Network security for supervisory control and data acquisition (SCADA) systems, is increasingly important and ever evolving due to the need for secure and reliable control systems.
There is continuous growth, and the management of network-connected devices and the expansion of Server-Client networks can be difficult and cumbersome. To properly secure networks, a multistage process is needed incorporating risk assessment, planning, design, implementation, and maintenance for a comprehensive defense-in-depth strategy.
A critical aspect of defense-in-depth is the overall network system architecture and the network segmentation plan. A properly planned and executed network architecture and segmentation strategy lays the foundation for security and simplifies expansion and maintenance of the network.
There are industry-accepted methods for industrial control system (ICS) network architecture and segmentation strategies that can be applied to SCADA systems.
Industry-standard techniques, based on recently published standards and network design guides, are used to create a layered network architecture approach to security, including the use of logical subnets and virtual local-area networks (VLANs) for segmentation.
The advantage of this approach is simpler configuration of network security appliances and simpler management and expansion of the network, leading to increased network availability and a reduction in threat risk.
credits: irfa khan