Recent Breaches
Breaches
View All →
All Control Blueprints
FIRE + VAULTCP-05Path and asset together

Protect Critical Infrastructure

Keep critical systems available, controlled and disconnected from unnecessary exposure.

All Blueprints
What it does

Keep critical systems available, controlled and disconnected from unnecessary exposure.

Where it fits

OT and CNI connectivity with maintenance windows

Who uses it

Energy, Critical infrastructure, Defence, Manufacturing

CP-05 topology

How CP-05 protects critical infrastructure.

A FIRE+VAULT pattern for OT and CNI. Process zones run normally; maintenance and supervisory reach exist only through governed, time-bound conduits.

Grounded in IEC 62443-3-3 (FR 5, FR 7), NIS2 Annex I and the NCSC Cyber Assessment Framework B4.

Z0

Enterprise IT

Office, mail,

Enterprise IT zone

Office, mail, ERP, identity

FirebreakRelayLock

IT-to-OT conduit is severed by default and opened as a named window.

Z1

Supervisory and engineering

SCADA, historian,

Supervisory and engineering zone

SCADA, historian, engineering workstations

IsolateExecuteValidate

Engineering reach is scoped, approved and verified.

Z2

Process control and field

PLCs, RTUs,

Process control and field zone

PLCs, RTUs, HMIs, sensors and actuators

OSS

Crown jewels · detail callout

Operational evidence and golden image vault

Operational records and golden PLC images sealed offline for safe recovery and audit.

Modules & symbols

FirebreakPhysical sever
RelayTime-bound path
LockNamed access
IsolateZone boundary
ExecuteApproved action
ValidateIntegrity check
ConduitEnforced module path
┄┄┄
Crown jewelsOffline · detail callout
How it reads end to end

Firebreak controls connectivity at the physical layer. Isolate separates operational systems. Relay opens approved maintenance, patching or supervisory windows. Execute can revoke access instantly. Transfer governs data movement, Archive preserves operational evidence and Lock holds access tight.

Sector relevance
EnergyCritical infrastructureDefenceManufacturing
Mark Fermor
David Bailey
Kenny Phipps
Online Now
Concierge

Build control around your environment

Talk to our team about composing this Blueprint for your estate.

Takes about 2 minutes. No account needed.

Free2 minsNo sign-up

    Firevault

    Firevault is Offline Secure Storage. Hardware you own, physically disconnected by default, with KYC-verified access. Ransomware-proof by design, not by patch.

    © 2026 Firevault Limited. Disconnect to Protect®