A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:
* Enterprise IT servers and supervisory industrial systems share the same subnet.
* Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.
* Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.
Which of the following re-architecture approaches would be best to reduce the company's risk?
Correct Answer: C
The best approach to reduce the company's risk is to segregate the enterprise IT servers and supervisory industrial systems. Creating a new network segment and using a Next-Generation Firewall (NGFW) to enforce a strict segmentation policy will help to isolate the systems and protect against potential attacks.
Additionally, implementing a Wireless Intrusion Detection System (WIDS) can help monitor the spectrum for unauthorized devices or interference.