3.1.1
GE Large Industrial Plant Network Architecture
The current networking architecture for GE large industrial plants uses a
design (also known as hub and
spoke) with redundant network switches. This design enables flexibility for implementation of cyber security offerings,
allowing secure access to unit control data from external customer and monitoring networks. Trunks from the root or hub
switches to the edge or spoke switches shall be single-mode fiber for all new site installations. These trunks are configured to
provide the UDH, PDH, Monitoring Data Highway (MDH), and can also provide other optional networks to further partition
network access to specified unit control equipment and data.
Network security can be implemented by adding an additional layer 3 security hardware infrastructure. Network traffic is then
regulated by an additional series of routers, switches, and firewalls. The SecurityST
*
appliance can be installed to allow for
tighter network security with or without the additional layer 3 security hardware by providing white listing and restricted
access to network devices. Various options for existing sites are available to improve network security without having to
relocate equipment or cable runs.
In the following figure, both cyber security offerings (the layer 3 hardware and the SecurityST server) are displayed as a
simplified example that is not representative of any specific installation. This industrial plant network architecture provides
flexibility to cost for sites with various security compliance requirements. A qualified GE networking engineer can determine
best fit options for particular customer facilities.
Ethernet Networks
GEH-6721_Vol_I_BP System Guide 77
Public Information