Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Enclaves > Enclaves - Pg. 26

26 CHAPTER 2 About Industrial Networks FIGURE 2.8 Routable and Non-routable Areas within an Industrial Control System. routable LAN. 19 A "critical cyber asset," again as defined by NERC, is a cyber asset whose operation can impact the bulk energy system. 20 In this book the broader definition of "asset" is used, in order to extend (as much as possible) cyber security to the non-routable devices such as PLCs and RTUs, which have been proven to be both targetable and vulnerable to cyber attack during the 2010 outbreak of Stuxnet (see "examples of Industrial Network Incidents" in Chapter 3, "Introduction to Industrial Network Security." Enclaves An "enclave" is a convenient term for defining a closed group of assets, simi- lar to the functional "zone and conduit" model supported by ISA-99, 21 that is, the devices, applications, and users that should be interacting with each other legiti- mately in order to function, as illustrated in Figure 2.9. One example is a control loop: an HMI interfaces with a PLC which interacts with sensors, motors, valves, etc. to perform a specific control function. The "enclave" here includes all devices within the control loop including the PLC and HMI, and ideally the authorized users allowed to use the HMI. Nothing outside of this group should be interacting with anything inside of this group.