Running Head: ICS Architecture Final Project Template 1

Running Head: ICS Architecture Final Project Template 1

ICS Architecture FinalProject Template

SEC6082

Your Name

ICS ARCHITECTURE FINAL PROJECT TEMPLATE 1

Table of Contents

Executive Summary...... X

ICS Industry Architecture Being Designed...... X

Overview...... X

Statement of Need...... X

Detailed Description...... X

ICS Network Architecture...... X

Physical andLogical Designs...... X

Protocols...... X

Devices...... X

ICS Security Architecture...... X

Device Security Configuration...... X

Device Security Configuration...... X

Device Security Configuration...... X

Etc...... X

Appendix...... X

*Comprehensive Network Map...... X

Example: Device Data Flows...... X

Example: Security Design Documents...... X

Example: Intrusion Detection System...... X

Example: Honeypot Configuration...... X

*The comprehensive network map must include all devices and communication protocols.

List of Tables and Figures

Figure 1. Example: Total Network Design...... X

Figure 2. Example: Device Data Flow...... X

Figure 3. Example: Intrusion Detection System...... X

Figure 4. Example: Honeypot Configuration...... X

Executive Summary

An Executive Summary provides a brief overview for C-level Executives who only need to know what the material is about, not the details of the material. Give a brief summary, one page or less, of what this project is about.

ICS Industry Architecture Being Designed

This is arguably the most important part of the ICS architecture project. The logistical work done during this phase makes it possible to architect a successful ICS network. The origins of all problems experienced during the other phases can usually be tracked back to a lack of planning and understanding of your project during this phase. You will describe the industry you are architecting this ICS network for.

1. Overview

Begin describing the types of network designs commonly used to architect this network.

2. Statement of Need

Discuss the network needs of this architectural project. Your ICS network must include a SCADA network controlling at least two remote DCS networks. The SCADA network must securely share data with a traditional business IT network.

3. Detailed Description

Now that you know the types of network commonly found and used in this industry and you know the particular needs of this architectural project, address how you will design this ICS network.

ICS Network Architecture

Provide a brief description of what will occur during this phase. For example: This is the phase where you will describe the physical and logical design of your network, etc. This phase has three sections: Physical and Logical Designs; Protocols; and Devices.

1. Physical and Logical Designs

There are many physical and logical network designs possible. ICS networks usually have more than one physical and logical network solution. Describe your physical and logical ICS network designs here. Include Visios or Excel designs to graphically illustrate your designs.

A block of words is provided below to jog your mind:

Ring, star, bus, mesh, twisted pair, coax, fiber, microwave, satellite.

2. Protocols

This section is where you will document and describe the protocols in use, where, and why. The protocols listed should be represented in your network diagram(s). A block of words is provided below to jog your mind:

DNP3, Fieldbus, Modbus, Profibus, Ethernet.

3. Devices

A list of devices should be provided with as much information as possible. Identify the open ports and services running on each. List them here and explain why you’ve chosen them. All devices listed should appear in your network diagram(s).

Follow these steps below:

1. Identify the device.
2. Identify what the device does.
3. Identify the open ports.
4. Identify the services running on these ports.

Example devices include, but are not limited to: Router, firewall, IDS/IPS, Honeypot, Historian, PLC, RTU, IED, data acquisition server, HMI, protocol gateway, SCADA master station, sensors.

ICS Security Architecture

List each device you previously documented in “3. Devices” but this time annotate how they will be secured. This will require you to research vendor documentation, industry best practices, and other authoritative sources. Identify known weaknesses of the devices and how you will mitigate them.

Reference

Appendix