Network Topology and Implementation of SCADA Network
Supervisory Control and Data Acquisition (SCADA) system allow an operator at a master facility to supervise and manage processes that get located among various remote spots (Rodrigues &Pendse, 2011). By properly designing SCADA system, you will save time and money by eradicating the need for service employee to visit each site to inspect, collect/log data or to make changes.
When designing ICS deployment network architecture, it is recommended that the ICS network should get separated from the corporate network. The reason is that the nature of network traffic on both networks differs: Internet access, e-mail, FTP and remote access gets permitted on the corporate network but not on the ICS network. It is very risky when the two networks are connected, and therefore there is a need for a firewall and a DMZ (A DMZ is a separate network segment connecting directly to the firewall). Network firewalls are devices that control the network traffic flow between networks while employing differing security techniques (Savulescu, 2009). Servers having the data from ICS that needs to get retrieved from the corporate network get added this network portion. ICS networks and corporate networks can also get segregated to improve cyber security by use of different architectures. Dual-homed computers also known as Dual-Network Interface Cards (NIC) can pass traffic from across networks. A computer with minimum security controls may pose more threats. In an attempt to avoid this, only firewalls should get configured as dual-homed to extend the control and corporate networks.
A single security device, technology or resolution may not completely protect an ICS. I feel that the network design offers an advantage especially when firewalls from two unique manufacturers get used. It will also allow the control group as well as the IT group to gain separate device responsibility because each can control a firewall on its own if the decision occurs within the organization. The greatest disadvantage with the two-firewall architecture is that it involves high cost and high management complexity (Knapp, Langill&InSamani,2015).
Knapp, E., Langill, J. T., & In Samani, R. (2015). Industrial network security: Securing critical infrastructure networks for Smart Grid, SCADA, and other industrial control systems.
Rodrigues, A., &Pendse, R. (2011). SCADA security device: Design and implementation.
Savulescu, S. C. (2009). Real-time stability assessment in modern power system control centers. Hoboken, N.J: John Wiley & Sons.