Keywords
How to Cite
Abstract
In this paper we propose a defense-in-depth IoT architecture that uses multiple layer security measures involving two security mechanisms in discovering and understanding attack vectors. The advantage is that the impact of failure in any one measure is minimized. The defense-in-depth architecture uses firewalls, demilitarized zones, intrusion detection and prevention systems along with associated security policies. For data acquisition and abstraction, we use multiple-tier data models with REST API at the bottom layer and a system process in extracting, processing and feeding data to the application API. Using the newly proposed architecture, we are implementing a water treatment SCADA system that has more than 3,000 PLCs. The data acquisition layer uses US Department of Defense developed API to collect data. The defense-in-depth architecture reduces the risk to IoT networks. Initial tests show that the proposed architecture has the advantages of easy connecting various sensors and reducing the risks of cyber intrusions.
Open Access License Notice:
This article is © its author(s) and is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). Beginning with Volume 13 (2026), this license is included directly within all published PDFs. For earlier articles, a cover page has been added to indicate the correct licensing terms. Any legacy copyright or pricing statements appearing within the PDF reflect prior print production workflows and do not represent the Journal’s current open access policy. For full details, please see the Journal’s License Terms.