U.S. Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. ICS-CERT. Industrial Control Systems Cyber Emergency Response Team.
TLP:WHITE

Secure Architecture Design

This secure architecture design is the result of an evolutionary process of technology advancement and increasing cyber vulnerability presented in the Recommended Practice document, Control Systems Defense in Depth Strategies.

Hover over the various areas of the graphic and click inside the Box for additional information associated with the system elements.

Field Wireless Access Points

Field Wireless Access Points

Field Controller RTU/PLC/IED

Field Controller/RTU/PLC/IED

Control System Telephony Firewall

Control System Telephony Firewall

Control System Modem Pool

Control System Modem Pool

Control System Data Acquisition Server

Control System Data Acquisition Server

Control System Firewall 1

Control System Firewall

Control System Applications Server

Control System Applications Server

Control System Historian

Control System Historian

Control System Database Server

Control System Database Server

Control System Configuration Server

Control System Configuration Server

Control System HMI Computers

Control System HMI Computers

Control System Engineering Workstation

Control System Engineering Workstation

Control System Firewall 2

Control System Firewall

Control System LAN

Control System LAN

Backup Control Center Details

Backup Control Center

Control System Firewall 3

Control System Firewall

Control System Firewall 4

Control System Firewall

Control System External Business Communication Server

Control System External Business Communication Server

Control System WWW Server

Control System WWW Server

Corporate Control System DB/Historian

Corporate CS DB/Historian

Control System Security Server

Control System Security Server

Control System Authentication Server

Control System Authentication Server

Control System Firewall 5

Control System Firewall

Control System Business Communications DMZ

Control System Business Communications DMZ

Control System Web Server DMZ

Control System Web Server DMZ

Control System DB DMZ

Control System DB DMZ

Control System Security DMZ

Control System Security DMZ

Control System Authentication DMZ

Control System Authentication DMZ

Remote Business Peers

Remote Business Peers

Corporate Telephony Firewall

Corporate Telephony Firewall

Corporate Business Servers

Corporate Business Servers

Corporate Business Workstations

Corporate Business Workstations

Corporate Web Applications Servers

Corporate Web Applications Servers

Corporate eMail Server

Corporate eMail Server

Corporate FTP Server

Corporate FTP Server

Corporate Wireless Access Points

Corporate Wireless Access Points

Corporate LAN
Corporate DNS Server

Corporate DNS Server

Corporate Web Server

Corporate Web Server

Corporate Authentication Server

Corporate Authentication Server

Corporate Firewall

Corporate Firewall

Corporate DNS DMZ

Corporate DNS DMZ

Corporate eMail DMZ

Corporate eMail DMZ

Corporate Web Server DMZ

Corporate Web Server DMZ

Corporate FTP DMZ"

Corporate FTP DMZ

Corporate Authentication DMZ

Corporate Authentication DMZ

Corporate Wireless DMZ

Corporate Wireless DMZ

 

Back to Top