Skip to content
SUBNET Solutions Inc.

Automatically Always Know Your Passwords

Password management and password rotations for ICS devices

Always know that passwords were changed. Always know that changes succeeded. Always know that defaults are gone.

Passwords changed automatically after every manual user interaction and/or periodically.

About PowerSYSTEM Center

PowerSYSTEM Center is a multi-function IED management platform that enables critical infrastructure asset owners to securely and centrally manage their large install base of many different intelligent electronic devices (meters, relays, RTUs, etc) deployed throughout their entire transmission and distribution system.

Core Platform Capabilities

  • NERC CIP Intermediate System for IED Access Control
  • Unified Relay Event File Collection and Archiving
  • Unified Asset Monitoring
  • Unified Data Historian Interfaces

Key Benefits

  • Ensure compliance with regulatory requirements
  • Integrate all devices, regardless of manufacturer or model
  • Eliminate human performance issues and errors
  • Protect your existing device investment

Used by dozens of the largest T&D companies in the US, PowerSYSTEM Center provides a central source of truth for all your devices with automated baseline monitoring, remote access control, and automatic scheduled password changes.

Who it serves

Built for Protection Engineers and OT Security at DSOs and TSOs. Replace spreadsheet lookups with instant, secure access. Eliminate default passwords automatically after commissioning.

Problem in the field

Passwords on relays, RTUs, and gateways shouldn't slow you down or raise risk. Protection Engineers always need to look up passwords, or Security personnel must change all default passwords.

How PowerSYSTEM Center helps

PowerSYSTEM Center brokers access so users never see device credentials. Sessions use your directory and MFA. When work ends, PowerSYSTEM Center logs into the device, changes the password, and updates its secure vault. If no one touches a device, PowerSYSTEM Center still rotates on cadence. PowerSYSTEM Center automatically navigates through multiple layers of security and network devices to reach target IEDs and change passwords, including serial paths and low-bandwidth links, with safe retries and resume. No additional substation hardware is required: PowerSYSTEM Center leverages your existing IT infrastructure. High-risk actions use approvals and dual control. Rollback is ready if a step fails.

Policy and templates

Policy lives in templates. Define password rules per device type with granular control over length, special characters, numbers, and letter requirements, instead of a one-size-fits-all approach. Set rotation schedules by device class or individual device based on criticality. Apply at scale without rewriting SOPs. Exceptions are clear: defaults detected, overdue rotations, unreachable assets. Export evidence by site or time window.

Mixed vendor support

Vendor tools manage only their own gear. PowerSYSTEM Center ties access, rotation, and proof across your whole fleet.

Evidence and control

Comprehensive out-of-the-box reporting supports your next NERC CIP audit. Standard reports include password change history, IED access and unauthorized access attempts, and permission audit reporting. Every change is recorded with who did what, when, where, and why.

Frequently asked questions

How often are passwords rotated?

PowerSYSTEM Center supports both event-driven and scheduled rotation. Passwords can change after every user session, on a fixed schedule (daily, weekly, monthly), or based on risk factors. You set the policy per device class or individual device based on criticality and operational needs.

What if a device is unreachable?

PowerSYSTEM Center tracks devices that miss rotation schedules due to network issues or maintenance. These devices are flagged as exceptions with clear status indicators. Once connectivity is restored, PowerSYSTEM Center automatically attempts the overdue rotation and logs the delay for audit purposes.

Can you detect default passwords?

Yes, PowerSYSTEM Center can scan for common default passwords during discovery and commissioning. Devices with default credentials are immediately flagged for mandatory password changes. The system maintains a database of known defaults for major vendor equipment.

How are password policies enforced?

Password complexity rules are defined in templates that specify length, character requirements, and forbidden patterns. PowerSYSTEM Center generates compliant passwords and validates them against device-specific requirements. Policy violations are blocked with clear error messages.

What happens if password rotation fails?

Failed rotations trigger alerts and are logged for investigation. PowerSYSTEM Center retains the previous working password as a fallback. The system can retry with exponential backoff or escalate to manual intervention while maintaining access continuity for authorized users.

Meets the practices you need to show: IEC 62443 account and session control, NIS2 access governance and logging, and NIST SP 800-82 record-keeping tied to assets and users.

Related solutions

JIT access

Zero standing accounts

Combine time-bound access with automatic password rotation for maximum security

Learn more →

Asset discovery

Automated inventory

Apply password policies consistently across your complete device inventory

Learn more →

Remote firmware

70% faster updates

Coordinate password changes with firmware update maintenance windows

Learn more →

Ready to automate password management?

Start with one critical substation and eliminate manual password tracking forever.

Start with one critical substation