Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

We Value Your Feedback!
Could you please spare a few minutes to share your thoughts on Cloud Connected vs On-Premise Services. Your feedback can help us shape the future of services.
Learn more about the survey or Click here to Launch the survey
Schneider Electric Services Innovation Team!

[Imported] Cybersecurity Standard

EcoStruxure Geo SCADA Expert Forum

Schneider Electric support forum about installation, configuration, integration and troubleshooting of EcoStruxure Geo SCADA Expert (ClearSCADA, ViewX, WebX).

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • Remote Operations
  • EcoStruxure Geo SCADA Expert Forum
  • [Imported] Cybersecurity Standard
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
sbeadle
Kirk sbeadle Kirk
307
AndrewScott
Admiral AndrewScott
96
BevanWeiss
Spock BevanWeiss
90
AdamWoodlandToo
Lt. Commander AdamWoodlandToo
37
View All
Related Products
product field
Schneider Electric
EcoStruxure™ Geo SCADA Expert

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to EcoStruxure Geo SCADA Expert Forum
Solved
sbeadle
Kirk sbeadle Kirk
Kirk

Posted: ‎2019-11-06 12:26 PM . Last Modified: ‎2023-05-03 12:27 AM

0 Likes
1
1369
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2019-11-06 12:26 PM . Last Modified: ‎2023-05-03 12:27 AM

[Imported] Cybersecurity Standard

>>Message imported from previous forum - Category:ClearSCADA Software<<
User: brcgomezle, originally posted: 2019-02-15 21:45:38 Id:368
Hi everybody,

Does ClearScada complies with any kind of cybersecurity industrial standard? Is it protected by itself against a cyberattack? If it is, which standard follows?

Thanks

Labels
  • Labels:
  • SCADA
Reply

Link copied. Please paste this link to share this article on your social media post.

  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
sbeadle
Kirk sbeadle Kirk
Kirk

Posted: ‎2019-11-06 12:26 PM

0 Likes
0
1367
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2019-11-06 12:26 PM

>>Responses imported from previous forum


Reply From User: adamwoodland, posted: 2019-02-17 23:21:44
Note that https://www.schneider-electric.com/en/work/support/cybersecurity/overview.jsp is the public Schneider portal for cyber security. I am not part of the product/development team so my following comments should take that into consideration...

Do you mean standards for the product, for a system or for hardening of the environment?

For the product I believe all Schneider development teams follow the SDL. I haven't specifically looked recently but I don't believe any software has Achilles or ISASecure certification. Some Schneider development teams are certified by ISASecure but last I checked none of the Telemetry teams all.

For the system, ClearSCADA can be part of a system that is implemented for standards such as ISA62443 but these standards are much more than just ClearSCADA. Schneider Electric have some white papers on how various components available can fit together to meet relevant security levels and the extra components required (NIDS, NIPS, AD, etc).

For the hardening we in delivery have implemented some systems using CIS-CAT requirements, but with a couple of exceptions to ensure availability is the focus rather than confidentiality.


Reply From User: brcgomezle, posted: 2019-02-18 12:48:34
Hi Adam,

Thanks for your reply.

I was looking for standards for the product.

Those white papers that you mention are available?

Thank you.


Reply From User: adamwoodland, posted: 2019-02-19 00:13:27
https://www.schneider-electric.com/en/download/document/998-20186845/ was the one I was thinking about. Just mentally replace the word Citect with ClearSCADA in that document 🙂

As a technical person I'm not a massive fan of white papers, I generally find them vague, unhelpful and only a glorified sales document for a specific product. This one is much better (although a disclaimer: I did provide some input to Dan prior to release so opinion may be biased) but it still is general in its advice and indicative of what is needed.

The whole point of 62443 is doing a risk assessment and implementing what is relevant to your system.

It may be worth you getting a hold of the official 62443 standard if you're keen for more information, although each section costs some money. For an overview check out 62443-1-1, for actual technical implementation check out 62443-3-2 and -3-3, and if you know ISO27001 then 62443-2-1 will be interesting. They used to have the working drafts on the ISA website but it looks like they took those down, else you could have just read those for free.


Reply From User: sbeadle, posted: 2019-02-19 14:39:02
Thanks Adam. That white paper refers to SCADA generally, and 'Citect' only appears in tiny writing on the diagrams. It all applies, and is a good document.

Standards for software products are not worth the paper or memory they are written in/on unless the system is secured in a holistic way.

There are 3 key pointers here:
1) ClearSCADA, like the other software applications created by SE, is developed using the Secure Development Life Cycle, which is considered best practice. This standard governs how software is designed, created, tested and managed. While not available externally, it is a confluence of global norms which is kept up to date through training, procedures etc.
2) ClearSCADA has features which enable integrators and users to create a secured system, and the system must include operating system, networking, procedures for security etc. Consult the documentation and Resoirce Center for more details.
3) We know that customers have implemented ClearSCADA within their environments and met the needs of their security auditors and testers.

 

Reply From User: adamwoodland, posted: 2019-02-19 22:07:18
Steve, I thought Microsoft developed SDL, at least in concept? If so https://www.microsoft.com/en-us/securityengineering/sdl/ could be a good general reference?

See Answer In Context

Reply

Link copied. Please paste this link to share this article on your social media post.

Reply 1
sbeadle
Kirk sbeadle Kirk
Kirk

Posted: ‎2019-11-06 12:26 PM

0 Likes
0
1368
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2019-11-06 12:26 PM

>>Responses imported from previous forum


Reply From User: adamwoodland, posted: 2019-02-17 23:21:44
Note that https://www.schneider-electric.com/en/work/support/cybersecurity/overview.jsp is the public Schneider portal for cyber security. I am not part of the product/development team so my following comments should take that into consideration...

Do you mean standards for the product, for a system or for hardening of the environment?

For the product I believe all Schneider development teams follow the SDL. I haven't specifically looked recently but I don't believe any software has Achilles or ISASecure certification. Some Schneider development teams are certified by ISASecure but last I checked none of the Telemetry teams all.

For the system, ClearSCADA can be part of a system that is implemented for standards such as ISA62443 but these standards are much more than just ClearSCADA. Schneider Electric have some white papers on how various components available can fit together to meet relevant security levels and the extra components required (NIDS, NIPS, AD, etc).

For the hardening we in delivery have implemented some systems using CIS-CAT requirements, but with a couple of exceptions to ensure availability is the focus rather than confidentiality.


Reply From User: brcgomezle, posted: 2019-02-18 12:48:34
Hi Adam,

Thanks for your reply.

I was looking for standards for the product.

Those white papers that you mention are available?

Thank you.


Reply From User: adamwoodland, posted: 2019-02-19 00:13:27
https://www.schneider-electric.com/en/download/document/998-20186845/ was the one I was thinking about. Just mentally replace the word Citect with ClearSCADA in that document 🙂

As a technical person I'm not a massive fan of white papers, I generally find them vague, unhelpful and only a glorified sales document for a specific product. This one is much better (although a disclaimer: I did provide some input to Dan prior to release so opinion may be biased) but it still is general in its advice and indicative of what is needed.

The whole point of 62443 is doing a risk assessment and implementing what is relevant to your system.

It may be worth you getting a hold of the official 62443 standard if you're keen for more information, although each section costs some money. For an overview check out 62443-1-1, for actual technical implementation check out 62443-3-2 and -3-3, and if you know ISO27001 then 62443-2-1 will be interesting. They used to have the working drafts on the ISA website but it looks like they took those down, else you could have just read those for free.


Reply From User: sbeadle, posted: 2019-02-19 14:39:02
Thanks Adam. That white paper refers to SCADA generally, and 'Citect' only appears in tiny writing on the diagrams. It all applies, and is a good document.

Standards for software products are not worth the paper or memory they are written in/on unless the system is secured in a holistic way.

There are 3 key pointers here:
1) ClearSCADA, like the other software applications created by SE, is developed using the Secure Development Life Cycle, which is considered best practice. This standard governs how software is designed, created, tested and managed. While not available externally, it is a confluence of global norms which is kept up to date through training, procedures etc.
2) ClearSCADA has features which enable integrators and users to create a secured system, and the system must include operating system, networking, procedures for security etc. Consult the documentation and Resoirce Center for more details.
3) We know that customers have implemented ClearSCADA within their environments and met the needs of their security auditors and testers.

 

Reply From User: adamwoodland, posted: 2019-02-19 22:07:18
Steve, I thought Microsoft developed SDL, at least in concept? If so https://www.microsoft.com/en-us/securityengineering/sdl/ could be a good general reference?

Reply

Link copied. Please paste this link to share this article on your social media post.

Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of