What is Defense in Depth?
Defense in Depth is a cybersecurity strategy that applies multiple security layers to protect systems against threats.
The idea is that if one layer of defence fails, others remain to detect, slow or block the attack. This significantly improves an organisationβs resilience, particularly in environments where availability and integrity are critical β such as industrial automation.
𧱠How does Defense in Depth work?
Rather than relying on a single security measure (such as a Firewall), a combination of technical, organisational and physical measures is applied. Together these layers protect the network, the systems, the users and the data.
π Examples of security layers
| Layer | Examples |
|---|---|
| Physical | Access controls, CCTV, locks |
| Network | Network segmentation, VLANs, firewalls, zones and conduits model |
| Access & authentication | Password policies, multi-factor authentication (MFA), Jump Server |
| Device security | Antivirus, patch management, configuration management |
| Monitoring & detection | SIEM systems, IDS/IPS, log analysis |
| Processes & policy | Security awareness training, procedures, ISO 27001 and IEC 62443 guidelines |
| Recovery & backup | Backup strategies, test plans, Incident Response (CSIR approach) |
π Defense in Depth in OT environments
In industrial automation (ICS/SCADA), Defense in Depth is applied to minimise risks arising from:
- Outdated systems without patching options
- External suppliers with temporary access
- Physical access to machinery or field equipment
- Combined IT and OT networks (convergence)
π§ A good example of Defense in Depth in OT is combining: VLANs for segmentation, a Firewall between Zones, a Jump Server for Remote Access, and read-only Historians.
π In summary
Defense in Depth is the principle of multiple, overlapping layers of security. It provides a robust and flexible approach to limiting the consequences of human error, vulnerabilities and attacks β essential for both IT and OT.