Group Purchasing
Group Purchasing

Designing a Defensible ICS Network: How to Achieve Context-Aware Microsegmentation

Designing a Defensible ICS Network: How to Achieve Context-Aware Microsegmentation (PDF, 1.49MB)Last updated: 08 Jun, 2026
Presented by:
Jose Avila Gomez
Jose Avila Gomez

Network segmentation is a core requirement of a defensible ICS architecture, yet many OT networks remain flat or rely on segmentation approaches that are difficult to deploy and sustain. This session focuses on SANS Critical Control 2 (Defensible Architecture) and Critical Control 3 (ICS Network Visibility and Monitoring), presenting a practical crawl, walk, run approach to segmentation in industrial environments. Attendees will learn how segmentation can evolve from no segmentation, to macrosegmentation using zones and conduits, and finally to OT-appropriate microsegmentation. Each stage of the journey highlights the technical and operational components required, including network visibility, asset context, and policy enforcement points. Rather than relying on endpoint authentication or 802.1X, the presentation demonstrates how context-aware segmentation uses network visibility and device attributes, such as type, role, location, and communication patterns to classify PLCs, HMIs, and other unmanaged devices, enabling enforceable microsegmentation policies without impacting operations.

SANS ICS Security Summit 2026