A corporation managing critical infrastructure needs to safeguard its operational technology environment. Among the following choices, which measure would most effectively enhance the defense of their control systems?
Encrypt all stored data pertaining to operational procedures and configurations.
Implement network segmentation to isolate the control systems from other less secure networks.
Disable all unnecessary services and ports on the devices managing the industrial processes.
Institute a strict schedule for applying updates to the control system software during operational hours.
Network segmentation is the most effective choice for enhancing the defense of control systems because it creates boundaries that limit communications with less secure or external networks. This isolation is crucial for environments that manage critical processes, as it not only minimizes the potential attack surface but also contains the spread of any intrusion, thereby safeguarding essential services. While disabling unused services, applying regular updates, and encrypting storage are all important security practices, they do not provide the same level of systemic protection or containment against network-based threats that segmentation offers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation and how does it work?
Open an interactive chat with Bash
Why is it important to isolate control systems from other networks?
Open an interactive chat with Bash
What are other best practices for securing control systems beyond segmentation?