Ability™ Developer Portal v23.1
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Factory Proxy Prerequisites

# System requirements

Factory Proxy minimum system requirements are as follows:

  • CPU Architecture: x86
  • OS: Ubuntu 20.04
  • Trusted Platform Module (TPM) 2.0 chip
  • RAM: 2GB
  • Storage: 20 GB
  • 1 Dedicated Ethernet Port connected to the Internet

# Network protection

The following network-related security controls should be implemented:

  • Logical protection of the networks used by the proxy.
  • One separate network segment to connect the proxy to the factory, corporate or internet network.
  • Another separate network segment (or serial connections) to the devices produced.

# Physical protection

Apply the principles of defense-in-depth by using multiple security techniques for different layers.

As a first layer the factory should control who can come into the facility considering:

  • Fences, gates and other perimeter controls
  • Onsite security guards
  • Security cameras
  • Visitor logging

As the second layer in the facility the location (room) where the factory proxy is used shall be access controlled allowing authorized personnel only.

As the third layer the factory proxy itself must be physically secured in order to minimize the risk of theft and inappropriate use (cabinet/production station).

Some things to consider for this layer are the following physical security best practices:

  • A cabinet or production station closure that encloses the factory proxy tightly bolted down to a solid base.
  • Access controls such as locks to open the cabinet or closure, the keys for these locks shall be accessible for a limited number of people.

# Procedural protection

For the procedural protection the following things should be considered:

  • Ensure that at all times separation of duties is applied (not a single person who can do it all).
  • If any user login is required to the factory proxy ensure least privileged accounts are used.
  • Periodic update of the factory proxy software must be performed.
  • Periodic review of configured user accounts and privilege levels, remove what is not longer needed.
  • Periodic audits of the event logs analyzing if they are in line with expected activity.
  • Ideally continuous monitoring for anomalous behavior should be done.
Last updated: 9/6/2021, 1:25:50 PM

Factory Proxy Onboarding

Feedback