River Caudle
OT / ICS security · field research & frameworks

Writing · 2025-08-19 · 7 min read · network design · framework

The SHIP Framework™: Industrial Network Design Methodology

A four-pillar industrial network design methodology. Standardize, Harden, Isolate, Protect. Each with philosophy, implementation steps, and maturity levels.

River Caudle · rivercaudle.com

"Building networks that actually serve the people who depend on them"

S - Standardize

"One Protocol to Rule Them All"

  • Converge on EtherNet/IP: Eliminate protocol chaos with standardized industrial Ethernet
  • Adopt CPwE Architecture: Follow proven Converged Plantwide Ethernet design patterns
  • Implement TSN Standards: Prepare for deterministic networking with IEEE 802.1 standards
  • Standardize Documentation: Every device, every VLAN, every cable - documented and current

"If you can't explain your network on one page, it's too complex"

Practical Implementation:

  • Standardize naming conventions across all devices
  • Create configuration templates for common equipment types
  • Establish documentation standards that people actually follow
  • Migrate from protocol chaos to EtherNet/IP where possible

Maturity Levels:

  • Level 1: Multiple protocols, vendor lock-in, no standards
  • Level 2: Moving toward EtherNet/IP, some standardization
  • Level 3: Standardized on EtherNet/IP with CPwE principles
  • Level 4: TSN-ready with comprehensive standards documentation

H - Harden

"Build Networks That Don't Break at 2 AM"

  • Resilient Topologies: Ring and redundant star configurations over daisy chains
  • Managed Industrial Switches: Spanning Tree, QoS, and IGMP snooping as standard
  • Environmental Protection: MICE-rated components for harsh industrial environments
  • Redundant Power: UPS systems sized for graceful shutdowns, not indefinite runtime

"Your network should survive a forklift, not just a reboot"

Practical Implementation:

  • Replace unmanaged switches with industrial managed switches
  • Implement ring topologies (DLR/REP) for critical areas
  • Deploy redundant power and environmental monitoring
  • Use proper grounding, shielding, and conformal coating

Maturity Levels:

  • Level 1: Daisy-chain topology, unmanaged switches
  • Level 2: Some managed switches, basic redundancy
  • Level 3: Ring topology with DLR/REP, industrial-grade equipment
  • Level 4: Redundant everything, environmental monitoring, predictive maintenance

I - Isolate

"Build Walls Where They Matter"

  • Network Segmentation: VLANs to separate functional areas and criticality levels
  • Industrial DMZ (IDMZ): Secure buffer zone between OT and IT networks
  • Cell-Level Independence: Each production cell operates autonomously
  • Controlled Inter-Cell Communication: Designed communication between isolated systems

"If one device getting compromised takes down your entire plant, you failed at isolation"

Practical Implementation:

  • Create functional zones (production, safety, maintenance)
  • Implement proper VLAN structures with trunk ports
  • Design separate control networks for each production cell
  • Prevent broadcast propagation between isolated areas

Maturity Levels:

  • Level 1: Flat network, no segmentation
  • Level 2: Basic VLAN segmentation
  • Level 3: IDMZ implemented, functional area separation
  • Level 4: Micro-segmentation with automated enforcement

P - Protect

"Security That Actually Works in Manufacturing"

  • Zero Trust OT: Authenticate every device, encrypt every conversation
  • Continuous Monitoring: Real-time visibility into every network conversation
  • Incident Response: OT-specific playbooks that don't assume you can "just patch it"
  • Physical Security: Lock your network cabinets like you lock your control rooms

"Security that breaks operations isn't security - it's sabotage"

Practical Implementation:

  • Access control lists (ACLs) and port security
  • Physical security considerations for network equipment
  • Maintain cell-level operational autonomy even with security measures
  • Deploy endpoint protection that doesn't interfere with operations

Maturity Levels:

  • Level 1: "Air gap" security (hope and prayers)
  • Level 2: Basic firewall, antivirus on HMIs
  • Level 3: Comprehensive monitoring, incident response plan
  • Level 4: Zero trust implementation, continuous security validation

The SHIP Assessment Framework

Rate Your Current State (1-5 for each category)

Standardize Assessment (____/20)
  • [ ] Protocol standardization and convergence (____/5)
  • [ ] IP addressing scheme management (____/5)
  • [ ] Equipment standards and consistency (____/5)
  • [ ] Documentation currency and accuracy (____/5)
Harden Assessment (____/20)
  • [ ] Topology resilience and redundancy (____/5)
  • [ ] Managed infrastructure deployment (____/5)
  • [ ] Power protection and environmental controls (____/5)
  • [ ] Performance monitoring and optimization (____/5)
Isolate Assessment (____/20)
  • [ ] Network segmentation implementation (____/5)
  • [ ] IT/OT boundary definition and control (____/5)
  • [ ] Critical system isolation (____/5)
  • [ ] Physical and logical access control (____/5)
Protect Assessment (____/20)
  • [ ] Network monitoring and visibility (____/5)
  • [ ] Security tools and procedures (____/5)
  • [ ] Backup and recovery capabilities (____/5)
  • [ ] Incident response planning and testing (____/5)

Your SHIP Score: ____/80

Scoring Guide:

  • 60-80: Advanced - Focus on optimization and advanced capabilities
  • 40-59: Intermediate - Good foundation, target specific improvements
  • 20-39: Basic - Fundamental improvements needed across multiple areas
  • 0-19: Critical - Immediate action required to prevent operational failures

SHIP Implementation Roadmap

Phase 1: Foundation (Months 1-3)

Focus: Standardize & Document

  • Complete network discovery and documentation
  • Standardize on EtherNet/IP for new installations
  • Implement basic VLAN segmentation
  • Success Metric: One-page network diagram that's actually accurate

Phase 2: Resilience (Months 4-9)

Focus: Harden Infrastructure

  • Replace unmanaged switches with industrial managed switches
  • Implement ring topologies for critical areas
  • Deploy redundant power and environmental monitoring
  • Success Metric: Zero unplanned downtime from network failures

Phase 3: Security (Months 10-15)

Focus: Isolate & Protect

  • Deploy Industrial DMZ (IDMZ)
  • Implement continuous monitoring
  • Deploy endpoint protection for critical systems
  • Success Metric: Detect and contain security incidents within 15 minutes

Phase 4: Optimization (Months 16+)

Focus: Advanced Capabilities

  • TSN implementation for time-critical applications
  • Predictive analytics for network health
  • Advanced automation and orchestration
  • Success Metric: Network actively improves operations instead of just supporting them

SHIP Quick Wins (Start Here)

Immediate Improvements (First 30 Days)

  1. Document what you have - Create that one-page network diagram
  2. Lock network cabinets - Physical security costs almost nothing
  3. Replace the worst switch - That one everyone knows is problematic
  4. Basic VLAN separation - Separate IT traffic from OT traffic

High-Impact, Low-Cost (Months 1-3)

  1. Standardize naming conventions - Make troubleshooting faster
  2. Deploy managed switches strategically - Start with critical areas
  3. Implement basic monitoring - Know when things break before production notices
  4. Create emergency procedures - What to do when networks fail

Real-World SHIP Examples

Automotive Supplier Success Story

Challenge: Random communication losses costing $5,000/hour
SHIP Solution:

  • S: Standardized on EtherNet/IP, eliminated serial protocols
  • H: Replaced daisy-chain with ring topology using DLR
  • I: Separated stamping lines into isolated VLANs
  • P: Deployed network monitoring with SMS alerts

Result: Zero network-related downtime in 18 months

Food Processing Transformation

Challenge: 24/7 operations with no maintenance windows
SHIP Solution:

  • S: Gradual migration to CPwE architecture
  • H: Hot-swappable redundant switches for critical lines
  • I: IDMZ for MES integration without operational risk
  • P: Endpoint protection that doesn't interfere with production

Result: Achieved FDA compliance while improving uptime 15%

Common SHIP Implementation Mistakes

What Doesn't Work:

  • Starting with Protect - Security without foundation fails
  • Over-engineering - Perfect is the enemy of functional
  • Ignoring operations - Solutions that break workflows get bypassed
  • All-or-nothing approach - Gradual improvement beats grand plans

What Does Work:

  • Start with Standardize - Foundation enables everything else
  • Build credibility first - Quick wins enable bigger projects
  • Include operations from day one - They have to live with your decisions
  • Iterate and improve - Good enough that gets implemented beats perfect that doesn't

Integration with Other Methods

SHIP + STREAM Troubleshooting:

  • Well-designed SHIP networks are easier to troubleshoot systematically
  • STREAM methodology works better with standardized, documented networks

SHIP + SECURE Framework:

  • SHIP provides the foundation for implementing SECURE methodologies
  • Both frameworks prioritize operational continuity over theoretical perfection

SHIP + RIVER Method:

  • Properly hardened networks reduce the frequency of RIVER troubleshooting
  • Standardized networks make RIVER troubleshooting more predictable

"SHIP isn't just about building better networks - it's about building networks that actually serve the people who depend on them."

River Caudle · river@riverman.io · Houston, Texas