SANS 5 ICS Critical Controls for Oil and Natural Energy - Control 2 - Defensible Control System Network Architecture
Nearly 40% of ICS environment compromises come from the IT business network that allows a threat into the ICS environment. So, it’s more important to focus on the ICS perimeter defenses first, followed closely by the additional required segmentation within the ICS network itself. This control involves ICS-aware network architectures that support effective segmentation, visibility of control system traffic for analysis, log collection, asset identification, industrial DMZs, and enforcement for process communication integrity and reliability.
Oil and natural energy consideration—Review perimeter firewall rules that help protect the control system network, for predefined control traffic paths in an oil refinery’s blending and distillation units, with particular attention to external inbound connections and dependencies on external networks for control system operations.
Watch All Parts in This Series:
