Myth # 4
Protection is achieved when a firewall is installed.
A firewall is no more effective protecting SCADA systems than they were at stopping the worms on business networks in years past. Defense in depth and layered protections are essential. The same comments hold true for those that beileve it is possible to simply not connect PCN's to the business network. The simple fact is that there is to much essential traffic that must traverse between the networks. Even if that traffic didn't exist by only relying on a seperation more risk is inserted in the form of non updated and non maintained systems. To go a step further there are huge safety advantages to allowing more eyes monitor and investigate (note that I didn't say control) these systems. An immutable trend towards deperimeterization is occurring for PCN's as well as other areas and organizations need to adjust their security strategies appropriately.