What is OT/ICS network segmentation?
OT/ICS network segmentation is the process of dividing a network into component parts so administrators can limit access and flows to only required communication.
Core elements of network configuration include:
- Analysis of current and required flows and connections
- Design of hardware and configuration rules to enable least privilege access to each subnet
- Implementation of hardware, software, and configuration rules as designed
- Monitoring of changes to rules to ensure segmentation is sustained over time
OT/ICS network segmentation is challenging for several reasons:
- Often dealing with older networking equipment without modern management functions
- In many cases, there is little asset inventory visibility to know what should be on each subnet
- Networks often have physical wiring or IP-addressing limitations
- Some communications may only be required in infrequent circumstances, but segmentation needs to account for those
- Different OEM vendors require different network standards that must be aligned
Verve’s team of technicians has over 25 years of experience working across different industries and almost every OEM system. Using the Verve Security Center’s asset inventory and flow analysis, we begin with a robust mapping of the current status. We then use our knowledge of the underlying process and OEM systems to design a secure and reliable approach to network segmentation. Finally, we have the hands-on capabilities to implement the hardware, software and rules necessary to deliver on the newly designed network.