The process of network segmentation and segregation involves building and socializing strict security access controls between manufacturing systems (shopfloor) and enterprise network, with minimal impact to business/production operations. Traditionally, manufacturing systems were based on specialized hardware or software that used proprietary network communication protocols. Fast forward to today, this has evolved to be a security risk as there is open and direct connectivity between the shopfloor and enterprise networks.
The best practice to address this risk is to implement the Defense-In-Depth Strategy, which has been inherited from the International Society of Automation’s (ISA) Purdue Model of Computer Integrated Manufacturing. Segmenting the shopfloor network from the enterprise network will not only isolate it from direct communication, but also minimize the enterprise network to be compromised. It is recommended to have an information sharing layer between the enterprise (IT) and shopfloor (OT) networks, where shared resources can be placed for isolated communication.
Sanjit is a sedulous cybersecurity professional with over a decade worth of experience working in information security technology, models, and processes. He is the core member of the IT Security Architecture team at Kennametal (India), with the responsibility to review, design, and deliver security solutions across the enterprise. Kennametal is an American metal-manufacturing supplier of advanced tooling and industrial material innovation for more than 75 years.
Previously as a Senior IT Security Systems Administrator, Sanjit has worked across major cybersecurity operational domains ranging from network firewall and remote access administration, incident response, vulnerability management, and identity and access management.
Sanjit holds a Postgraduate Degree in Computer Science (MTech CS) from Manipal University and a Bachelor’s Degree in Electronics & Communications Engineering (BE E&C) from Anna University
Share this Best Practice