No. Not all equipment in an OT environment has the same level of criticality. Applying maximum protection everywhere leads to disproportionate costs and complexity, which can itself harm availability.
The MVDI Principle (Minimum Viable Digital Industry)
MVDI refers to the set of digital assets vital for the proper functioning of industrial operations. The goal is to identify this critical perimeter—production PLCs, SCADA, Historian, safety systems—and focus the strongest protection measures there.
Which protection for which level of criticality?
|
Criticality Level
|
Example assets | Recommended Protection |
|---|---|---|
| Critical (MVDI) |
PLCs, SCADA, Historian, safety systems, sensitive application servers
|
Physical isolation (Electronic AirGap) |
| Important | Standard application servers, engineering workstations | Network segmentation (firewall, VLAN) |
| Standard |
Office workstations, non-critical systems
|
Standard IT security measures |
This approach aligns with IEC 62443, which formalizes differentiated security levels by zone. It maximizes risk reduction while controlling costs and operational impact.
Key takeaway — Focus maximum protection (physical isolation) on MVDI assets, and adapt security levels for other assets according to their actual criticality. This provides the best security-to-cost ratio in OT environments.
Leave A Comment