Network segmentation (IT/OT separation) in SCADA systems - Time & Space Complexity

When we separate IT and OT networks, we want to see how the work needed grows as the network size grows.

We ask: How does the time to check or manage network segments change when more devices are added?

Analyze the time complexity of the following code snippet.

// Pseudo scada_systems code for network segmentation check
function checkNetworkSegments(devices) {
  for (device of devices) {
    if (device.type == 'OT') {
      for (connectedDevice of device.connections) {
        if (connectedDevice.type == 'IT') {
          alert('IT/OT connection found');
        }
      }
    }
  }
}

This code checks all OT devices and their connections to find any IT devices connected, ensuring proper separation.

• Primary operation: Looping over all devices, then for OT devices looping over their connections.
• How many times: Outer loop runs once per device; inner loop runs once per connection of OT devices.

As the number of devices grows, the checks increase based on how many connections OT devices have.

Input Size (n)	Approx. Operations
10	About 10 outer checks plus connections of OT devices
100	About 100 outer checks plus more connections to check
1000	About 1000 outer checks plus many connections checked

Pattern observation: The total work grows roughly with the number of devices times their average connections.

Time Complexity: O(n * k)

This means the time grows with the number of devices (n) and the average connections per OT device (k).

[X] Wrong: "The time to check network segments grows only with the number of devices."

[OK] Correct: Because each OT device's connections also add work, so connections matter too.

Understanding how network checks scale helps you design systems that stay efficient as they grow.

"What if we only checked OT devices without looking at their connections? How would the time complexity change?"