https://www.engineeringnews.co.za

Defence-in-depth security model punted for protecting industrial assets

CHRISTO BUYS
Effective defence-in-depth leads to system security that is designed into the infrastructure and becomes a set of layers within the overall network security

CHRISTO BUYS Effective defence-in-depth leads to system security that is designed into the infrastructure and becomes a set of layers within the overall network security

16th June 2017

By: Schalk Burger

Creamer Media Senior Deputy Editor

     

Font size: - +

Protecting industrial assets requires a defence-in-depth (DiD) security approach that addresses in-house and external security threats. The approach uses multiple layers of defence, including physical, electronic and procedural protection, and at separate instances by applying appropriate controls that address different types of risks.

A good security programme is 20% technology and 80% process and procedure. These processes and procedures, along with a company’s employee policies, are categorised under the nontechnical side of security, says automation multinational Rockwell Automation sub-Saharan Africa software and control systems business manager Christo Buys.

“DiD security architecture is based on the idea that any one point of protection may, and probably will, be defeated. Several procedural and technological steps must also be taken to create a secure environment. By reviewing your security operating protocol, you can identify and prioritise vulnerabilities and develop a comprehensive strategy to help reduce risks.”

DiD security is a five-layer approach of physical, network, computer, application and device security. Multiple layers of network security can help protect networked assets, data and end points, just as multiple layers of physical security can help protect high-value physical assets.

Further, collaborating in the organisation’s security policy development makes employees much more likely to abide by the policy, Buys advises. If policies are impractical or too restrictive, operators might override them and the technical controls.

The result of this process is that system security is designed into the infrastructure and becomes a set of layers within the overall network security. Attackers are faced with a difficult task to successfully break through or bypass each security layer without being detected. A weakness or flaw in one layer can be protected by the strength, capabilities or new variables introduced through other security layers.

Computer hardening involves the use of antivirus software, application whitelisting, host intrusion-detection systems and other end-point security solutions, the removal of unused applications, protocols and services, as well as closing unnecessary ports.

Computers on the plant floor, such as a human-machine interface or industrial computers, are susceptible to malware cyberrisks, including viruses and Trojans. Software patching practices work in concert with hardening techniques to help address risks.

Specifically, companies should disable software automatic updating services on personal computers; conduct an inventory of applications, and software versions and revisions on plant floor computers; and subscribe to and monitor vendor patch qualification services for patch compatibility. Companies should also schedule the application of patches and upgrades and plan for contingencies.

“It is important to focus on the system and apply the DiD strategy to the products you select,” concludes Buys.

Edited by Martin Zhuwakinyu
Creamer Media Senior Deputy Editor

Comments

Showroom

Weir Minerals Africa and Middle East
Weir Minerals Africa and Middle East

Weir Minerals Europe, Middle East and Africa is a global supplier of excellent minerals solutions, including pumps, valves, hydrocyclones,...

VISIT SHOWROOM 
Universal Storage Systems (SA)
Universal Storage Systems (SA)

South African leader in Steel -Racking, -Shelving, and -Mezzanine flooring. Universal has innovated an approach which encompasses conceptualising,...

VISIT SHOWROOM 

Latest Multimedia

sponsored by

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.071 0.123s - 157pq - 2rq
Subscribe Now