After the appearance of Stuxnet, the safety assurance against cyber-attacks has been a serious problem for process control. For safety assurance, not only information system securing approaches but also process control original measures are necessary. In this paper, a new protection approach is proposed. Application of an information system securing technique called "zones and conduits" to process control is discussed. By dividing the control system network into plural zones, higher possibility of detecting cyber-attacks and preventing operational accidents can be achieved. By defining detectability and reachability matrices, zone division for cyber-attack detection can be designed. (C) 2013 Elsevier Ltd. All rights reserved.