Defence in depth

Two things drew my attention last week to the importance of defence in depth. One was a discussion about the economics of security, and the importance of ensuring that business cases take account of the need for additional layers of security from the outset. The other was a feature in Wired magazine last year brought to my attention by Team Cymru‘s excellent information service. 
Defence in depth is a long standing principle of security. It compensates for the inescapable fact that all countermeasures fail from time to time, for a variety of reasons, including human failings, technical glitches, insider threats or simply because they are not resistant to all forms of attack. A similar model, the ‘Swiss cheese’ approach, is used in the safety field, which has always accepted that mistakes are an inevitable fact of life. The difference with security is that there are a lot more deliberate, determined threats to subvert countermeasures.
Defence in depth can reduce the overall cost of security, as well as compensate for known deficiencies in countermeasures. The latter use is especially important in physical intrusion detection systems, as monitoring technologies have known weaknesses. That explains why bank vaults require so many layers of security, and also why these measures can occasionally be defeated by an exceptionally sophisticated attacker with inside knowledge. This last point was underlined by the article in Wired magazine, based on an interview with Leonardo Notarbartolo, sentenced for 10 years for leading a five-man gang who broke into a vault in 2003 beneath the Antwerp Diamond Centre and made off with $100 million worth of diamonds, gold, jewellery and other spoils. 
The vault was thought to be impenetrable, protected behind 10 layers of security, including infrared heat detectors, Doppler radar, a magnetic field, a seismic sensor, and a lock with 100 million possible combinations. Clearly, this was a flawed assumption. No technical or human countermeasures are completely foolproof. Each can be circumvented, given enough knowledge, time and determination. That’s why it’s not a sensible strategy to leave a vault containing such valuable contents unattended over a weekend. Nor is it sensible to rely on a single layer of protective security for sensitive data in a networked infrastructure. 

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

It's too bad that we even have to worry about defense. If we could invest our attention into schools the world would be a much better place! It's never too late to be what you might have been. George Eliot