Defense in depth is a concept of cybersecurity that involves applying multiple layers of protection to a system or network, so that if one layer fails, another layer can prevent or mitigate an attack. Defense in depth is based on the principle that no single security measure is perfect or sufficient, and that multiple countermeasures can provide redundancy and diversity of defense. Defense in depth can also increase the cost and complexity for an attacker, as they have to overcome more obstacles and exploit more vulnerabilities to achieve their goals. Defense in depth is one of the key concepts of the ISA/IEC 62443 series of standards, which provide guidance and best practices for securing industrial automation and control systems (IACS). The standards recommend applying defense in depth strategies at different levels of an IACS, such as the network, the system, the component, and the policy and procedure level. The standards also define different zones and conduits within an IACS, which are logical or physical groupings of assets that share common security requirements and risk levels. By applying defense in depth strategies to each zone and conduit, the security of the entire IACS can be improved. References:
ISA/IEC 62443-1-1:2009, Security for industrial automation and control systems - Part 1-1: Terminology, concepts and models1
ISA/IEC 62443-3-3:2013, Security for industrial automation and control systems - Part 3-3: System security requirements and security levels2
ISA/IEC 62443-4-1:2018, Security for industrial automation and control systems - Part 4-1: Product security development life-cycle requirements3
ISA/IEC 62443-4-2:2019, Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components4
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit