Zones and Conduits (IEC 62443)

Industrial/ICS 🏭 • Difficulty: premium

Definition

Zones group IACS assets with similar risk and security needs; conduits are the controlled, monitored pathways that connect those zones and enforce policy between them.

Examples

A plant puts PLCs and HMIs for a packaging line in a production zone and connects it to the site historian through a read-only conduit.
A safety system (SIS) sits in its own high-integrity zone, with a one-way data diode conduit to the OT historian and no inbound control paths.

Discover 🔎

Zones and conduits are the core segmentation model in IEC 62443. Instead of one flat network, you group assets that share similar consequences, trust, and security requirements into zones, then connect those zones only through defined conduits that apply controls (firewalls, proxies, diodes, VPNs). This limits blast radius, clarifies responsibilities, and makes security policies auditable and testable.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.