Defence-in-depth for SMEs

12 April 2018

A Whitepaper from Wago, entitled ‘IT Security in Production Facilities,’ highlights some of the main threats to automation systems used by small and medium enterprises (SMEs). It goes on to offer a 10-point plan to protect information technology (IT) and operational technology (OT) from cyber intrusion.

What is needed is a robust process that can significantly counter any attack – a ‘defence-in-depth’ approach – analysing where threats are likely to come from and taking appropriate and proportionate measures to protect against them.

Defence-in-depth involves taking a holistic approach to cyber security, considering human, procedural and structural factors as well as technical ones. It is predicated on the notion that if one layer is breached, others can either thwart an attack outright, or to detect and respond.

The first step in a defence-in-depth approach could be to guard against physical intrusion. A security fence may seem primitive, but it also may be enough to deter an attacker. Bear in mind that an intruder armed only with a USB stick can potentially bring a whole company down. Access control for restricted areas is another option.

The second step might be to use additional firewalls to establish virtual barriers between each section of the facility. The plant floor can be further subdivided using more firewalls to isolate them from the control room, which can in turn be isolated from the back office. Even dividing the plant floor into two can potentially half the damage caused by a cyber-attack.

A third step could be network monitoring. One way of doing this is to set up a honey pot – an isolated point on the network which is kept deliberately accessible. This can lure attackers in with the bait of seemingly valuable resources, which can be used to monitor unauthorised activity, see how attackers behave, and improve security accordingly. There is no single magic bullet for effective cyber security, and there are many other options and types of protection available, but just with these three simple steps, a multi-layered defence-in-depth strategy has been created.

The white paper can be downloaded at:

Contact Details and Archive...

Print this page | E-mail this page