Blog title "Applying the Principles of Defense in Depth in ICS Cybersecurity"

Applying the Principles of Defense in Depth in ICS Cybersecurity

Dan Ricci,
Engagement and R&D Director

In our blog defining Defense in Depth, we explained briefly why the approach should be applied to industrial control systems (ICS), and highlighted some examples of threats these industrial environments face that Defense in Depth could address.

Defense in Depth is an approach to designing a complete security program, rather than a prescriptive list of things that need to be implemented.

This blog will go deeper into three core principles that form the basis of the approach behind Defense in Depth, as well as examples of how these principles might look in practice to form a comprehensive security strategy.

Taking a Layered Security Approach

Layered security is a fundamental principle of Defense in Depth, encompassing various aspects of security, including physical security, network architecture, perimeter security, host security, and monitoring.

One example of layered security is in segmentation and zoning. As the name suggests, this is the practice of breaking the environment into segments or zones based on the criticality or sensitivity of the components and implementing firewalls and other protections between these segments. Firewalls and other protections between these zones, as well as a DMZ (demilitarized zone) between these sections, can prevent unauthorized lateral movement and provide additional opportunities to detect bad actors.

For systems with physical components, physical security controls such as cameras, alarms, secure enclosures, and policies around who has access to these areas and when can protect industrial equipment from theft or tampering.

This approach combines elements such as field electronics lockdown, access controls, firewalls, intrusion detection systems, etc. to ensure that even if one layer or security measure is compromised, there are others in place to provide additional protection. Each layer adds an additional level of defense, making it more challenging for cyber intruders to breach the system.

Effective layered security ensures that even if one layer is compromised, others remain intact, reducing the likelihood of successful cyberattacks and potential consequences.

Create Diversity in Security Controls

Diversity is an essential principle within Defense in Depth that complements the layered security approach, emphasizing the importance of using a variety of security measures, standards, and technologies.

This principle acknowledges that a one-size-fits-all approach is inadequate for control systems security. Every ICS environment is uniquely built to serve a single purpose or operation, meaning that each security program should take these nuances into consideration.

Some examples of diversity in a security program built specifically for industrial systems include utilizing a mix of different hardware and software solutions from different vendors, making it difficult to find and exploit a single vulnerability to access the entire environment.

Another example might be in implementing diverse monitoring techniques. Leveraging signature-based monitoring looking for known attack patterns, as well as continuously monitoring network activity and asset communications for anomalous behavior provides multiple opportunities for defenders to identify and address a potential compromise.

Diverse security measures, standards, and policies, along with a strong focus on employee training and awareness, make it more challenging for attackers to enter and compromise the environment, enhancing overall resilience.

Build Redundancy and Backups

Redundancy is another critical component of Defense in Depth, and it extends to various elements within control systems. It involves duplicating critical components and systems, including field devices, virtual machines, and jump servers.

Examples of redundancy implemented within an ICS environment might involve creating backups of processes and whole systems. This might be through entire redundant control systems and communication paths, allowing the alternative system, network route, or communication protocol to be utilized in the event that the preceding system becomes compromised or otherwise fails.

Redundancy can also be implemented for physical devices, such as sensors and actuators. In the event that a sensor is compromised, gives an unexpected reading, or otherwise fails, a redundant sensor can be accessed to double check the number for more accurate data or to confirm that the initial reading is correct and that the issue should be investigated further.

By having backup systems and failover mechanisms in place, control systems can maintain functionality and operational integrity in the event of disruptions. Redundancy is crucial for minimizing downtime and ensuring the reliability of control processes.

Defense in Depth Principles Complementing Security

These interconnected Defense in Depth principles, along with the additional considerations and requirements for the environment, collectively form a comprehensive and adaptable security strategy for control systems. Together, they consider not only the technical aspects of security but also the human element, such as policies, procedures, and training, to create a robust defense against cyber threats.

Factors like risk management, vendor management, and leveraging cloud services also play pivotal roles in implementing these principles effectively.

With foundational Defense in Depth principles in mind, these elements contribute to a layered, redundant, and diverse security posture that is essential for safeguarding critical infrastructure in control systems.

Effectively implementing Defense in Depth into an industrial environment starts with an understanding of the assets and devices you’re trying to protect. If you’re just starting to establish visibility into your environment, or want to conduct a more detailed asset discovery project, reach out to the SynSaber team to see how we can help.