Integrate OT Cybersecurity into Industrial Network Design and Architecture
Overview
This standard defines the competencies required to integrate cybersecurity into the design and architecture of Operational Technology (OT) networks and systems. It includes identifying security requirements, designing secure and resilient architectures, selecting appropriate controls, and ensuring that designs support safe and reliable industrial operations. It incorporates secure-by-design principles, resilience and redundancy, IT/OT convergence, and cloud or edge architectural considerations in line with recognised industry standards.
This standard is intended for engineers, architects, and OT cybersecurity specialists responsible for developing or reviewing industrial architectures.
Performance criteria
You must be able to:
- Analyse industrial network architectures to identify cybersecurity, resilience, and operational requirements.
- Design OT network zoning and segmentation to meet security, safety, and operational needs.
- Specify cybersecurity controls for OT architectures using secure-by-design principles and recognised standards.
- Integrate cybersecurity considerations into OT network and system design decisions.
- Collaborate with engineering, operations, and IT teams to incorporate security requirements into converged and hybrid architectures.
- Document OT architecture decisions and associated security controls in line with organisational and regulatory requirements.
- Review industrial network designs to ensure they meet security, resilience, and lifecycle-security objectives.
- Identify risks associated with architectural decisions and propose appropriate mitigation options.
- Align OT network designs with safety, regulatory, operational, and data-sovereignty requirements.
- Evaluate architectural dependencies, including cloud, edge, and vendor systems, to assess their security impacts across the system lifecycle.
Knowledge and Understanding
You need to know and understand:
- OT and industrial network architectures and their components.
- Zoning, segmentation, and conduit models relevant to OT security.
- Secure-by-design principles for industrial network and control architectures.
- Cybersecurity controls applicable to OT architectures.
- Approaches for integrating cybersecurity into network and system designs.
- IT/OT convergence and its impact on architecture and trust boundaries.
- Resilience and redundancy principles used in industrial architectures.
- Methods for identifying and evaluating architectural security risks.
- Regulatory, safety, operational, and data-sovereignty requirements influencing OT architecture.
- Lifecycle-security principles for maintaining secure architectures.
- Cloud, edge, and hybrid-architecture considerations relevant to OT environments.
Scope/range
Scope Performance
Scope Knowledge
Values
Behaviours
Skills
Glossary
OT (Operational Technology)
Systems used to monitor, control, or automate industrial processes.
ICS (Industrial Control System)
A collective term for control technologies such as PLCs and SCADA systems.
PLC (Programmable Logic Controller)
A ruggedised industrial computer used for automation and process control.
SCADA (Supervisory Control and Data Acquisition)
A system used to monitor, manage, and control geographically distributed industrial assets.
DMZ (Demilitarised Zone)
A network area that provides a buffer between IT and OT networks, enabling controlled data exchange.
Secure-by-Design
An approach where security controls and principles are embedded into systems and architectures from the earliest design stages.
IT/OT Convergence
The integration of information-technology systems with operational-technology systems, creating shared services and security dependencies.
Data Sovereignty
Regulatory or organisational requirements governing where operational or safety-related data may be stored, processed, or transmitted.
Edge Computing
Processing of data close to industrial devices or control systems rather than in a centralised data centre or cloud environment.