Supplying critical infrastructure poses many challenges, especially when integrating complex SCADA systems towards business systems that have different requirements. There are many challenges in connecting safe and secure IT networks. To succeed, network segmentation is essential.
Why is network segmentation required?
Many businesses have an IT architecture based on systems designed during a politically stable era. Frequently the architecture has grown over the years while getting current information on e.g. electricity consumption, ordering 24/7 services or teleworking has become standard. The result is that SCADA systems, business systems and the web are interconnected. Therefore, it is difficult to know how many paths lead to critical information. Only when dedicated tests are carried out through a risk and safety analysis all loopholes can be detected.
To safeguard critical information, strict network segmentation must be applied, combining physical separation with logical separation.
Where is physical separation vital?
Critical information requires physical separation. Simply put, an isolated island is created without connection to the outside world. This minimizes the risk area – the attacker has to sit at the computer containing the critical information.
Where is logical separation appropriate?
Everywhere besides when protecting critical information. Office networks should use logical separation. Different parts of the business create their own zones – finance, marketing, sales, customer service, etc. – each with different authority. As a co-worker, you access only what you need to do your job, i.e. relevant documents, not the entire folder structure.
Look at information security from a new angle
The need to strictly ensure integrity and confidentiality between networks is imperative in meeting external and internal requirements placed on information and production security.
Companies need to look at information security from a completely new, future-proof angle. Reducing the risk of human error is extremely important, as is taking advantage of automated information flows.
Automated information flows
You need to create information flows that take into account security, data leakage, tampering and intrusions without compromising on using the most appropriate and simplest information paths based on risk assessment.
Read more about Network segmentation in our White Paper #14 "Network segmentation - fundamental for information security"
Read more about strategies for protecting Critical Infrastructure in our White Paper Seven strategies for protecting critical infrastructure