Network design goals are often functional with little consideration for security. Growth and maintenance of critical infrastructure mission-focused networks can be ad hoc and preclude large-scale technology replacements, reconfigurations, or even patching. These restrictions are contributing factors to increased vulnerabilities. Over 90% of all attacks begin with phishing and include lateral movement (Frinke 2019). Adopting a software-defined networking (SDN) approach is an effective mitigation strategy for many existing vulnerabilities. SDNs deny-by-default approach to networking restricts an adversary’s freedom of movement without impacting an organization’s mission. SDN implementations require a process that identifies an organization’s mission-specific network communications. A well-defined traffic engineering process ensures that only known devices communicate with each other on specific ports.
Revised: January 28, 2020 |
Published: December 2, 2019
Citation
Hutton W.J., A.D. McKinnon, and M.D. Hadley. 2019.Software-Defined Networking Traffic Engineering Process for Operational Technology Networks.Journal of Information Warfare 18, no. 4 (Special Edition):167-181.PNNL-SA-145034.