This article aims to present a brief example guide for an implementation of the new standard in a supplier's facilities.
Going through the critical points of the standard, a generic use case will be followed to exemplify how a vehicle manufacturer can adapt its processes to comply with the new standard in an efficient and effective way.
By presenting an overview of the standard and production processes, the aim is to provide a brief guide to serve as a starting point and help avoid common failures in industrial environments when faced with new regulations, such as redundancy of effort, inefficiency in resource management and deficiencies in the application of safety measures.
Larger scale and complexity industrial control networks present risks, and cybersecurity needs that usually cannot be met by applying a traditional segmentation model. Factors such as the presence of critical obsolete equipment, equipment managed by third parties or the increased presence of IoT technologies that require external connections, are motivating the adoption of more advanced architectures when applying the principle of defense in depth.
Proper segmentation can be a fundamental aspect in preventing attacks, especially in their propagation to essential and critical production assets. It is also important to adapt to the environment to be segmented. It is a common mistake to try to segment networks based on concepts and schemes like the IT environment.
This article will present some new network models and tips to work on a correct segmentation in an environment where different components are involved (OT, IIoT, IT, IoT).