With the recent proliferation of cyber attacks, it has become increasingly clear that no business or industry is safe from attack. It is well documented that cyber security threats continue to rise. While these threats once seemed to be mostly limited to attempts to access financial data, recent data indicates that cyber attacks now cut across all business sectors. Security vendor Symantec recently revealed that 75% of enterprises on a global basis witnessed some form of cyber attack during 2009.
As the threat becomes more apparent for industrial applications, what can factory operations and IT management do to prepare for and fend off attacks resulting from unauthorized network access, cyber theft, and cyber attacks where malicious invaders destroy or corrupt important monitoring and/or control data? It also pays to look at the ways that cyber security and physical security can merge into an integrated security solution targeted using IP. An integrated solution strategy can make sure that only authorized employees have access to sensitive equipment and information, as well as monitor the actions of employees who may be security threats either through intention or human error.
Defense in Depth is a layered security approach that uses several forms of network security to protect against intrusion from physical and cyber-borne attacks. The layers are setup to work in parallel, one technology overlapping, in many cases, with another; together they form a significant safeguard against attack.
Traditional examples of layering technologies include:
- Firewalls and DMZs (Demilitarized Zones)
- VPNs (Virtual Private Networks)
- VLANs (Virtual Local Area Network)
- Secure Access Manager and Authentication Systems
- Centralized Logging and Auditing
- Video Surveillance Technologies and Physical Access Control
Fortunately there are readily available, off-the-shelf, industrial-strength networking equipment, and cost-effective tools, systems, and partners to work with to deploy Defense in Depth protection for any type of industrial network. Defense in Depth is not a one-time goal but a continual process of assessing network vulnerabilities, updating security policies and adding emerging technologies in a continues cycle in order to protect valuable cyber and physical assets.