|Description||Protection from SCADA Networks: Telecom/Datacomm OAM&P networks for Service Providers and Network Operators should be isolated from other OAM&P networks, e.g., SCADA networks, such as for power, water, industrial plants, pipelines, etc.
· Isolate the SCADA network from the OAM&P network (segmentation)
· Put a highly restrictive device, such as a firewall, as a front-end interface on the SCADA network for management access.
· Use an encrypted or a trusted path for the OAM&P network to communicate with the SCADA "front-end."
|Industry Role(s)||Service Provider; Network Operator|
|Keyword(s)||Cyber Security;Encryption;Network Design;Network Elements;Network Operations;|
|Reference/Comments||Note: Service providers MAY provide an offer of 'managed' SCADA services or connectivity to other utilities. This should be separate from the provider's OAM&P network. ITU-T Rec. X.1051.|