
on the CPU card. This is because the CPU card may be a spare which has been
configured for and used on another controller site. It could therefore contain network
configuration which would interfere with the site currently being installed.
The network can be configured in the following ways:
• using the Status and Configuration → System → Comms → DSL / Fibre web
page
• using the WIZ command
Full details on how to configure then network interface can be found in the ST950
User Interface Handbook 667/HU/46000/000.
7.4.8
Setting the Date and Time
There are two clocks within the system:
•
System - used for non controller applications
Security classification
Version
Last Editor
Document Name
Copyright © Siemens plc 2020. All Rights Reserved.
Unrestricted
7
manpreet.jeerh
ST950 ICM Handbook
Mobility, Intelligent Traffic Systems
Sopers Lane, Poole, Dorset, BH17 7ER
Page
Status
Date
Document No.
Mobility is a division of Siemens Plc
108 of 154
Issued
January 2020
667/HE/45950/000