The idea is to rank networks by the consequences of accidental or deliberate mis-operation. Many authors identify at least three levels of impact: safety-critical, reliability-critical and non-critical. On safety-critical networks, the consequences of mis-operation can be injury, loss of human life, environmental disasters, or in the worst case, environmental catastrophes - think Chernobyl. On reliability-critical networks, the worst-case consequences can be long-term site outages due to extensive damage to physical equipment, or shorter-term outages.
Modern advice for network perimeter security, for example France's ANSSI Cybersecurity for Industrial Control Systems, forbids firewalled connections between the most-critical networks and any less-critical networks, and permits only unidirectional gateways. Firewalls may be appropriate for connecting networks at the same level of criticality - this really amounts to internal segmentation of a high-impact network. Firewalls are flagged as entirely inadequate to protect the most critical networks from less-critical networks.
My chapter 4 talks about why this is, and how to accommodate a variety of common data flows using different configurations of unidirectional gateway technologies.
No comments:
Post a Comment