Tony Turner

Securely Architecting the ICS

Secure by Design


Secure by Design

The topic of Secure by Design encompasses the practice of designing for security as a functional requirement. It embodies a culture of understanding and empowerment in pursuit of designing and implementing more resilient systems.

The role of security architecture assessments in securing the ICS

Article content

  • ICS requires a focus on critical functions and consequence-focused design
  • Physical security is just as important as cybersecurity
  • Include all relevant stakeholders
  • Embrace security architecture assessments as a foundational activity to secure your ICS


In the ever-evolving landscape of cybersecurity, the need for robust security architecture assessments in critical infrastructure and Industrial Control Systems (ICS) has never been more paramount. As a security engineer, I have witnessed firsthand the complexities and unique challenges these systems face. This post delves into the technical nuances of why security architecture assessments are crucial for critical infrastructure and ICS, and how they play a pivotal role in safeguarding our essential services.

The Unique Nature of ICS and Critical Infrastructure

Industrial Control Systems and Operational Technology (OT) are the backbone of critical infrastructure sectors like energy, water, transportation, and manufacturing. These systems were traditionally designed for reliability and safety, often at the expense of security. The digital transformation of IT and OT has exposed these systems to cyber threats that were previously unheard of in the OT environment. And at the heart of all of this, the very bedrock that critical infrastructure stands on, is your core architecture.

Why Security Architecture Assessment is Vital

Cybersecurity Threat Landscape - The threat landscape for ICS has changed dramatically. Adversaries range from financially motivated cybercriminals to nation-state actors. Given the potential for significant disruption, these systems are increasingly attractive targets. A comprehensive security architecture assessment helps in identifying vulnerabilities, assessing risk levels, and understanding the potential impact of these threats. But most importantly, it sets the stage for everything else you will build inside your program.

Legacy Systems and Patch Management - Many ICS environments still run on legacy systems that were not designed with modern cybersecurity threats in mind. These systems may not be regularly patched due to uptime requirements or compatibility issues. An assessment helps in understanding these complexities and developing strategies to mitigate risks associated with legacy systems.

Network Segmentation and Access Control - Proper network segmentation is crucial in minimizing your exposure to adversaries. Security architecture assessments can reveal inadequacies in segmentation and help in designing network zones and conduits such as described in IEC 62443 3-2, that effectively separate IT and OT networks, including east/west traffic. This limits the lateral movement of potential attackers within the network.

Regulatory Compliance and Standards - Industries operating critical infrastructure are often subject to stringent regulatory requirements. Standards like NERC CIP for the energy sector or ISA/IEC 62443 for industrial automation and control systems provide guidelines for cybersecurity. An assessment ensures compliance with these regulations and standards, avoiding potential fines and reputational damage.

Incident Response and Recovery - In the event of a cybersecurity incident, having a well-defined and tested incident response plan is crucial. Security assessments can evaluate the effectiveness of current incident response plans and identify areas for improvement.

Supply Chain Risks - The security of an ICS is not just about the systems within the facility; it's also about the security of the supply chain. An assessment can reveal vulnerabilities in the supply chain and suggest ways to mitigate these risks. This ranges from validating firmware updates to the security of third parties designing, implementing and maintaining your systems.

Physical Security Integration - In many ICS environments, physical security is as important as cybersecurity. After all, gaining physical access is usually “game over”. Assessments can help integrate physical security measures with cybersecurity efforts, providing a holistic security posture.

Methodology of Security Architecture Assessment

Critical Function Mapping - The first step is understanding what is important to your organization and mapping the dependencies for your critical functions. This will shine a spotlight on the most impactful areas in your environment, that will ultimately provide a prioritization map for everything that comes later.

Asset Identification and Network Mapping - The next step is to identify critical assets and create a detailed map of the network. This includes not just the hardware and software but also understanding human and infrastructure dependencies, and critical processes.

Red Team and Security Assessments - Conducting thorough vulnerability assessments and penetration testing to identify weaknesses in the system. Performing Threat Modeling related to your critical functions and identifying the avenues for attack that need to be mitigated. Don;t forget about accidental and maintenance related threats either!

Risk Analysis and Management - Assessing the identified risks in terms of consequence reduction. This involves prioritizing risks and deciding on the appropriate mitigation strategies that produce th3e greatest value. Refer back to your critical function mapping.

Review of Policies and Procedures - Evaluating existing security policies and procedures, and their effectiveness in the current environment. Be mindful of conflicts with operational requirements, and make sure to include your operators in this discussion.

Compliance Check - Ensuring that the systems comply with relevant industry standards and regulations. This will vary by industry and geography, as well as security strategy. We find IEC 62443 is an excellent place to start, and mapping this approach to NIST CSF will help when communicating with IT.

Human Capital - The best security tools are the ones that get used, or the ones you know the best. The ability for humans to operate all of these products is a key limiting factor, and this is important to understand during your assessment. In some cases, a platform with multiple capabilities may serve you better than multiple best of breed solutions.

Recommendation and Roadmap Development - Based on the findings, developing a set of recommendations and a roadmap for enhancing the security posture. Resourcing and budget are an important step. We find that many ICS operators are shy of budgetary requests for cybersecurity, but if you take a look at how IT handles budgeting in your organization, it may be very illuminating.

Opswright Security Architecture Review Service

If you’d like to get started with an assessment you can purchase today, with zero sales pressure, check out the Opswright services at Services Catalog.

Securely Architecting the ICS

Tony Turner

Founder, CEO

Experienced cybersecurity executive 30+ years, Author of SANS SEC547 Defending Product Supply Chains and Software Transparency.

Author's page