Webinar: Central maintenance system architectures and extending current zoning approaches


During this webinar, ENCS will present ongoing work on the following topics:

  • Central maintenance system architectures to support the ENCS security requirements – The central maintenance systems are covered in our series of security architecture documents. They are written in a way that leave a number of implementation options to the system or network administrators. In this webinar, we will go through some of these options and try to see if the requirements can already mention a decision. For instance, should user management for access control be centralized in one server for OT, or should there be different servers for different scopes?

  • Extending the Purdue Model and IEC 62443 approaches on zoning – The Purdue Model defines different levels for different types of systems. IEC 62443 provides guidance for defining zones and conduits based on the notion of security levels. We can use this to define that the IT systems should be separated from the OT systems, and that the OT zones and conduits need to provide capabilities to a certain level. However, is this enough to define if a SCADA server can be in the same zone with a dispatch workstation, or if the same SCADA frontend can communicate with both internal and external RTUs? In the webinar, we will analyze this question and look into a possible extended approach.

The discussion will include and welcome any feedback from our members.