Defence-in-Depth is a cybersecurity strategy that applies multiple independent layers of protection throughout an Industrial Automation and Control System (IACS). Rather than relying on a single perimeter defence, security is implemented across the network, systems, users and operational processes.
The fundamental assumption is not if an attacker gains access, but when. Security is therefore designed to prevent attacks where possible, detect them quickly, slow attacker progression, minimise the impact of a successful compromise and enable rapid recovery.
A successful defence-in-Depth strategy aims to:
Key Principle: No single security control is sufficient. Multiple independent and overlapping controls provide resilience against cyber threats.
An effective defence-in-Depth strategy ensures that:
Defence-in-Depth is a risk-based approach, not a fixed architecture. Critical assets generally require additional layers of protection.
Defence-in-Depth is commonly compared to defending a medieval castle. Each defensive layer provides an independent barrier that an attacker must overcome before reaching critical assets.
| Castle Component | Cybersecurity Layer | Purpose |
|---|---|---|
| Moat | Perimeter Security | Firewalls, DMZs and filtered external communications. |
| Castle Walls | Network Segmentation | Zones and conduits limit lateral movement. |
| Drawbridge | Controlled Connectivity | Secure remote access and trusted communications. |
| Gate | Access Control | Authentication, MFA, RBAC and Least Privilege. |
| Watch Towers | Monitoring & Detection | IDS, SIEM and continuous monitoring. |
| Guards | People & Governance | Security awareness, procedures and incident response. |
| Inner Keep | Critical System Protection | Protect PLCs, DCS, SIS and HMIs through hardening and endpoint security. |
| Escape Tunnels | Backup & Recovery | Backups, disaster recovery and business continuity. |
Protects industrial networks from external threats before they reach operational systems.
Examples
Divides the industrial network into secure zones connected by controlled conduits.
Benefits
Ensures only authorised users can access industrial systems.
Examples
Protects devices directly responsible for controlling industrial processes.
Examples
Provides visibility into abnormal activity and potential cyber incidents.
Examples
Technology alone cannot secure an Industrial Automation and Control System.
Includes
Ensures industrial operations can be restored following a cyber incident.
Includes
defence-in-Depth should be implemented across multiple dimensions of an industrial control system.
| Layer | Examples |
|---|---|
| Physical | Locked cabinets, fencing, CCTV and physical access control. |
| Network | Firewalls, VLANs, zones and conduits. |
| System | PLC hardening, endpoint protection, application whitelisting and patching. |
| Identity | MFA, RBAC and Least Privilege. |
| Operational | Procedures, change control and incident response. |
| Recovery | Backups, disaster recovery and business continuity. |
defence-in-Depth recognises that no single security control can completely protect an Industrial Automation and Control System. Instead, multiple independent and complementary layers work together to prevent attacks, detect malicious activity, slow attacker progression and ensure industrial operations can be safely restored following an incident.
A successful cyberattack should require an attacker to bypass multiple independent security layers rather than exploiting a single weakness.