Defence-in-depth security model punted for protecting industrial assets
CHRISTO BUYS Effective defence-in-depth leads to system security that is designed into the infrastructure and becomes a set of layers within the overall network security
Protecting industrial assets requires a defence-in-depth (DiD) security approach that addresses in-house and external security threats. The approach uses multiple layers of defence, including physical, electronic and procedural protection, and at separate instances by applying appropriate controls that address different types of risks.
A good security programme is 20% technology and 80% process and procedure. These processes and procedures, along with a company’s employee policies, are categorised under the nontechnical side of security, says automation multinational Rockwell Automation sub-Saharan Africa software and control systems business manager Christo Buys.
“DiD security architecture is based on the idea that any one point of protection may, and probably will, be defeated. Several procedural and technological steps must also be taken to create a secure environment. By reviewing your security operating protocol, you can identify and prioritise vulnerabilities and develop a comprehensive strategy to help reduce risks.”
DiD security is a five-layer approach of physical, network, computer, application and device security. Multiple layers of network security can help protect networked assets, data and end points, just as multiple layers of physical security can help protect high-value physical assets.
Further, collaborating in the organisation’s security policy development makes employees much more likely to abide by the policy, Buys advises. If policies are impractical or too restrictive, operators might override them and the technical controls.
The result of this process is that system security is designed into the infrastructure and becomes a set of layers within the overall network security. Attackers are faced with a difficult task to successfully break through or bypass each security layer without being detected. A weakness or flaw in one layer can be protected by the strength, capabilities or new variables introduced through other security layers.
Computer hardening involves the use of antivirus software, application whitelisting, host intrusion-detection systems and other end-point security solutions, the removal of unused applications, protocols and services, as well as closing unnecessary ports.
Computers on the plant floor, such as a human-machine interface or industrial computers, are susceptible to malware cyberrisks, including viruses and Trojans. Software patching practices work in concert with hardening techniques to help address risks.
Specifically, companies should disable software automatic updating services on personal computers; conduct an inventory of applications, and software versions and revisions on plant floor computers; and subscribe to and monitor vendor patch qualification services for patch compatibility. Companies should also schedule the application of patches and upgrades and plan for contingencies.
“It is important to focus on the system and apply the DiD strategy to the products you select,” concludes Buys.
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation