What is a Zone in the Zones and Conduits Model?
Within the zones and conduits model (as described in IEC 62443), a zone is a logical or physical group of systems, devices or processes that share similar security requirements.
A zone is used to divide industrial networks into smaller, more manageable and better-secured parts. All devices within a zone are protected against cyber threats in a comparable way.
🧠 Why use zones?
By dividing the network into zones:
- You can apply specific security measures per zone
- Access control becomes easier to manage
- You limit the impact of any attack or disruption to one area
- The system becomes clearer and more auditable
🔒 Examples of zones
| Zone | Description |
|---|---|
| PLC zone | Group of PLCs with the same security requirements |
| SCADA/HMI zone | Visualisation and operating systems, separated from the IT network |
| MES zone | Manufacturing Execution System, communicating with OT and ERP |
| ERP/IT zone | Business software, office automation, often at a different security level |
| Guest/external network | For suppliers, maintenance parties or Monitoring |
🔄 Relationship with conduits
Zones communicate with each other via Conduits: secured communication channels through which only permitted and controlled data flows take place.
🔐 A well-secured zone has minimal and tightly controlled connections to other zones.
📌 In summary
A zone is a delimited part of an industrial network in which devices and systems with similar security needs are grouped. Together with Conduits, zones form the basis for a secure, structured OT architecture as prescribed in IEC 62443.