Defense in Depth Concept
Dieses Thema enthält die folgenden Abschnitte:
- Purpose of the Defense in Depth Concept
- Outer defense layer: organizational measures...
- Further defense layers: protection measures...
- Inner defense layers: functional security capabilities...
Purpose of the Defense in Depth Concept
A suitable approach to counter manifold cyber threats is a Defense in Depth strategy, for example in accordance with the IEC 62443 standard. This means that a holistic approach must include a combination of technological and organizational measures.
Furthermore, a defense system must not only rely on a single measure. Instead, staggered countermeasures should be implemented, each of which represents one layer of protection. All measures should complement and reinforce each other. If an attacker succeeded in leveraging one (i.e., the outermost) measure, he would be stopped by the subsequent protection mechanism.
Example: In case of an external cyber attack via the network, one or more firewalls must first be overcome before the attacker can reach the target component. There, he must defeat a user logon, only to be stopped by internal security mechanisms. If one protective mechanism in a Defense in Depth system fails, the security model does not immediately collapse and exposes the target to the attacker.
Consequently, the Defense in Depth concept is realized through the interaction of the various security mechanisms. It is therefore also important to consider all security mechanisms in the system.
The IEC 62443 standard defines all aspects of a Defense in Depth strategy and addresses all stakeholders involved.
| Hinweis
Each stakeholder must contribute to a suitable Defense in Depth strategy by
|
| Hinweis
The weakest link in the defensive chain must determine the strength of the entire strategy. |
Outer defense layer: organizational measures...
...to be implemented by the plant owner (acc. to IEC 62443-2-1). To this end, security policies and procedures are to be defined by the plant owner.
Topics of these policies are among others:
- General security-related behavior
- Awareness and training of personnel
- Definition/review of responsibilities of plant users
- Definition/review of (user) roles
- Definition/review user access rights
- Regulations of physical access
- Implementation of an incident response plan. Such a plan contains the instructions to be carried out after an attack in order to continue the business.
- Definition of a patch management system (IEC 62443-2-3) for rolling out security patches.
Further defense layers: protection measures...
...to be implemented by design in the plant/ICS by the system integrator (acc. to IEC 62443-2-4, 3-2 and 3-3).
Examples for such defense measures are:- Network segmentation into zones and conduits
- Protection of networks by firewalls
- Access control by means of authentication
- Restriction of user actions to necessary operations only
- Secured communication using certificates
- Data protection by encryption
- Suitable procedures and policies regarding commissioning, maintenance and operation. This includes, for example,
- User management,
- Security patch management,
- Anti-malware system,
- Password policies (acc. to part IEC 62443-2-4).
Inner defense layers: functional security capabilities...
...of the components and systems used: security by design, implemented by product suppliers (addressed by the IEC 62443-3-3 and 4-2 as well as 62443-4-1 which describes the quality of the development process and includes the security by design).
Examples for such defense features of components and devices are:- Use of signed software/firmware
- Anti-malware features, such as scanners
- Whitelisting features
- Authentication and authorization mechanisms for human users and software processes on all communication channels including wireless channels. Refer to the topic "(Central) User Management" for details.
- Hardware protection measures for private vendor keys stored on a device, e.g., Trusted Platform Modules (TPM) which provide enhanced security functions thus ensuring the integrity of a hardware/operating system
- Implementation of a encrypted storages for certificates, keys and identities of system integrators and operators
- VPN (Virtual Private Network) communication interfaces
- Device management interface for updating firmware components (Patch Management)
- Logging mechanisms with a synchronized time base
- Secured communication protocols, e.g., TLS communication (Transport Layer Security), also available for wireless links.
- Support of the built-in interface with security profiles
- Use and configuration of the integrated firewalls