When you can't see the forest for the domains: why a two forest model should be used to achieve logical segregation between SCADA and corporate networks

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University

Place of Publication

Perth, Western Australia


Faculty of Computing, Health and Science


School of Computer and Security Science / Centre for Security Research




Woodward, A., & Turner, B. (2009). When You Can’t See the Forest for the Domains: Why a Two Forest Model Should be Used to Achieve Logical Segregation Between SCADA and Corporate Networks. In proceeding of the 10th Australian Information Warfare and Security Conference. Edith Cowan University, Perth Western Australia. Available here


The increasing convergence of corporate and control systems networks creates new challenges for the security of critical infrastructure. There is no argument that whilst this connection of what was traditionally an isolated network, to a usually internet enabled corporate network, is unavoidable, segregation must be maintained. One such challenge presented is how to properly and appropriately configure an active directory environment to allow for exchange of required data, but still maintain the security goal of separation of the two networks. This paper argues that while separate domains may seem to achieve this goal, the reality is that a domain is not a security boundary, and in fact does not effectively segregate the networks. A more secure and robust barrier can be created through the creation of separate forests, which still allows for one-way trust relationships to be established between the two forests for authentication and data exchange. The paper concludes that there is no loss of functionality or communication through the use of two forests, but there is a loss of security if using one.



Access Rights




Link to publisher version (DOI)