Defense in Depth strategies – Part 2
Introduction to Defense-in-Depth strategy elements
Defense in Depth is a combination of people, technology, operations, and adversarial awareness that creates a shield of security countermeasures. The setup of this shield must constantly be adjusted and refined to protect against known and emerging threats.
Applying Defense-in-Depth strategies to ICS environments improves security by raising the “cost” of an intrusion while improving the probability of detection and capability to defend against a malicious threat actor. Security countermeasures, based on best practices and standards, protect the ICS critical assets through multiple layers of defenses, thereby improving protection for operations, personnel, and technology.
Using multiple layers helps prevent direct attacks against critical systems and greatly increases the difficulty of reconnaissance activities on ICS networks and systems while providing natural areas for the implementation of intrusion-detection technologies.
The end goal is to reduce the opportunities for an adversary to take advantage of the ability to move laterally through an entity’s networks/systems and force the adversary to have a greater capability in order to accomplish their goal (increasing the cost of the intrusion to the threat actor).
There are variously available and recommended solutions and strategies for Defense-in-Depth security. In order to protect their critical assets in the most effective way while keeping the ICS functionality unhindered, organisations should implement these solutions and strategies to create layers of defenses.