---
title: "The SHIP Framework™ — Industrial Network Design Methodology"
description: "A four-step methodology for designing industrial networks that actually serve the people who depend on them. Standardize, Harden, Isolate, Protect. Originated by River Caudle."
canonical: "https://rivercaudle.com/ship/"
author: "River Caudle"
keywords:
  - SHIP Framework
  - industrial network design
  - OT network architecture
  - CPwE
  - EtherNet/IP
  - industrial DMZ
  - IDMZ
  - TSN
  - network segmentation
  - ICS network design
  - plant floor network
  - Standardize Harden Isolate Protect
  - River Caudle
  - Riverman
robots: index, follow
license: Riverman Fair License v2.0
---

# The SHIP Framework™

**Industrial network design methodology.**

> "Building networks that actually serve the people who depend on them."

Originated by [River Caudle](https://rivercaudle.com/). Used under the [Riverman Fair License v2.0](https://rivercaudle.com/license/).

---

## Why this exists

Most plant networks weren't designed — they accumulated. Daisy chains. Unmanaged switches. Forty years of bandaids on bandaids. **SHIP is what you do when you finally decide to design the thing.**

Four steps: *Standardize, Harden, Isolate, Protect.* The order matters. You cannot Protect what you didn't Isolate; you cannot Isolate what you didn't Harden; you cannot Harden what you didn't Standardize.

---

## Overview

| Step | Action                              | Anchor concepts                        |
|:----:|-------------------------------------|-----------------------------------------|
| **S** | Standardize — one protocol to rule them all | EtherNet/IP · CPwE · TSN · documentation |
| **H** | Harden — networks that don't break at 2 AM  | Ring topology · managed switches · MICE · UPS |
| **I** | Isolate — build walls where they matter     | VLANs · IDMZ · cell-level independence |
| **P** | Protect — security that actually works      | Zero Trust OT · monitoring · IR · physical |

---

## S — Standardize

**Tagline:** *One protocol to rule them all.*

### What it means
- **Converge on EtherNet/IP** — eliminate protocol chaos with standardized industrial Ethernet
- **Adopt CPwE architecture** — proven Converged Plantwide Ethernet design patterns
- **Implement TSN standards** — prepare for deterministic networking (IEEE 802.1)
- **Standardize documentation** — every device, every VLAN, every cable, current

### Maturity levels
- **L1** — multiple protocols, vendor lock-in, no standards
- **L2** — moving toward EtherNet/IP, some standardization
- **L3** — standardized on EtherNet/IP with CPwE principles
- **L4** — TSN-ready with comprehensive standards documentation

> *"If you can't explain your network on one page, it's too complex."*

---

## H — Harden

**Tagline:** *Networks that don't break at 2 AM.*

### What it means
- **Resilient topologies** — ring and redundant star over daisy chains
- **Managed industrial switches** — STP, QoS, IGMP snooping as standard
- **Environmental protection** — MICE-rated components for harsh environments
- **Redundant power** — UPS sized for graceful shutdown, not indefinite runtime

### Maturity levels
- **L1** — daisy chain, unmanaged switches
- **L2** — some managed switches, basic redundancy
- **L3** — ring topology with DLR/REP, industrial-grade equipment
- **L4** — redundant everything, environmental monitoring, predictive maintenance

> *"Your network should survive a forklift, not just a reboot."*

---

## I — Isolate

**Tagline:** *Build walls where they matter.*

### What it means
- **Network segmentation** — VLANs to separate functional areas and criticality levels
- **Industrial DMZ (IDMZ)** — secure buffer zone between OT and IT
- **Cell-level independence** — each production cell operates autonomously
- **Controlled inter-cell communication** — designed paths between isolated systems

### Maturity levels
- **L1** — flat network, no segmentation
- **L2** — basic VLAN segmentation
- **L3** — IDMZ implemented, functional area separation
- **L4** — micro-segmentation with automated enforcement

> *"If one device getting compromised takes down your entire plant, you failed at isolation."*

---

## P — Protect

**Tagline:** *Security that actually works in manufacturing.*

### What it means
- **Zero Trust OT** — authenticate every device, encrypt every conversation
- **Continuous monitoring** — real-time visibility into every network conversation
- **Incident response** — OT-specific playbooks that don't assume you can "just patch it"
- **Physical security** — lock your network cabinets like you lock control rooms

### Maturity levels
- **L1** — "air gap" security (hope and prayers)
- **L2** — basic firewall, antivirus on HMIs
- **L3** — comprehensive monitoring, incident response plan
- **L4** — Zero Trust implementation, continuous security validation

> *"Security that breaks operations isn't security — it's sabotage."*

---

## Implementation Roadmap

### Phase 1 — Foundation *(Months 1–3)*
**Focus:** Standardize & document
- Complete network discovery and documentation
- Standardize on EtherNet/IP for new installations
- Implement basic VLAN segmentation
- **Success metric:** A one-page network diagram that's actually accurate

### Phase 2 — Resilience *(Months 4–9)*
**Focus:** Harden infrastructure
- Replace unmanaged switches with industrial managed switches
- Implement ring topologies for critical areas
- Deploy redundant power and environmental monitoring
- **Success metric:** Zero unplanned downtime from network failures

### Phase 3 — Security *(Months 10–15)*
**Focus:** Isolate & Protect
- Deploy Industrial DMZ (IDMZ)
- Implement continuous monitoring
- Deploy endpoint protection for critical systems
- **Success metric:** Detect and contain security incidents within 15 minutes

### Phase 4 — Optimization *(Months 16+)*
**Focus:** Advanced capabilities
- TSN implementation for time-critical applications
- Predictive analytics for network health
- Advanced automation and orchestration
- **Success metric:** The network actively improves operations instead of just supporting them

---

## Quick Wins

### First 30 days (immediate)
1. **Document what you have** — create that one-page network diagram
2. **Lock network cabinets** — physical security costs almost nothing
3. **Replace the worst switch** — the one everyone knows is problematic
4. **Basic VLAN separation** — separate IT traffic from OT traffic

### Months 1–3 (high-impact, low-cost)
1. **Standardize naming conventions** — make troubleshooting faster
2. **Deploy managed switches strategically** — start with critical areas
3. **Implement basic monitoring** — know when things break before production notices
4. **Create emergency procedures** — what to do when networks fail

---

## Common Implementation Mistakes

### What doesn't work
- **Starting with Protect** — security without foundation fails
- **Over-engineering** — perfect is the enemy of functional
- **Ignoring operations** — solutions that break workflows get bypassed
- **All-or-nothing approach** — gradual improvement beats grand plans

### What does work
- **Start with Standardize** — foundation enables everything else
- **Build credibility first** — quick wins enable bigger projects
- **Include operations from day one** — they have to live with your decisions
- **Iterate and improve** — good enough that gets implemented beats perfect that doesn't

---

## Closing

> *"SHIP isn't just about building better networks — it's about building networks that actually serve the people who depend on them."*

---

## See also

- **SECURE Method™** — how to defend a SHIP network: <https://rivercaudle.com/secure-method/>
- **RIVER Method™** — how to troubleshoot at the cabinet: <https://rivercaudle.com/river/>
- **STREAM Method™** — how to troubleshoot what RIVER can't catch: <https://rivercaudle.com/stream/>
- **Frameworks index**: <https://rivercaudle.com/frameworks/>
- **Riverman Fair License v2.0**: <https://rivercaudle.com/license/>

---

*Document — The SHIP Framework™ · Originator — R. Caudle · Rev. 01 · Issued Houston, Texas, 2026.05.11*