As stated in #3 Minimize Control System Exposure in WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, critical infrastructure site assessments performed by CISA for the water and wastewater sector cite the most commonly identified network weakness is a lack of appropriate boundary protection controls. Furthermore, as Armis reminds, per NIST, network segmentation and segregation is one of the most effective architectural concepts that an organization can implement to protect ICS. Therefore, as it is important to understand any communication channels that exist between the industrial control system (ICS) network and other internal networks, part of that understanding also involves #1 Perform Asset Inventories. In this post, Armis discusses the importance of identifying and classifying every device and the gaps in some common network segmentation methods. Please note, this is not an endorsement of any product, but the points highlighted in the post are valuable to consider for utilities struggling with asset management and network segmentation. Read more at Armis.