Motorola ACE3600 Remote Terminal Unit ENHANCED SECURITY

VERSATILE COMMUNICATIONS CAPABILITIES

You want every opportunity to save money and optimize performance.

The ACE3600 RTU is designed to use a variety of digital and analog interfaces so you are never locked into proprietary solutions.

This flexible communications capability enables the ACE3600 to connect with several local devices,

analyze the data and send that information to various other locations.

Data transmission and processing is supported simultaneously across multiple communication

media and industry standard data protocols including MODBUS, M-OPC, DNP 3 and IEC60870-5-101.

Motorola’s own MDLC data processing protocol is specifically designed to enable more efficient data communication.

Transmit data over your narrowband radio network or utilize a broadband network and realize significant data cost savings.

Furthermore, every RTU in your network can act as a communication node and/or a store and forward data

repeater to extend radio frequency coverage and save you the much higher cost of a dedicated repeater.

ENHANCED SECURITY

Apply the same state-of-the-art security features that Motorola provides for military and critical enterprise

networks to your SCADA systems.

The ACE3600 supports a full range of best-practice security options directly within the RTUs for a self-contained,

autonomously secure system including:

Security Policy Enforcement – Define and install a single, coherent, system-wide set of security configurations in every RTU.

Built-In Firewall – Filter IP communications by port,direction, protocol and IP address.

Access Control – User authentication tools, executed at the RTU or at the system server, verify specific user access

and determine if use is legitimate and allowed.

Role-Based Access Control – The system administrator defines job roles and assigns different permissions so that

each user is authorized to access only the parts of the system required for his or her job.

Intrusion Detection System – While allowing legitimate traffic, the ACE3600 identifies unauthorized access

activities like an attempt to alter an RTU program or drop unauthorized data packets. It blocks these activities, logs

the events and sends a report to the system administrator.

Application Control Software – Also known as “whitelisting,” this software blocks unauthorized

applications and code on PCs and RTUs. ACE3600 firmware protects user programs with this technique, and ACE3600

configuration management tools on PCs are protected with McAfee™ Solidifier.

Encryption – An algorithm makes data readable only by a device with a specific key to decrypt the message. Data

stored within the ACE3600 is also encrypted using a 256 bit AES (Advanced Encryption Standard), meeting FIPS

140-2 Level 1 requirements.

Unused Port Deactivation – Disable communication for any ports that are unused, closing a point of access that

could be exploited by attackers.

Time-Window Commands – When an application generates a command, it assigns a time window; after

the time expires, system components will not execute the command.

This can prevent replicating errors and commands of questionable origin from affecting the network.