ICS network components

Industrial control networks involve a lot of connectivity across the various levels of the control hierarchy, as shown in the following diagram:

Field devices and sensors usually communicate with a Fieldbus controller, which can uniquely identify them. For long-distance SCADA communications, routers are used to connect the LAN and WAN segments. Network segregation strategies are implemented using industrial firewalls. Firewalls enable fundamental network-based access control of resources on a particular network segment. Furthermore, depending on deep packet inspection (DPI) capabilities, there is the potential to get into protocol-level filtering as well. Consider an example of a firewall with DPI that is looking at Modbus traffic to manage read versus write versus read/write privileges based on the data source.

Considering the nature of OT traffic and the protocols involved, these firewalls are quite different from IT or next-gen firewalls, which we will discuss in greater depth in subsequent chapters. And yes, modems are still used to enable long-distance serial communications between MTUs and remote field devices in SCADA systems. DCS and PLCs use modems and remote access points to gain remote access to field stations for command, control, and configuration changes for operations, maintenance, and diagnostic purposes. Examples include using a personal digital assistant (PDA) to access data over a LAN through a wireless access point, and using a laptop and modem connection to remotely access an ICS system.