NERC facilitates many forums to advance industry practices and grid reliability. "Segmentation and Control Systems - It's a Good Thing!" by Dustin Cornelius from the 2014 Monitoring and Situational Awareness Conference caught my attention as worth reading.
Here are a few observations and comments:
- Although compliance motivated, Dustin's strategy goes beyond NERC CIP minimal compliance. More cases like this could be reason for optimism about industry lead approaches to critical infrastructure protection.
- Back to basics. Microsoft's immutable laws go back to 2001. "Law #8: The difficulty of defending a network is directly proportional to its complexity". I like the way Dustin turns this around to less segmentation is more complex and more risk.
- Future prediction. While too soon to call a trend, an increasing number of you are implementing host based security perimeters. Whether this approach finds enough momentum to overcome a shinny new NxGen firewall is a tough call. OTOH I wouldn't bet against virtualization.