7EN02-0390-03

Protected environment assumptions

  • Cybersecurity governance – available and up-to-date guidance on governing the use of information and technology assets in your company.

  • Perimeter security – installed devices, and devices that are not in service, are in an access-controlled or monitored location.

  • Emergency power – the control system provides the capability to switch to and from an emergency power supply without affecting the existing security state or a documented degraded mode.

  • Firmware upgrades – meter upgrades are implemented consistently to the current version of firmware.

  • Controls against malware – detection, prevention and recovery controls to help protect against malware are implemented and combined with appropriate user awareness.

  • Physical network segmentation – the control system provides the capability to:

    • Physically segment control system networks from non-control system networks.

    • Physically segment critical control system networks from non-critical control system networks.

  • Logical isolation of critical networks – the control system provides the capability to logically and physically isolate critical control system networks from non-critical control system networks. For example, using VLANs.

  • Independence from non-control system networks – the control system provides network services to control system networks, critical or non-critical, without a connection to non-control system networks.

  • Encrypt protocol transmissions over all external connections using an encrypted tunnel, TLS wrapper or a similar solution.

  • Zone boundary protection – the control system provides the capability to:

    • Manage connections through managed interfaces consisting of appropriate boundary protection devices, such as: proxies, gateways, routers, firewalls and encrypted tunnels.

    • Use an effective architecture, for example, firewalls protecting application gateways residing in a DMZ.

    • Control system boundary protections at any designated alternate processing sites should provide the same levels of protection as that of the primary site, for example, data centers.

  • No public internet connectivity – access from the control system to the internet is not recommended. If a remote site connection is needed, for example, encrypt protocol transmissions.

  • Resource availability and redundancy – ability to break the connections between different network segments or use duplicate devices in response to an incident.

  • Manage communication loads – the control system provides the capability to manage communication loads to mitigate the effects of information flooding types of DoS (Denial of Service) events.

  • Control system backup – available and up-to-date backups for recovery from a control system failure.

QR code for this page

Was this helpful?