As stated previously, the the context of ICS security, the CIA triad that stands for confidentiality, integrity, and availability for regular IT systems should be interpreted in the opposite order for ICS or OT systems. Availability is of much more importance, or better said, is a larger budget determinant than confidentiality or integrity. A large contributor to availability in a network is resiliency and redundancy. The terms "resiliency" and "redundancy" are often confused. The simple fact is that you can't have one without the other and both are critical to designing and deploying a highly available network solution. Redundancy means having more than one of something, such as having a backup firewall or an alternate link between two switches. Resiliency builds on top of redundancy, dictating that the firewalls should be installed on opposite ends of the facility so a single event won't wipe out both. Or, physically route the alternate switch links in different paths through your facility so when a forklift cuts through a conduit, both links will not be cut. Redundancy practices provide the network recovery, convergence, and self-healing capabilities. Some resiliency and redundancy best practices include the following:

• Industrial Zone:
  • Core switching:
    • Stacked/combined switch pairs
    • Virtual switch stack
  • Aggregation/distribution switching:
    • Stacked/combined switch pairs
    • Virtual switch stack
  • Active/standby WLC
  • Robust physical infrastructure
• Cell/area zone:
  • Redundant path topology with resiliency protocol:
    • Star topology
    • Ring topology:
      • REP
      • MSTP
    • Industrial Ethernet switching
    • Robust physical infrastructure
  • Level 3 site operations:
    • Virtual servers
    • Security and network services
    • Robust physical infrastructure
  • Industrial Demilitarized Zone:
    • Active/standby firewalls
    • Robust physical infrastructure
    • Virtual servers
  • Redundant data centers

For a detailed explanation of all these concepts and to read up on the industry best practices of building a resilient industrial network, refer to the Deploying a Resilient Converged Plantwide Ethernet Architecture Design and Implementation Guide, created by Cisco and Rockwell Automation , and free for download at:  http://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td010_-en-p.pdf.