Defense in Depth: 4 Essential Layers of ICS Security

Having been fortunate enough to work for a security company like Tripwire for a number of years, I’ve had the privilege to work with different teams in different verticals across the world. I am still amazed at how many organizations see security differently.

Some spend lots of time focusing on physical security, especially those with industrial control systems. Others are small one-man organizations that are worried about their personal data being stolen. And then there’s everything in between the two. The one great thing that I can say is that at least everyone is now talking more about security in some form.

Having dealt with all these different areas/verticals/geos, I’ve found that the end goal is usually the same for each entity, with the problem of understanding boiling down to language or some industry-specific phrasing.

A good example of that would be someone from the ICS world referring to their log management solution as the historian whereas someone in the commercial vertical knows it as a SIEM. Fundamentally, they do the same thing in gathering up all the activity or log data from devices to be forensically stored/analyzed at a later date.

Over the years, I have been trying to bridge the gap of industry jargon to try and explain that even though things might be known as something else does not mean it will provide a different function. The best way I have been able to overcome this is by using analogies.

Although there are a lot of areas that ‘security’ can play in from things like software, hardware or even physical access, below are four areas of security concerns that all organizations should maintain or at least adhere to (at a minimum).

1. Asset Management

This refers to the consistent management or awareness of devices within an organization (Read more...)