Professional Documents
Culture Documents
Critical Cybersecurity
Critical Cybersecurity
● Laser in TX, photocell in RX, fibre-optic cable – you can send data
out, but nothing can get back in to protected network
● TX uses 2-way protocols to gather data from protected network
● RX uses 2-way protocols to publish data to external network
● Server replication, not protocol emulation
● CIP-002 R3: Critical Cyber Assets are further qualified to be those having at least
one of the following characteristics:
R3.1. The Cyber Asset uses a routable protocol to communicate outside the
Electronic Security Perimeter; or,
R3.2. The Cyber Asset uses a routable protocol within a control center; or,
R3.3. The Cyber Asset is dial-up accessible.
● CIP R1-R4 apply only to highest-risk “Critical Cyber Assets”
● Routable and dial-up communications are higher risk than non-routable
communications
● CIP was written before unidirectional communications were in widespread
use
● Routable Protocol: Routable protocols use addresses and require those addresses
to have at least two parts: A “network” address and a “device” address. Routable
protocols allow devices to communicate between two different networks by forwarding
packets between the two networks.
● Ethernet frames stay within local network – hardware device (MAC)
addresses are meaningless outside the local network
● Internet Protocol (IP) packets are contained inside Ethernet frames in local
networks, other kinds of encapsulation in wide area networks
● Internet addresses are recognized throughout the WAN
Routable
Communications