Processing facilities are often managed using industrial control and automation systems. Example processing facilities include chemical, pharmaceutical, paper, and petrochemical production plants. Among other operations, industrial control and automation systems typically interact with and control industrial equipment in the processing facilities, such as equipment used to produce chemical, pharmaceutical, paper, or petrochemical products.
Industrial control and automation systems routinely include wired components and wireless components. For example, an industrial control and automation system could include a wireless network of sensors that provide data to a wired controller.
In many types of networks, such as corporate and industrial networks, there are often multiple network layers that are subdivided by security paradigm or security domain. For example, industrial sites often use a “Purdue Control System” model divided into multiple levels. Level 1 may, for example, serve process controllers and field input/output devices (such as sensors or actuators). Level 2 may, for example, support process control configuration databases, human-machine interfaces, and (in some cases) complex controls. Level 3 may, for example, support process control historians and advanced supervisory applications. Level 4 may, for example, support business applications and process maintenance applications. A Demilitarized Zone (DMZ) is often set up between Level 3 and Level 4 for wireless applications and for commuting data between Level 3 and Level 4.
Often times, a Process Control Network (PCN) is used to represent Levels 1-3, while a business local area network (LAN) is used to represent Level 4. Each of these levels may have a different security domain, and many best practices champion a security domain for the PCN, a separate security domain for the business LAN, and even a separate security domain for the DMZ.