The next step is to begin to implement or start to adapt your security policy to your OT network. Here is where all of the cross-roads start to come together; the balancing of the business needs, security/liability risk, and cost.


arc-model





The model above is a simplified adaptation of the ARC security lifecycle model. We have simplified the 5 step model of (Secure, Defend, Contain, Monitor, and Manage) into “Where to Start”, “Network Infrastructure” (Vertical Security), and “Industrial Cyber Security” (Horizontal Security).

Network Infrastructure (Vertical Security) – This is where the majority of customers are today. Some have started here in their journey, while others have evolved here by first establishing a security policy. Regardless, here is where the “vertical security” policies are implemented – this is typically focused on Authentication, Access Control, & Firewall Filtering.

Business Needs - People and Process

  • Who & what applications are allowed to access to the network?
    This will serve as a guide to how vertical security controls are implemented (Firewall, ACLs, VLANs, etc.)

  • Is Operational uptime compromised by implementing OT security?

  • What systems and assets can be accessed vs which ones should be isolated?
    This will help determine what level of network segmentation should be used based on the particular asset and generally how critical it is to the business.

  • Who should have access to your systems (internal employees and 3rd parties?
    Helps determine the appropriate authentication and access control capabilities required to properly restrict authorized access.

  • If you are providing an OEM solution to your customer, how do you align to their security policy?
    This is a commonly overlooked security area, however, this poses a very large liability risk to the OEM who has deployed a solution into their customer’s network. If your customer’s network is compromised, what is your liability?

Security / Liability Risk Tolerance

By far the most common threat against the network directly involves attacking weakness in user/device/application authentication. Taking steps to strengthen policies and procedures around authentication will go a long way in making your network a less vulnerable target. Low hanging fruit includes: increasing password strength, frequency of password updates, policies around the number of failed attempts, centralized authentication, and two-factor authentication.


  • To what extent do I segment my network to try and reduce how easily attacks can spread?

  • If you are providing an OEM solution to your customer, what is your liability if a security breach happens through your OEM solution?

  • What is the impact to operational uptime and employee safety if and when there is a major breach in security?

  • Will you implement centralized authentication?


← Where to Start? Industrial Cybersecurity →

Featured Products



Wireless A/P & Clients



Managed Switches



Routers & Gateways


Fill out the form below for Product Questions, Live Demo Requests, Free Trial Requests, or General Network Security Questions.