If there is only one defense mechanism within the control network, and it is compromised, the rest of the ICS environment is exposed to the threat and possibly leading to safety issues. To avoid these types of scenarios, a defense-in-depth architecture is deployed within the network. Defense-in-depth includes implementing multiple security controls such as training programs or technical controls. If one line of defense is compromised, the next layer within the architecture is there to stop or to slow down the attack from spreading further. The following figure illustrates the different layers and some examples of what defense techniques can be implemented at each layer.
The DVD solution has been validated to support the defense-in-depth principal. An example of this is how all software components are validated for hardening while the solution also validates functionality with an IDMZ. These two security practices help to create multiple layers of security around the solution. For instance, if a threat actor finds a way through the network boundary (IDMZ), then the use of authentication, encryption, and authorization throughout the ICS components will mitigate any further potential compromises.