html{display:none} SEL Security Support | Schweitzer Engineering Laboratories

SEL Security Support

Security Updates for SEL Products

Security updates are disclosed to customers in three ways:

  • Through a Service Bulletin for high-risk vulnerabilities.
  • Through a revision to Appendix A of the affected product’s instruction manual for other vulnerabilities. Instruction manuals can be downloaded from the SEL website. Manuals can be sorted by date posted to aid in determining the products that were changed since your last review.
  • Through an addition to the Latest Software Versions page on the SEL website for software products.

All changes that address security vulnerabilities are marked with a [Cybersecurity] tag. Other improvements to cybersecurity functionality are marked with a [Cybersecurity Enhancement] tag.

Monthly Security Vulnerability Notifications

End users of SEL products can sign up to receive an emailed summary at the end of each month listing all cybersecurity product changes that month, including all security service bulletins and any product revisions marked as [Cybersecurity] or [Cybersecurity Enhancement].

Note: To receive email security vulnerability notifications, you must have a corporate email account whose domain is recognized by SEL as an end-user customer. If you would also like vulnerability notification emails sent to a designated corporate mailbox, please send a request to security@selinc.com.

Software and Firmware Updates

When you receive a software update from SEL, it will be digitally signed so you can verify that it has not been altered or tampered with.

Verify an SEL software download.

We provide firmware tools that you can use to view the latest firmware version for your products, check the integrity of a device’s firmware, and verify the integrity of new firmware files.

Verify firmware version and integrity.

SEL Vulnerability Disclosure Policy

Our Commitment

Since our founding in Pullman, Washington, in 1982, SEL has conducted business following a strong set of core values—quality, customer focus, discipline, communication, integrity, creativity, community, ownership, and dignity of work. We have applied these values in everything we do, including product and supply chain security, which has been a top SEL priority for more than 35 years.

Our goal will always be to invent, design, and build secure products to safeguard critical infrastructure. When a vulnerability is found, rapidly assessing risk, and informing customers is central to maintaining the trust we have worked decades to earn. SEL does not manufacture products with any form of undocumented authentication bypass mechanism or undisclosed communication channel.

Because the life span of an SEL product is often measured in decades, and because it protects or controls critical infrastructure in a constantly shifting threat environment—we understand our responsibility and the need for constant vigilance. We also understand that patch application in operational technology environments is often costly to our customers. Our pledge is to always act with urgency and transparency throughout the disclosure and remediation process and minimize risk at every turn.

We reveal sufficient information about a vulnerability to enable our customers to accurately assess and mitigate risk without unnecessarily disclosing sensitive information likely to empower an adversary. We will never knowingly disclose vulnerabilities in a way that tips the scale in favor of a potential attacker, and we will always provide a disclosure to customers in advance of any other dissemination.

How We Assess Vulnerabilities

The SEL Product Security Incident Response Team (PSIRT) assesses every report of a security issue with SEL products, whether those reports come from within SEL as a function of our continuous improvement processes or from an external reporter. The PSIRT, with executive leadership support, considers several factors to evaluate the risk a vulnerability poses, and calibrate the urgency of, and resources devoted to, remediation, including:

  • Type of access required to exploit it (i.e., physical, network, privileged, etc.).
  • Complexity of an attack.
  • Need for user interaction.
  • Impact on core product functionality.
  • Likelihood of active exploitation.
  • Presence in multiple products.

How We Disclose Vulnerabilities

Vulnerabilities are disclosed to customers in three ways:

  • Through a Service Bulletin for high-risk vulnerabilities
  • Through a revision to Appendix A of the affected product’s instruction manual for other vulnerabilities
  • Through an addition to the Latest Software Versions page on the SEL website for software products.

SEL responds immediately to any significant vulnerability affecting an SEL product that is likely to be actively exploited. We will rapidly provide mitigation guidance followed by any necessary patches or upgrades.

System and Product Certifications

SEL’s quality, safety, information security, and environmental management systems are certified to internationally recognized standards by the British Standards Institution (BSI) and the American Association for Laboratory Accreditation (A2LA).

Learn more about SEL system and product certifications.

Security Related Questions

Please submit your question regarding the security of SEL products or services.

Literature

Documents sorted by newest first.

Literature

Publications

Drawings