Skip to content
SUBNET Solutions Inc.

Password management and password rotations for ICS devices

Passwords changed automatically after every manual user interaction and/or periodically.

About PowerSystem Center

PowerSystem Center (PSC) is a multi-function IED management platform that enables critical infrastructure asset owners to securely and centrally manage their large install base of many different intelligent electronic devices (meters, relays, RTUs, etc) deployed throughout their entire transmission and distribution system.

Core Platform Capabilities

  • NERC CIP Intermediate System for IED Access Control
  • Unified Relay Event File Collection and Archiving
  • Unified Asset Monitoring
  • Unified Data Historian Interfaces

Key Benefits

  • Ensure compliance with regulatory requirements
  • Integrate all devices, regardless of manufacturer or model
  • Eliminate human performance issues and errors
  • Protect your existing device investment

Used by dozens of the largest T&D companies in the US, PSC provides a central source of truth for all your devices with automated baseline monitoring, remote access control, and automatic scheduled password changes.

Who it serves

Built for Protection Engineers and OT Security at DSOs and TSOs. No more digging through spreadsheets or calling for the latest relay login. No more default passwords left after commissioning.

Problem in the field

Passwords on relays, RTUs, and gateways shouldn't slow you down or raise risk. Protection Engineers always need to look up passwords, or Security personnel must change all default passwords.

How PSC helps

PSC brokers access so users never see device credentials. Sessions use your directory and MFA. When work ends, PSC logs into the device, changes the password, and updates its secure vault. If no one touches a device, PSC still rotates on cadence. The record shows who did what, when, where, and why. It covers mixed fleets in one place. PSC handles serial paths and low bandwidth with safe retries and resume. High-risk actions use approvals and dual control. Rollback is ready if a step fails.

Policy and templates

Policy lives in templates. Define complexity and rotation rules once for a device class or substation. Apply at scale without rewriting SOPs. Exceptions are clear: defaults detected, overdue rotations, unreachable assets. Export evidence by site or time window.

Mixed vendor support

Vendor tools manage only their own gear. PSC ties access, rotation, and proof across your whole fleet.

Evidence and control

Every change comes with clean evidence. The record shows who did what, when, where, and why.

Frequently asked questions

How often are passwords rotated?

PSC supports both event-driven and scheduled rotation. Passwords can change after every user session, on a fixed schedule (daily, weekly, monthly), or based on risk factors. You set the policy per device class or individual device based on criticality and operational needs.

What if a device is unreachable?

PSC tracks devices that miss rotation schedules due to network issues or maintenance. These devices are flagged as exceptions with clear status indicators. Once connectivity is restored, PSC automatically attempts the overdue rotation and logs the delay for audit purposes.

Can you detect default passwords?

Yes, PSC can scan for common default passwords during discovery and commissioning. Devices with default credentials are immediately flagged for mandatory password changes. The system maintains a database of known defaults for major vendor equipment.

How are password policies enforced?

Password complexity rules are defined in templates that specify length, character requirements, and forbidden patterns. PSC generates compliant passwords and validates them against device-specific requirements. Policy violations are blocked with clear error messages.

What happens if password rotation fails?

Failed rotations trigger alerts and are logged for investigation. PSC retains the previous working password as a fallback. The system can retry with exponential backoff or escalate to manual intervention while maintaining access continuity for authorized users.

Meets the practices you need to show: IEC 62443 account and session control, NIS2 access governance and logging, and NIST SP 800-82 record-keeping tied to assets and users.

Related solutions

JIT access

Zero standing accounts

Combine time-bound access with automatic password rotation for maximum security

Learn more →

Asset discovery

90% less manual work

Apply password policies consistently across your complete device inventory

Learn more →

Remote firmware

70% faster updates

Coordinate password changes with firmware update maintenance windows

Learn more →

Ready to automate password management?

Start with one critical substation and eliminate manual password tracking forever.

Start with one critical substation