Implementing a PCN DMZ
Designing and deploying a DMZ for the process control network (PCN)
What is the function of a PCN DMZ?
Assets within a DMZ network serve as a buffer between the underlying process control network and the business network. While designing DMZ networks, attention must be paid to the type of assets and their functionality. As a rule of thumb, any asset that communicates to the PCN and to the business network belongs in a PCN DMZ. Going a step further, subnetting the DMZ by clustering assets of similar functionality enhances the resiliency and reduces the attack surface. A well-designed DMZ network offers the capability and flexibility to share process data across the enterprise securely while at the same time containing and localizing the impact to plant operations should a cybersecurity event occur.
Description of the Service
aeSolutions offers a service to develop the user requirements and assist through conceptual design and deployment. We typically facilitate a 1 – 2 day workshop to develop user requirements and a conceptual design for the PCN DMZ architecture. We can also assist with the deployment, testing and commissioning phases of the project. During the workshop we tackle some of the key challenges of implementing a PCN DMZ architecture, some of which are listed below:
PCN DMZ structure
Determine what assets should belong in the PCN DMZ
PCN DMZ services e.g., WSUS, AV, Backup, File Server.
Authentication requirements to process control domains
Location of data collectors and historian servers
Align with remote access requirements e.g., vendors, contractors, employees
User requirements and conceptual design of PCN DMZ architecture
Industry Best Practices – Dos and Don’ts
Learn more about
Security Architecture at: