Firewall configuration and policies for process network security

This White Paper describes the best practices for firewall selection, ruleset configuration and operational policies for a process control system network and its interfaces to a corporate network. The goal of this document is to give the reader an understanding of the techniques utilized to securely connect these networks. The scope of this document is not to address every possible firewall configuration and requirement as this will vary with individual customer configurations.

Developing a prevention approach to plant control systems requires a new approach to network security between the plant network layer and business / external systems. This document addresses the key network/topology areas for architecting pant and business network systems.

The approach to site network(s) and control system security is based on the following principles:
·  View security from both management and technical perspectives
·  Ensure security is addressed from both an IT and control system perspective
·  Design and develop multiple layers of network, system and application security
·  Ensure industry, regulatory and international standards are taken into account
·  Prevention is critical in plant control systems, supported by detection