Introduction

In the previous chapter you were introduced to the components used to build basic operational technology (OT) network structures. This chapter will build on that basic information to explain how those components are organized to produce secure OT network architecture. This will involve two major topic areas:

• Network segmentation and security zoning
• Wireless security

As indicated previously, the best cybersecurity design for a production plant is to keep the OT and IT networks separated from each other, both logically and physically, and to not provide a path to the OT network from the Internet. This will reduce the risk to the OT network associated with remote attackers gaining access to it through the IT network.

An isolated industrial process control network is normally a relatively safe and secure network environment. Threats are typically limited to natural and human accidents, physical access attacks, and malicious activities associated with disgruntled employees. These networks often have no connection to the Internet, where so many potential threats arise. ...