* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/category/cybersecurity-2/)
* IEC 62443: The New Gold S...

# IEC 62443: The New Gold Standard for Network Segmentation in ICS and SCADA networks

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F04%2Fiec-62443-new-gold-standard-network-segmentation-ics-and-scada-networks%2F)  
[](https://twitter.com/share?text=IEC+62443%3A+The+New+Gold+Standard+for+Network+Segmentation+in+ICS+and+SCADA+networks&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F04%2Fiec-62443-new-gold-standard-network-segmentation-ics-and-scada-networks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2014%2F04%2Fiec-62443-new-gold-standard-network-segmentation-ics-and-scada-networks%2F&title=IEC+62443%3A+The+New+Gold+Standard+for+Network+Segmentation+in+ICS+and+SCADA+networks&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2014/04/iec-62443-new-gold-standard-network-segmentation-ics-and-scada-networks/&ts=markdown)  
\[\](mailto:?subject=IEC 62443: The New Gold Standard for Network Segmentation in ICS and SCADA networks)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Apr 16, 2014  
2 minutes  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[SCADA \& ICS](https://www.paloaltonetworks.com/blog/category/scada-ics/?ts=markdown)  
[Vertical](https://www.paloaltonetworks.com/blog/category/vertical/?ts=markdown)  
[App-ID](https://www.paloaltonetworks.com/blog/tag/app-id/?ts=markdown)  
[ICS](https://www.paloaltonetworks.com/blog/tag/ics/?ts=markdown)  
[network segmentation](https://www.paloaltonetworks.com/blog/tag/network-segmentation/?ts=markdown)  
[SCADA](https://www.paloaltonetworks.com/blog/tag/scada/?ts=markdown)  
[User-ID](https://www.paloaltonetworks.com/blog/tag/user-id/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

In the past two months, I've attended various conferences, including the [Smart Grid and SCADA Cybersecurity event in London](http://www.smi-online.co.uk/utility/uk/conference/european-smart-grid-cyber-security), where experts discussed the protection of critical infrastructure, more specifically, the electricity, gas and water distribution systems, as well as transportation and emerging smart city grids. Protecting these is paramount to avoid the socio-economical impact of a cyber attack on those grids.

What are some of the fundamental challenges?

1. Commonly used industrial protocols (Modbus, IEC 61850,...) were not designed with security in mind and lack basic authorization features;
2. Industry networks were never designed to account for potential intrusions;
3. There are numerous unpatched and unpatchable systems;
4. New technologies such as mobile computing, smart metering, and the slow but inevitable evolution towards IP-based access exposes operational networks more and more to cyberattacks.

One standard that emerges across all these discussions as a "must-deploy" best practice is IEC 62443 (formerly known as ISA99). This standard prescribes a clear definition of zones and conduits (what traditional enterprise IT would refer to as "network segmentation") to establish better control over access and security within ICS and SCADA networks.

Our approach to network segmentation and traffic control enables you to rapidly deploy the above standard guidelines without disruption to your day-to-day operations. Here are recommendations on how to apply Palo Alto Networks to further secure your environment:

1. Identify the few applications, protocols and control commands that are legitimate on any zones of your SCADA network or ICS;
2. Block everything but the above legitimate applications and systems. Our App-ID technology enables you to easily implement such tight controls at the application level;
3. Apply similar granular control to your user population using our User-ID technology;
4. Turn on our threat detection capability and block known threats and identify unknown ones.

Nos. 1-3 will drastically reduce the scope of your security challenge while providing you complete visibility into which application, user and content is on your network. No. 4 will ensure that any targeted cyber attack gets detected immediately and that its propagation within your environment is automatically stopped.

At Palo Alto Networks, we often refer to the above model as network segmentation based on a [zero-trust approach](https://www.paloaltonetworks.com/solutions/initiative/network-segmentation.html).

If you're interested in learning more about our approach to cybersecurity for SCADA systems and ICS, visit our [web page dedicated to this topic](https://www.paloaltonetworks.com/industry/scada-and-industrial-control).

*** ** * ** ***

## Related Blogs

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### All Layers Are Not Created Equal](https://origin-researchcenter.paloaltonetworks.com/blog/2019/05/network-layers-not-created-equal/)

### [カテゴリーなし](https://www.paloaltonetworks.com/blog/category/%e3%82%ab%e3%83%86%e3%82%b4%e3%83%aa%e3%83%bc%e3%81%aa%e3%81%97/?lang=ko&ts=markdown)

[#### 「レイヤーは皆平等」ではない](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/network-layers-not-created-equal/?lang=ja)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### You Want Network Segmentation, But You Need Zero Trust](https://origin-researchcenter.paloaltonetworks.com/blog/2019/01/you-want-network-segmentation-but-you-need-zero-trust/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [SCADA \& ICS](https://www.paloaltonetworks.com/blog/category/scada-ics/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### In OT Environments, Security Must Not Be an Afterthought](https://origin-researchcenter.paloaltonetworks.com/blog/2018/08/ot-environments-security-must-not-afterthought/)

### [SCADA \& ICS](https://www.paloaltonetworks.com/blog/category/scada-ics/?ts=markdown)

[#### CrashOverride/Industroyer: Protections for Palo Alto Networks Customers](https://origin-researchcenter.paloaltonetworks.com/blog/2017/06/crashoverrideindustroyer-protections-palo-alto-networks-customers/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2017 Cybersecurity Predictions: Sure Things and Long Shots](https://origin-researchcenter.paloaltonetworks.com/blog/2017/01/2017-cybersecurity-predictions-sure-things-long-shots/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language