Choosing Between Star and Ring Topologies in Industrial Control Systems (ICS)

Introduction

Industrial Control Systems (ICS) infrastructure relies on robust, resilient, and secure networking architectures. Traditional best practices for IT networks do not always translate directly to the operational technology (OT) domain, where service continuity, determinism, and safety may take precedence over pure throughput or lowest-latency connectivity. Network topology—the logical and physical arrangement of nodes and interconnections—plays a fundamental role in shaping these characteristics.

This post provides a critical technical examination of star and ring topologies for ICS networks. The discussion addresses their operational attributes, historical adoption factors, relevant protocols, and security ramifications, providing balanced guidance to CISOs, IT Directors, network engineers, and plant operators tasked with ICS network design and maintenance.

Historical Context: Evolution of ICS Networks

Early industrial automation networks were designed predominantly as point-to-point arrangements, often using proprietary links. As digital communications matured from the 1980s onward, the emergence of protocols such as Modbus, PROFIBUS, and later, Ethernet/IP and Profinet, enabled more complex topologies. Two configurations—star and ring—have emerged as principal options in modern ICS networks.

• Star Topology: Centralized hub-and-spoke design, dominating early Ethernet deployments, and standard in most IT LAN environments.

• Ring Topology: Often employed in high-availability industrial LANs and supported by deterministic redundancy protocols such as Media Redundancy Protocol (MRP) and Device Level Ring (DLR).

The widespread use of Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) systems, and Human-Machine Interfaces (HMIs) in plant floor networks has shifted focus toward topologies that maximize uptime and eases error localization.

Star Topology: Centralization, Simplicity, and Vulnerabilities

Technical Characteristics

• All devices are individually connected to a central switch or hub. The central node manages all traffic between endpoints.

• Fault isolation is direct: a failed edge link affects only the connected device.

• Modern switch-based stars (as opposed to legacy hubs) support full duplex Ethernet, VLAN segmentation, and traffic management, embedding key security zones.

Benefits in ICS Context

• Simplicity: Intuitive to design, deploy, and troubleshoot. Physical layout often mirrors logical configuration.

• Performance: Centralized switching fabric reduces broadcast domains and minimizes latency spikes.

• Scalability: Addition of nodes is straightforward—with caveats concerning central switch port limits.

• Security Segmentation: Central point-of-control allows enforcement of traffic filtering, intrusion detection, and VLAN-based zone models as formalized in the ISA/IEC 62443 cybersecurity standards.

Drawbacks and Risks

• Single Point of Failure: Central switch failure can disrupt the entire segment—directly impacting process operations if redundancy is not implemented.

• Physical Cable Management: With increasing nodes, cable density at the central switch can become unwieldy and fault-prone.

• Network Expansion: Physical plant constraints may hinder running dedicated home-run connections to a central location.

Annotation: Historically, star networks became feasible in ICS with the ubiquity of managed industrial-grade switches offering redundant power supplies and hot-swappable modules, partially offsetting central node vulnerability.

Ring Topology: Resilience and Determinism

Technical Characteristics

• Each node connects to exactly two other nodes, forming a continuous pathway for signals—a logical ‘ring’ of communications.

• Modern ring networks typically incorporate failover protocols: MRP (IEC 62439-2), DLR (used in EtherNet/IP), or Rapid Spanning Tree Protocol (RSTP).

• In failure events (cable cut, device failure), these protocols automatically re-route traffic in subseconds, preserving path continuity.

Benefits in ICS Context

• High Availability: Redundant pathways result in resiliency critical for process safety and continuous operation environments.

• Determinism: Properly implemented industrial ring protocols maintain predictable failover times (often <1 second), crucial for fieldbus replacement and real-time data requirements.

• Cost-Effective Redundancy: Fewer central devices required; often easier to loop through plant floors, especially where physical cable runs must follow production lines.

Drawbacks and Risks

• Configuration Complexity: Misconfigured rings can result in broadcast storms, “count to infinity” loops, or delayed convergence.

• Diagnostic Challenge: Locating and isolating faults may be less intuitive than in a star topology (especially under protocol-induced path re-routing scenarios).

• Device Vendor Lock-in: Some proprietary ring protocols hinder interoperability between switch manufacturers, complicating life-cycle maintenance and upgrades.

• Potential Cascading Failure: Multiple simultaneous failures may still isolate significant parts of the network, unless dual or interleaved rings are architected.

Annotation: The industrial adoption of MRP and DLR in the 2000s allowed Ethernet to satisfy the high-availability and deterministic failover requirements that were previously the domain of fieldbus systems and proprietary token rings.

Security Considerations: Attack Surface and Compartmentalization

Industrial networks frequently underlie critical processes, so network topology decisions must consider attack surface exposure and defensive containment. Star topologies can establish clear network zones with defined chokepoints, ideal for deep packet inspection, intrusion monitoring, and access control. Ring topologies, while less granular in segmentation, emphasize operational continuity by limiting the likelihood of complete network isolation after a single fault.

• Impact of a Compromised Node: In rings, lateral traversal is easier if devices are unsegmented. Vigilance in edge device hardening is paramount.

• Patch Management: Maintenance windows are more challenging to coordinate without disrupting ring integrity—risking unintentional exposure during upgrades.

• Protocol Security: Many ring redundancy protocols are not cryptographically protected, making them susceptible to spoofing or denial-of-service if not segregated via VLANs, firewalls, or ACLs from less trusted zones.

Successful IT/OT collaboration is essential to ensure that security controls—rooted in IT standards—respect the operational imperatives and unique failure modes of ICS networks.

Practical Decision Criteria for Topology Selection

1. Process Criticality: If uptime and safety are paramount (e.g., chemical, energy production), favor redundant ring or dual-ring topologies.

2. Scalability and Expansion: For rapidly changing or expanding plants, a star design may better accommodate incremental node additions.

3. Physical Constraints: Assess feasibility and cost of plant-wide cabling runs versus local switch installations.

4. Operational Model: If centralized monitoring and clear network zoning are strategic priorities, star topology simplifies segmentation.

5. Support Skills: Evaluate operations teams’ familiarity and comfort with MRP/DLR/PRP protocols versus conventional Ethernet switching.

Hybrid Models and Contemporary Practices

Most modern ICS environments do not adhere strictly to a single topology. Hybrid architectures—where local rings connect back to a star-wired distribution/core—provide a balance between resilience, security, and manageability. Recent IEC 62443 guidance encourages "defense-in-depth" through clear segmentation, redundant pathways, and careful layering of trust boundaries, regardless of physical topology.

Newer developments such as Parallel Redundancy Protocol (PRP) or time-sensitive networking (TSN) may further influence topology design, by enabling seamless, zero-failover path diversity at the protocol layer.

Conclusion

There is no universal “best” topology for ICS environments; operational needs, risk appetite, and existing infrastructure legacy all factor into the design calculus. Decision-makers should use a granular threat and failure analysis, referencing both IT security and OT reliability frameworks. Iterative risk assessments and periodic reviews are recommended as plants evolve and as cyber-physical threats intensify.

Judicious topology selection, paired with disciplined network management and IT/OT collaboration, underpins the availability, reliability, and security of contemporary industrial networks.