Bryan Owen

Commentary on "Segmentation and Control Systems - It's a Good Thing!"

Blog Post created by Bryan Owen on Jul 13, 2015

NERC facilitates many forums to advance industry practices and grid reliability. "Segmentation and Control Systems - It's a Good Thing!" by Dustin Cornelius from the 2014 Monitoring and Situational Awareness Conference caught my attention as worth reading.


Here are a few observations and comments:


  • Although compliance motivated, Dustin's strategy goes beyond NERC CIP minimal compliance.  More cases like this could be reason for optimism about industry lead approaches to critical infrastructure protection.


  • Back to basics. Microsoft's immutable laws go back to 2001. "Law #8: The difficulty of defending a network is directly proportional to its complexity". I like the way Dustin turns this around to less segmentation is more complex and more risk.


  • Future prediction. While too soon to call a trend, an increasing number of you are implementing host based security perimeters. Whether this approach finds enough momentum to overcome a shinny new NxGen firewall is a tough call. OTOH I wouldn't bet against virtualization.