Learning Goal: To understand the key network architecture decisions that affect cyber risk.
Dale Peterson provides the second lecture with 45 minutes on ICS Security Architecture. Along with Marty's: Know Your ICS lecture, this provides the basics so we are all on the same page moving forward. It is aimed at the engineer or operations professional new to cybersecurity. That said, I think there are a few gems in the specific stories even if you know all about security perimeters, remotes access and other basics.
Questions to consider and comment on:
1) What are some examples of common ICS communication you would not want to allow through your Enterprise / ICS security perimeter? And what would you do if your ICS application requires a large number of ports allowed through the security perimeter?
2) How many DMZ's should you have for your Enterprise / ICS security perimeter, and what is the purpose for each DMZ?
3) What remote access to you allow to your ICS? How many people from what organizations? How often?
4) If you say the security perimeter between the enterprise/corporate network and the ICS is your first or primary security perimeter, where would you put your second security perimeter?
*Strategic Pull Quote: "We are not in this game to see who can deploy and maintain the most security controls, our goal is to manage risk to a level appropriate to the company."*
*KEY QUESTION:* Are there security controls you have in place today or see widely recommended that have lead to little or no reduction in cyber risk?