Scribd
Upload
78 views

Cybersecurity & Network Segmentation: Security Must Always Come First

What is at risk when security is breached? An information technology (IT) attack could result in the theft of data and could divulge confidential business information.

Uploaded by

onyx
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
78 views

Cybersecurity & Network Segmentation: Security Must Always Come First

What is at risk when security is breached? An information technology (IT) attack could result in the theft of data and could divulge confidential business information.

Uploaded by

onyx
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Cybersecurity

& Network Segmentation


Power/mation’s Industrial Internet Solutions provide products and tools for network segmentation
and cybersecurity for today’s complex industrial control systems (ICS) and SCADA systems. The
implementation of cybersecurity systems reduces the overall attack surface area of your network by
identifying security weaknesses, prioritizing areas for improvement and mitigating immediate risks. Proper
network segmentation provides full network visibility, control and protection.

Security Must Always Come First


What is at risk when security is breached? An information technology (IT) attack could result in the theft of data
and could divulge confidential business information. An operational technology (OT) attack could lead to damage in
the physical world and losing control of equipment or a process. The diagram below shows the order of protection
importance for each network segment, with security being first priority.

Information Technology
Protection Priorities Operational Technology
Security Risks SECURITY Security Risks

CONFIDENTIALITY HIGHER CONTROL


AVAILABILITY
INTEGRITY
LOWER INTEGRITY
AVAILABILITY CONFIDENTIALITY

Cybersecurity Framework Core


ICS
Establish an organizational understanding to manage
cybersecurity risk to systems, assets, data and capabilities. Defense
Architect the appropriate safeguards to ensure delivery
Strategies
of critical infrastructure services. See reverse side for a • Implement application whitelisting
modified Purdue model of secure architecture for ICS.
• Ensure proper configuration and
Implement the intrusion detection and instrusion patch management
protection alert systems to identify the occurrence of a
cybersecurity event. • Reduce surface attack area

• Build a defendable environment


Develop and execute the appropriate activities to take action
regarding a detected cybersecurity event. • Manage authentication

• Monitor and respond


Restore any capabilities, services or data backups that were
impaired due to a cybersecurity event.
• Implement secure remote access
Secure Architecture for
Industrial Control Systems Information
Technology
• Data Risks
• Office PCs
• Email & Web Browsing
• Business Data/ERP

Operational
Technology
• Physical Risks
• Machines
• SCADA
• Process Data/MES

Demilitarized
Zone
A DMZ exposes
external-facing services
to untrusted networks.

Firewalls
• Stateful Firewalls
• IP & Port Filtering
• Bandwidth Throttling
• Deep Packet Inspection

Gateways
• Routers
• Network Transitions
• Firewalls & ACLs

User Access
• User Authentication
• Access Control Lists
• Jump Servers
• Remote Access

Connectivity
& Infrastructure
• Cordsets
• Switches
©2018 Power/mation
R-ALL 0318

You might also like