Technical Deep-Dive: iON

[Music]

[Music] hi uh welcome to my talk i'm a senior security architect at ion united and today that my talk's going to be about protecting your industrial control networks using architecture and passive defense see if we can get this going so um today the agenda it's going to be what are industrial control systems you know and how they differ from i t um we're gonna have a couple of examples of how ics has been attacked in the uh in the past and then we're gonna go through some um instances of how to protect your industrial control systems from cyber attacks

so first of all let's take a look at what our industrial control systems and were they used so industrial control systems are basically are everywhere where their um their uh industrial processes going on so you know every all the industrial processes involve the physical world so um things like um in mine sites uh crushing rocks to optimize uh or extraction during uh processing you can you know they're used to measuring measure pollutant levels in discharge to comply with environmental regulations you can they're used to push product down pipelines and having and being able to know which product goes to which which customer things like power generation so if you're looking at steam turbines you use the control

system the control systems to produce steam to drive the turbines and in dams they'll be regulating the the water flow uh through the turbines to protect produce electricity um and you know you can use them to control chemical reactions during processes to optimize your product yield so you know things like temperature pressure flow and reactant concentrations in your baths so the industrial controls technologies basically are things that support these physical processes so intestinal control systems utilized in many sectors environments such as mining oil and gas power chemical manufacturing all the things that are are set in here so they're all around the world and so wherever there's a physical process involved in manufacturing there's going to be industrial control

systems that are controlling those those processes so if we take an example of the oil sands this is a really high level view of what it takes to do oil sands extractions so first of all you're mining with shovels to get the oil sands out of the ground putting them into trucks dumping them into the crusher crushing them into um into sizes that are optimal for your process you know putting them into the storage going through you know extracting um this the oil out of the sands separating out the stuff that you want from the stuff that you don't want then storing the the actual product before you send it to the refinery to to

get your refined product out of it and then you know because the um bitumen is mixed with um with a um a diluted a diluter um you get those that you separate the bitumen from the diluted at the end and you send the diluten back to to finish the cycle so let's take a look at you know that each of these steps there's going to be technologies involved in in regulating and maintaining those things those processes so for instance in the trucks um there are things like prevented maintenance so um the trucks are all pretty much um have technology on them that measures the temperature of the oil the temperature of transmission and the data coming back from those

those sensors in your trucks will be able to you'll be able to use to to get your set your maintenance schedules so instead of having you know a schedule that says you know in six months you should repair this truck you'll be able to either extend it or reduce it depending on how your truck is is behaving um there's also um in the past little while there's been autonomous haulage pro projects going on so that's driverless trucks um so there's all sorts of um technology involved in you know making sure that the trucks don't you know run into each other or run off the road and so it leads should lead to a greater safety and

reproducibility of of the trucks going around the oil sands um if you go to the next step where the dump truck is dumping their stuff that goes into a crusher basically you want to make sure that your the crusher crushes the rocks into the optima optimal size for your process it really makes a difference if you're you know truck if your rocks are the optimal size versus too small too large and if you do find that you have um um non-optimal sizing you can go back in the process and and fix those things um in the storage silos you've got things you know you want to make know how much material you'll have for the processing

when you go to the next stage with the rotating drums you want to make sure that the correct mix of materials is in drums you can add water as necessary and then you can meant um you can look at the or optimize the speed of the drums as well when you go next look at the tailings pawns for instance you want to monitor those closely to ensure the levels are within tolerances you don't want that stuff spilling all over the place you want to be able to monitor the liquid composition to make sure that everything's working as as expected and then you want to have alerting to say if anything goes out of the tolerance um

that you'll get alerted on it and you can go investigate that so the general point in this is that all the processes feed into each other so the products of one process are the starting elements of the next process um if one if one process one set of processes is stopped that you know might mean that um the rest of the processes down the line are going to be stopped and you know the the problem with this is that you know many of the operations are they run 24 by 7 365 days a year um and if you stop a process sometimes that mean that might mean to that you have to clean up the whole

system removing everything that you have in the in the middle or in the um the process at that point you know re uh setting the system to its initial state so putting all the rest of the um initial conditions and then starting the process um all over again so that can lead to like major delays to restart the system uh potential loss of reactants um or products because of the restart and then lost production time as well as health and safety issues and you know on top of that you might be losing uh money as you as you're shut down so those are the things that you need to keep in mind when you're talking about

industrial systems so what's what physical things are in uh in the industrial code control systems um so there's some traditional it systems um but there's but those are mainly in the central locations uh there's a lot of other systems that you know you would never find on a traditional it network so if you look at the supervisory level here this is the level that you'd find the most i.t type of systems so if you look at the main hmi is the human machine interface basically where operators monitor the systems and adjust processes when necessary the data historian it's a basically a big database of all the the data all the settings of the systems and all the measurements of the systems

come in um it's and it shows you know what happened in the systems in the past engineering workstations um basically this is where the engineers do their programming changes to the plc's and the other equipment optimized to optimize the process so if you move into the field level as you move down the stack you'll see a lot more and more non-i t type systems so things like motors valves and sensors and ps plc's that you'll never see in the it network you'll also see different protocols so let's take a look at you know what kind of protocols that you had the network protocols that that the devices used to talk to each other so in it

you'll get you know common operating systems like windows and linux using traditional protocols like ssh smb http and and the such when you move into the ics the ot space you get adapted operating systems so you'll get you know linux appliances and and and some windows systems as well and embedded systems um you'll see industrial protocols so you know mod modbus or you know ethernet over ip and profibus and all sorts of engineering hardware assets so um it's just um so it is a different world but they are converging and why so why are these systems converging if you look at how you know it and ot um interact um the the big reason is that there's a

lot of uh pertinent information in ot that aids the business in making business decisions so you know in order for the business people to make decisions they need to understand what's happening in the ot networks so in on the i.t side of the network the enterprise resource planning on the top right system is a critical component for most businesses so you know it's used to take orders understand what raw materials are required um what things do i need to make um and also it communicates out back to the customer saying hey you know your product has been shipped um so the erp system's usually central to the billing of customers and facilitating making money for the business

so the erp is going to be talking to the manufacturing execution system and that's the bridge between it and ot so these these systems usually um used for like recipe management quality assurance work in process tracking um performance management so um basically you know it's it keeps track of you know what come what orders are being made what things i have on site and uh how do i um how do i know where in the system things are so you know looking at capacity so it'll know exactly what machines are working and what processes are working and which aren't and which are available to be used it'll do things on the quality side so for

instance you know when you're talking about metallurgical coal for instance there's different qualities that you have of metal electrical coal so it keeps track of how much we have how much the company has of each type of of coal visibility basically where in the process we you are um and where the pro where the product is in um in the manufacturing process and then it also takes care of or keeps track of delivery so if you're going um shipping your product with by rail um by truck or even by pipelines so you know the mes system is really the the place where the business um can reach down into ot systems to understand what's happening at the at the

production side so what does this what does this mean in terms of securing your systems so you know what do we have to worry about on the ot versus the it system so you know the difference between it and ot is that i t you're moving and securing data whereas on the ot side you're enabling and securing physical processes so what does that mean in terms of of incidents that you can have in it versus ot so in an it is in it incident you know you your business applications may be becoming unavailable so for instance if a printer a print server gets rebooted people won't be able to print until that um until that service comes back up

um you can if if you have an incident so either un intentional or unintentional you could get data corruption so that your business data is unusable you could also have data loss so either intentional or unintentional that could you know data loss that could basically tarnish your brand saying you know to your customers hey that this company is unreliable and we we shouldn't deal with that anymore on the other side when you're looking at ics incidents there's you get you know basically a loss of control of the physical process so you you lose the ability to view what's happening in your systems um you know it there can also be you know intentional or unintentional

manipulation of physical process so for instance instead of you know running at a certain temperature um there's the the temperature is going to be high or low or in the case of water purification um the levels of uh chemicals to treat your water is is not going to be um the right the right composition to to purify the water and so the actual impact is going to could be that you have environmental damage um there's there may be human safety so for instance if you've you know put too much of a certain chemical in a water people are going to get sick and you know in the case of these large pieces of machinery running around your mine site for

instance um a mining truck mining dump truck that's you know being driven autonomously could run over a um a pickup truck with somebody in it and and crush them so um the the impacts of an ics incident is a whole lot more than than what you have in the it side so what does that mean for the objectives for it versus ot information technology basically you're looking at the cia triangle so the first thing is confidentiality you know are authorized or only authorized users viewing data that they're authorized to use integrity is the the data that people are seeing um correct and availability is usually last so um is the the data available to to view and

and to use so if if the data isn't available for a small amount amount of time it might not be a big deal on the uh industrial control systems their objectives are very straightforward they need availability above all else so if they can't see what's happening in their process they can't control it and there could be um um you know safety and um health and safety um implications as as well as you know up to and including you know people dying usually you know historically uh integrity and confidentiality have been way down the list of things that they care about um generally in the in the past industrial control systems have been you know separated from all the other networks

so that you physically had to be at the site to to be able to impact any of the controls so um you know the security of the systems the integrity and the current financiality are have been really low um low things for security or for ics vendors to think about so now that we've gone through what ics is and where they where it is let's take a look at how ics what kinds of ics attacks have been done to to different organizations i'm just going to use two examples of the attacks that we've seen so the first one the first attack scenario is you know attacking the ot systems directly to cause an outage and the example of this is the ukrainian

power outage of 2015 and on the right hand side here we see the the sequence of events that led to the outages so um the ukrainians power system was targeted by an outside attacker who sent phishing emails to um various people in the um in the company the phishing email contained a word document that had macros that had macros that would do bad things to the system if they were turned on so you know basically they had a you know when the when the user opened the uh the word document in big ukrainian type um said please uh please enable macros and you know once one of one or at least one person did that um black energy three malware was

installed onto their systems so that basically as the malware got out it moved from system to system and and the first thing it did was get credentials so credentials for the vpn credentials for the systems inside the the network and the attackers were able to be persistent on the network um and blend in with the regular traffic of the network so it really it made them really hard to to find amongst all the normal users once it had the persistence it it did basically network and host discovery to figure out what's on the network how it was laid out where the ot segments were and how to get into the ot segments that was a generally a longish process

and then once it had all those details um it went back into its own networks and developed malicious firmware that that emulated the um human machine interfaces that they had and the scadas systems that they had so they could actually talk directly to um the ot systems once they were connected with the uh with the vpn so once everything was in place um to do their attack um they went into action um by taking over the um operator workstations in in the operator areas of the the plants they also used their homemade clients hm clients to you know basically turn off the power system so open up the breakers um and um and then they would that would lead that

led to the power outages um once they opened up the breakers they did a bunch of things to prevent the systems from coming back online easily they modified ups's and turned them off and basically broke them they uploaded firmware to different parts of the of the system that basically you know disabled them as well and then they used killdisk to overwrite system files on the computers on the network and it's all designed to make it harder for the organization to recover from the power outages so you know basically what happened is that you've got your breakers opened um and now you know uh ukrainian system um was it was um one of the saving graces was that you

could actually do um manual overrides of all the things so basically the operators had to go in to physically the plant to turn everything on so this is uh you know basically a way of causing an outage by directly attacking the ot systems so if we go on to the second scenario is attacking um operations via it and so here we have an example of you know an mes system uh that you know is making you know three products for instance so product one two and three product one you know requires you know um precursors a and b product two b and c and then product three uh create or is uh requires a and c

so the mes system figures out i've got you know three tanks of raw materials i've got lots of a i've got lots of c but i don't have any b so what can i make i can make product three so as soon as it gets orders for product three they can build the orders so that's part number two um it creates the production order in step number three and then sends the product request down to the ot side um for the ot side to build product three if you notice you know the step four and step five on the uh on the right hand side you know it's a two-way communication without between ot and it so

it sends the request down and then ot side says thanks i have your request and i'm gonna build it um so once that's happened then the ot side gets to work um it basically says i want to use tank 2 for this and it's got a manufacturing thing manufacturing thing manufacturing product um product 3 in tank number 2. and it does that automatically once the um once the product is made um if you can take a look at step eight that it uh it's sent in the historian historian says oh this thing is made i'm going to send up um the uh send up the confirmation to the business to the mes system to say

um the the product is made and it's waiting in tank to uh for shipping so there's all these different points of communication between various systems um and you know so that there's control over the ot ot processing side in order to fulfill the business requirements so how do you attack this basically this is what happened in the colonial pipeline um attack so the mes system the billing system in colonial pipelines was ransomwared so all of a sudden um the it and ot were disconnected there was no communication between them so they couldn't send product requests the build product you know that was the message going back saying yeah yeah we've got the order um from the ot

system was not able to be sent back um and then once a product was created um the the system the ot systems couldn't send it back to the mes system saying we have this product ready to ship and and here's how much of it we have so basically what happened is that colonial um pipeline um knew it had a bunch of product but it couldn't locate it it couldn't put it into the pipeline and they couldn't keep track of it in order to build customers so as a precautionary measure they actually shut down the ot systems even though the ot systems were not um affected by malware so you know basically you know that the

high level overview of this is that you know if you because of the convergence of the itnot if you've if you disable certain systems within it you can stop production and hurt a company and use that as leverage to get money out of that company so um by unencrypting their their it systems they'll be able to go back into production and be able to get back into making money so how do we [Music] how do we protect these ics networks from these kinds of attacks well the first thing that you want to do is you want to implement a security program and yeah i've cut this off a little bit so you want to use frameworks to implement

a security program there's lots of frameworks out there there's a whole bunch of organizations that their main goals are to create cyber security frameworks that take into account all of the things that you need to do in order to get um you know so that you don't have any gaps in your in your security program so by using one of these frameworks um you don't have to recreate the wheel and you know think of all the things that you could be missing um all the pieces are in place in the framework to be um to implement a good security program so most programs cover all the same territory you know their controls can be mapped to one another so

in the end it doesn't really matter which security program that you're you're going to use to implement uh or which framework you're going to use to implement a security program um just choose the one that best fits your company so you know the the thing is so with these security frameworks um they have you know basic categories um the the major functions of the framework so uh for this framework you've got you know identify protect detect respond and recover so identify is basically identify the things that you have so physical or cyber assets um business processes governance risks and and and other things as well the next thing is protect so you want to be able to protect those assets

processes or data for detecting you want to make sure that if somebody gets in that you can see them and once you see somebody in your um in your system you want to respond so remove the instruc the intruder and then deal with the consequences around the intrusion or the breach and then the last thing is you want to recover you get back to normal operations and and improve your security to plug the hole that that that intruder came in so if you take a look at each of these functions each of these functions have a number of categories underneath them and then when you look at each of these categories each category has subcategories as well

the one of the important pieces to look at is this last piece the infor informative references column that basically shows you know here's how the nist framework works with all these other frameworks from different organizations so it does show that you know even though they're called something different in each of these um in each of these frameworks they're all basically looking at the same same things so the the problem that we've seen with these frameworks is that they tell you what you need to do but they don't tell you really how to do it so what we've been telling our clients is to using with our clients is to use the center for internet security critical

security controls they basically are give more prescriptive advice for implementing the controls so these controls are actually created by um see the center for internet security what they do is they sit down look at all the attacks that have happened in the past and then create controls that would that would prevent those attacks so it's really based on real world data and so you know let's let's so let's take a look at some of these controls so for instance you've got um you've got critical security control one so it's inventory of control of enter prize assets what you need to know is that the cs the cas controls are built for an it network so

if you're going to use them for an ot network you want to make you want to modify some of those controls for ot for instance um in 1.3 um utilize an active discovery tool that's generally a bad idea in the ot network and ot networks um ot devices are you know generally old they have a much longer um life inside the ot network um you know you won't you're not even not surprised that there's even 20 year old equipment in there um so what you want to do is you know they're um you know 20 20 year old ip stacks on there so if you start poking at them with with active probes they might just fall

over and and stop your processes um looking at you know 1.4 dynamic hosts the dhcp logging most ot assets are statically assigned ip addresses so dhcp logging is not one of those is not applicable for ot networks so another way of looking at um for looking at it secure ot security is the sliding scale of cyber securities and there's five categories like architecture passive defense active defense intelligence and offense so the biggest bang for the buck is to enable controls at the from the left side left hand side of of the graph or from the scale and then move right as as necessary so if you implement your correct architecture you'll drastically increase or increase

the defensive posture of those systems um with with an architecture as you go from the left to the right you know um a determined attacker is going to be able to get around eventually get around your architecture so that means that you need to look at more passive defense and active defense move to the right to be able to protect your systems so the thing that you need to keep in mind in the ot side is that sometimes architectural defense is the only things that you have to to work with and so that's why it's important to look at your systems as they're being implemented to make sure that they're designed with security and bind

this next graphic shows the same thing um but in terms of value and costs so as you can see architecture at the bottom is you know great value towards security it doesn't cost as much but as you move up the top up stack you get less and less value for your money um while paying more and more for those types of of defenses so the takeaway from here is architect the systems correctly in the first place and then add defenses as as required and according to your budgets so let's take a look at some examples um so architecture planning establishing enough keeper systems with security in mind so one of the first um architecture for

for ot networks came from purdue university back in the early 1990s originally it was created to separate data traffic when land speeds were were really low or even had token based land protocols what they wanted to do was separate systems so that they didn't interfere with each other on the land so it wasn't really um originally designed as a security um framework but um it has generally become that in as time went on so what you'd want to do is you want to isolate services from each other and reduce the attack surface and you know if one service service gets compromised it doesn't affect other services the major things with this is that um traffic from each zone

should only can only traverse to the next zone um so there's no skipping zone so for instance nothing i've for my t skips the ot dmz and getting to lower levels what you want to do is you want to protect the ot systems so that's the high trust zone from your dirty business land which is not the center of the universe as most i.t people think of it but it's something that you want to separate from your from your ot environment so how do you use the model to increase the security so the first thing that you want to do is you want to separate it from ot so your first major um yeah your first major um

security boundary is at the ot's dmz so you want to have you want to firewall off uh the ot dmz from the rest of the business i.t and put in restrictive rules to say only these users protocols ips applications can get into the dmc um and so it systems are forced to go through the secure dmz to talk to to get any information out of ot systems

so and then to go further into segmentations you want to segment services um for availability um so um availability and for um to to ensure that they don't go down so for instance hmis shouldn't be um talking with trucks for instance or trucks shouldn't be talking with shovels there's no reason for them so they shouldn't be able to do that so you want to segment as certain services so all the all the applications and the devices that need to talk to each other should be in one zone so that there's no single point of failure that would would stop that service from running um but they also should not be able to um talk to services that

they they don't need to be talking to so um keep in mind again ex um the availability is the big thing um you know integrity and confidentiality is is not a a big deal um not a big thing that people are worried about in the ot side so one of the things that you want to keep in mind here is that usually you know occasionally you're not going to be able to do the segmentation effectively on the ot side um so you know keep in mind that you know your only security boundary may be you know back at this l3 level the the firewalls above so um we've gone into many organizations where ot systems are on one big flat

network and that uh there was no separation between services but um when you're designing systems you want to um see if you can segment the system so that they they're not able to affect each other the last thing that you wanted or another thing that you want to do is you want to have a standard secure remote access solution um from for your device for your ot environment so what you find is that ot remote access into ot networks is is a definite business requirement for you know for instance vendors coming in to support um your their their equipment that they have on your sites so what you want to do is make sure that

in the l3 layer that you have jump servers um in there so that you don't have direct itot connections so you know an rdp session you know for instance between a workstation and lay level four and an ot system on level two um would allow malware to cross that in across that tunnel um so you want to make sure that that doesn't happen um you want to be also be able to audit the connections so you want to see whatever see see everything that people do on those networks so i usually want to have a recording session when you have people vendors um coming in from the internet uh you want to have a standard remote

access solution here with that that forces them to authenticate with it credentials using mfa so you know you want to make sure that the person that's coming in is the person that they say they are and mfa is one of those things that will help you um make sure that that happens once the vendor comes in then they're going to go into the secure jump server is basically you're going to authenticate using ot credentials so they have two ways two passes of authentication that they have using two different credentials and then once they get in for the jump server then they can go talk to the lower levels um if you want to look at passive

defense systems we can take a look at the critical security controls again and using a passive asset discovery tool how you set this up is basically is generally what happens is that you'll have an appliance that's connected at one of the switches or at the firewall that will have traffic that coming through span port so that it can see all the traffic and then there are different there are sensors put down at different levels so that you can see the traffic see what's happening on all the network on the all the network segments throughout the plant and the things that you can get from from these type of systems um you can see that you know you can get

your acid distribution by type so you know here we've got plcs endpoints hmis you'll also be able to see what vendors are or use are being used on your networks and you also be able to you know look at vulnerabilities that you have in your network so as the devices communicate with each other they'll be passing data back and forth and the vulnerability scanning machine will be able to identify um what version of the software that they're using to do that communication by various methods each each vendor has its own ways of doing that but once it figures out which version of the software they're using it'll go back into its their vulnerability database and say

you know this machine has this cve and so that allows you to say i need to get that fixed uh you can also um it will also map out you know where these devices are relative to the purdue metal model um every vendor will do this differently and the purdue model the levels are kind of you know you can they're kind of fluid um they're not really fixed levels so this kind of gives you a general idea of how your network's laid out second thing another thing that you want to do is you want to make sure that you're you know getting your your logs off of those devices and into a central point um and

you want to be able to analyze those logs as well so if you look at control 8 all of these things are doable for the ot systems so once you get um things set up you know you know what what kind of things does a sim system um do for um for ot so you know it's receiving the event data it's aggregating and correlating the events it's storing events for a certain period of time you can go up like as long as as as far as you want as long as you have the space you can generate reports and alerts helping you know security teams identify and respond to risks and and automate actions so this is really

useful for the security teams to you know detect and manage events so how do you actually do this um what you want to do is set up log educators at your site this is sorry i guess i should introduce this this is a more logical level um diagram of um the purdue model so you can see how the zones kind of interact at the site level and at the enterprise level um so you know extending the secure dmz's for instance from the sites over to the data centers allows you to pass that data securely across across here when so getting back to the log forwarding you want to put a log aggregator server at your site

and all the logs are being forwarded from your ot systems up to that log aggregator um that will then send the aggregate logs over to the ics sim saving you on wan bandwidth and then your ics sim um you can have that alone for the ics for the i for only for the ics side but you can also forward the events um a subset of the events up to your it sim um in case you've got a unified sock

so and so let's take a look at the top takeaways from this talk so first of all you want to understand the you know the difference between it and ic ics security you know you want to put um security you know its type security um where they fit in the up you know mostly in the upper to purdue model or at the upper purdue levels you know you want to adapt security to fit ics uh and prior to prioritizing safety for instance you don't want to make you don't want to kick machines off the network on the ot side and because that might just affect your process um the ic net ics network architecture base

it on the purdue model so you want to segment and control traffic and enforce uh enforcement boundaries or natural monitoring parts points so use firewalls um as much as possible to restrict that traffic um and you know the itot boundary is the most important piece so make sure you secure that ensure that you have a standard remote access solution and then work your way down the network stack as as required or as as you can do um and then for ic ics passive defenses you want to know what's on your network um asset inter you know if you can identify your assets then you can you know fit those assets into the correct architecture model and then

always collect and analyze logs it's required for alerting an incident response if you don't have the data you can't um tell what's going on your network you don't know if you've got an intruder or not so you're basically blind and that is it thank you for your time today i hope this was uh informative for you um you know we we do all these things for for industrial clients so take a look at our site and take a look at our we we do have um a uh a booth in the today at uh today and tomorrow at b-sides so go and talk to mark our sales director and see what we can do for you

um let's see let's take a look at the course do we have uh do we have time for questions here uh marcy

on mute marcy on mute sorry about that the room will the room will stay open as long as there are people in it it will automatically close once everyone has left okay great um so angelo any preferences on frameworks um as i said a lot of the companies have problems um setting up a security program and figuring out what they need to do first so we like to start with the prescriptive critical security controls just to get them started depending on their their business uh we can take a look at the um other um other frameworks that they can use for overall security um a lot of uh companies we deal with use in this

framework um so that seems to be a favorite um there is also um new ics guidance from nist so if you're running ics networks um you know certainly take a look at the nist guidelines oh okay best practices on network segmentation and ot um so as i said um a lot of the a lot of the customers we go into um have made decisions based on how how best to have communications between devices communications devices optimized so um there hasn't been a lot of uh thought into security around segmentations um so you know it's really hard to put in segmentation after the fact um so the the time to start about thinking about security for

segmentation um is at the beginning um so when like the the latest buzzwords on the i.t side uh is zero trust so zero trust um talks about um making sure devices are authorized and authenticated to be able to talk to each other on the ot side having authentication between devices is really hard so that you know basically the protocols don't even allow that uh there's there's no security built into the products so you're basically left with kind of firewallings and making sure that um things only um can the things that are authorized to talk to each other can talk to each other everything else is is decline is you know um is declined so um

generally what you want to do is you want to group your devices and servers by service so for instance at a wastewater treatment plant uh or let's take a municipality for instance um a municipality might run you know drinking water uh wastewater solid waste and things and other services what you want to do is you want to segment your services away from each other so a site that has for instance drinking water and waste water those devices are segmented from each other so that the drinking water devices can talk to each other with each other while um but they can't talk with the the wastewater um things so it it's really depends what you can get away with

you know keeping in mind that availability is the key thing

yeah and you know that's the thing you don't want to yeah you don't want to make your architecture so that you you have a a leg of security that's going to stop your process so that's the overall concern thank you very much have a good day everyone