January 3, 2024
December 17, 2024
 —  
Blog

How much must I segment my network to follow IEC 62443 guidelines?

How much must I segment my network to follow IEC 62443 guidelines?

One question continually arises in customer discussions: "How much segmentation is enough?”. 

In the IEC 62443 framework, the concept of Zones and Conduits forms the basis of network segmentation. Going from a flat network to a segmented network is a recurring nightmare for OT CIOs/CISOs, as using IT-oriented solutions results in significant downtime, re-architecture, and expense. 

IEC 62443  emphasizes the importance of keeping the zones and conduits consistent with their network architecture to avoid complexity, but the architecture is based on the Purdue model. We see many manufacturing networks today that need to be migrated to the Purdue model, and making that shift is a significant project by itself without even considering internal segmentation.

The process of managing risk is at the core of all cybersecurity decisions, and IEC 62443 defines target security levels that are part of the decision-making process for network segmentation. The standard provides three levels of SLs:

  • Target Security Levels (SL-T): The desired level of security for a particular automation component. These define how much protection the asset owner believes is needed to protect the system, zone, or conduit, particularly considering the known vulnerabilities and cybersecurity posture of the devices in the zone (i.e., does it contain a “forever vulnerability”). 
  • Capability Security Levels (SL-C): The security countermeasures available within a system or component designed to protect the automation component without any additional countermeasures (i.e., can it automatically restrict what systems it is allowed to communicate with)
  • Achieved Security Levels (SL-A): The actual, measured SLs for a particular automation component, generally determined after operation.

In this webinar, we will examine the IEC’s concepts of zones and conduits and outline what makes sense based on the risks for each security level. Delivering the right level of segmentation without a massive disruption to your network has proven to be one of the top items on OT network administrator’s minds going into 2025.

Sign up for our Webinar, "Reducing Risk with IEC 62443’s Network Segmentation," on January 15th at 1 p.m. ET - https://www.linkedin.com/events/reducingriskwithiec62443-snetwo7274762217470709761/

Download Infographic (PDF)
Cam Cullen
Cam Cullen
Chief Marketing Officer
view All Posts
Latest Posts
Network Segmentation
Tales From the Frontline: “My Network is IEC62443 Segmented - I Have No Risk!”
Network Cloaking
Recent Escalation in OT Cybersecurity Threats: Iranian Hackers and New Malware
Network Cloaking
What We Are Thankful for in OT Cybersecurity
OT Secure Remote Access
Is IT the biggest threat to OT?
Authors
No items found.
Tags
No items found.
Follow Us
Subscribe

Our Privacy Policy applies.

<< Previous article in
Network Segmentation
OT Secure Remote Access
Network Cloaking
Network Segmentation
Next article in
Network Segmentation
>>

Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.

Schedule a Demo
Spangdahlem AB becomes first DoD installation to implement BlastWave cyber security solution
In The News
Spangdahlem AB becomes first DoD installation to implement BlastWave cyber security solution
Spangdahlem AB becomes first DoD installation to implement BlastWave cyber security solution
In The News
Spangdahlem AB becomes first DoD installation to implement BlastWave cyber security solution
Tales From the Frontline: “My Network is IEC62443 Segmented - I Have No Risk!”
Blog
Tales From the Frontline: “My Network is IEC62443 Segmented - I Have No Risk!”
Infographic
30 Days to OT Zero Trust Protection
30 Days to OT Zero Trust Protection
Infographic
30 Days to OT Zero Trust Protection
Company

Our Privacy Policy applies.

Privacy Policy | Cookie Policy | © 2024 BlastWave, Inc. All Rights Reserved