Last week’s task identified, and initiated steps to remove, all unauthorized or insecure Internet access to OT. The remaining OT network access will come from your IT networks or business partner networks.
The first step to evaluating the OT electronic security perimeter is to know what it is. This week is about gathering this information. The information is likely to consist of network diagrams and firewall rulesets. You may also have one-way devices, router ACLs, VLANs, edge devices and other methods to establish and control the OT electronic security perimeter.
Identify each device that enforces an OT electronic security perimeter. Then identify all communication allowed through this device’s OT electronic security perimeter.
This task can be more difficult if you are responsible for factories at hundreds of sites. Or it could be easier because this size issue has required you to be more automated and organized.
If you do have a large number of sites, pick three sites to focus on for this and subsequent weeks’ tasks. Choose sites that are similar to many sites and different from each other. They could be manufacturing different products. They could be running ICS from different vendors or ICS brought into the company in different acquisitions. They could be different in size, complexity, or criticality.
It will be impractical to document the allowed communication in this book. Enter the file name and location of the document, spreadsheet, or database.
OT Security Perimeter Device 1
Allowed Communication File Name And Location
OT Security Perimeter Device 2
Allowed Communication File Name And Location
OT Security Perimeter Device 3
Allowed Communication File Name And Location
Subscribe to Dale’s ICS Security: Friday News & Notes email.