The central maintenance systems are covered in our series of security architecture documents. They are written in a way that leave a number of implementation options to the system or network administrators. In this webinar, we will continue to go through some of these options, like backup and logging implementation, and try to see if the requirements can already mention a decision.
The Purdue Model defines different levels for different types of systems. IEC 62443 provides guidance for defining zones and conduits based on the notion of security levels. We can use this to define that the IT systems should be separated from the OT systems, and that the OT zones and conduits need to provide capabilities to a certain level. However, is this enough to define if a SCADA server can be in the same zone with a dispatch workstation, or if the same SCADA frontend can communicate with both internal and external RTUs? In the webinar, we will analyze this question and look into a possible extended approach.
ENCS members can download the invitations for the architecture program webinars here.