This article focuses on the UK’s Health and Safety Executive (HSE) Operational Guidance document, which outlines three major principles for reducing the risk of cyber attacks: 1) Protect, Detect, Respond, 2) Defense in depth, and 3) Management and organizational procedures are required. While the article refers in depth to all of the principles, it has the most to relay about defense in depth. It proposes a multi-layered cyber security protocol that includes allowing workers to only access parts of the system they need to do their jobs, isolating the network itself, utilizing a required physical manipulation of the system in order to execute broad scale changes, and, as a last resort, ensuring the presence of a physical backup that is up to date.
