JUL-AUG 2018

Issue link:

Contents of this Issue


Page 43 of 61

the network as a team. That way both sides have their requirements met (or are at least cognizant of the reasons they cannot be met) and have a stake in the final design. When planning for a project, we usu- ally suggest that the network be physically separated from the enterprise network and have at least a demilitarized zone (DMZ) separating the two networks from each other. There would be two firewalls on ei ther side of the DMZ to control traffic and create a deny-all rule by default, only allowing what is absolutely necessary to pass through networks. Typically, we design it such that the network traffic only flows up from the control network to the DMZ, and if necessary to the enterprise. There are several ways to approach a networking project but having a plan and buy-in from both sides is the best way to begin. n ABOUT THE AUTHOR Josh Glass ( is a network automation engineer for Panacea Technologies, Inc. He is passionate about designing, implementing, and supporting secure network-focused automation proj - ects for the regulated industries. Panacea Technologies, Inc., (http://panaceatech. com) is a member of the Control System In - tegrators Association ( complexity of switch configuration, a net- working expert is required to configure the network based on design requirements. Despite the increased cost of design and network expertise, in our experience there is a considerable cost savings when imple- menting a new network as opposed to the physically separate option. The slight increase in design cost is dwarfed by the decreased hardware cost. The goal when doing a network imple- mentation project for control networks is to ensure that the network has as few attack vectors as possible. The risk is weighed to determine how interconnected the con- trol network will be with the enterprise, leading to a defined network architecture. Risk is also factored in when determining whether to go with a physical or virtual LAN (or potentially a hybrid, as we see on many projects). If the singular goal is total isola- tion of the control network, then physical separation is the clear choice. However, due to expanding enterprises and connected devices, complete control network isola- tion is becoming very difficult to maintain (although we have seen some companies manage large networks in this manner). We have executed several projects that involve nothing more than untangling dis parate networks and implementing a comprehensive network strategy. In cases like these, the ability to create a VLAN to keep network traffic separate becomes cost effective and can be designed in a way that mitigates attack risk. In our experience, we have seen all these strategies employed to create control net- works. It typically boils down to the risk that an organization is willing to accept coupled with past experiences and desired end states. The best advice is to evaluate the risks versus the costs of different network solutions and choose a design philosophy that meets secu- rity requirements without hamstringing your team. For example, to design a new phar- maceutical control system network from a greenfield state, it is beneficial to gather all operation technology (OT) and information technology (IT) personnel together to design I n this ever-evolving world of intercon- nected enterprises, it has never been more important to consider network design when developing new systems or retrofitting legacy systems into the larger enterprise network. Executives need data at their fingertips to make decisions at a mo ment's notice, but sometimes organiza- tions do not consider what they should to ensure the security of the network deliver- ing that data. The goal is to have centralized data while keeping the underlying systems separated in a way that enables defense in depth and avoids widespread attacks echo- ing through the entire enterprise. In our experience, there are two typical approaches to accomplishing these tasks. The first is the simpler, hardware-focused method of isolating networks through physical separation. Companies separate disparate network traffic into separate physical wires. A benefit of this design is that replacing network equipment is very simple and straightforward. Several issues can arise, however, when the number of separate physical networks increases and there is a desire to have them functionally act as one single network. The separate network approach adds unnecessary com- plexity, as computers need connections to multiple networks to enable communica- tion in modern plant landscapes. The physi- cally separate networks can quickly become a large web of interconnected computers, which could let a virus run rampant if not designed properly, as seen in the previous year's attacks. Furthermore, if advanced features of domains are desired, such as a domain name system, most organizations have a hard time resolving all devices with- out statically assigning everything, which can be difficult to maintain. In contrast to the physically separated approach is the use of virtual local area networks (VLANs). This approach consists of using the same physical "wire," but marking the traffic with different identi- fiers to keep the traffic routes separate. Each virtual LAN is defined at the data link layer of the OSI model. Due to the added channel chat | Tips and Strategies for Integrators The importance of network design By Josh Glass 44 INTECH JULY/AUGUST 2018 WWW.ISA.ORG Executives need data at their fingertips to make decisions at a moment's notice, but sometimes organizations do not consider what they should to ensure the security of the network delivering that data.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - JUL-AUG 2018