InfoSec, structural engineering, and the Security Architecture Playbook
IT security lessons from ancient Babylon
Published 16:04, 22 November 12
Japan suffered a devastating disaster of unspeakable proportions last year. A massive earthquake on the eastern coast of the country triggered a deadly tsunami which caused the flooding of the Fukushima nuclear power plant. Three dominos fell at once, resulting in a significant and tragic loss of life and property.
I visited Japan earlier this year. As I traveled throughout the Tokyo area, I couldn’t see any evidence of these disasters. I asked several residents of the city and all told me that the earthquake did not affect the rest of Japan very much. They all discussed how ready Japan was for earthquakes, having suffered many over the centuries. It was in Tokyo that I learned that not many people actually died as the result of the earthquake.
Most of the deaths were the result of drowning in the flood waters created by the tsunami. Over and over again, the people I met wanted to talk about how well their buildings were designed to resist the destructive force of earthquakes.
In 2003 a much smaller earthquake struck Iran. Measuring 6.6 (versus 9.0) the Bam earthquake had much less energy but was more destructive than the 2011 Japanese earthquake. (Data provided by United States Geological Survey)
Date Location Magnitude Deaths
12-26-2003 Southeastern Iran 6.6 31,000
03-11-2011 Honshu, Japan 9.0 15,703
The difference between the two events is that the Japanese anticipated the destructive force of a major earthquake and the Iranians did not. Only 3.4 percent of deaths in Japan were the direct result of the earthquake while over 90% were caused by drowning in the wake of the tsunami. In Iran, however, the buildings collapsed under the earthquake’s energy. The buildings were not designed to resist a quake and therefore resulted in a massive death toll. It appears that building codes in this part of Iran were not being followed or enforced.
The importance of structural engineering has long been recognised as a cornerstone of civilized societies. If we go back almost 4000 years we see the Babylonian king Hammurabi concerned with the very same issues. Around 1760 BC, he issued what is known as Hammurabi’s code which laid the foundation for modern structural engineering:
Hammurabi understood that firm structure must be designed into everything that was built. Unfortunately, this is not a lesson that we in the networking world have truly understood and taken to heart yet. Every year many organisations fall down under the weight of various types of cyber-attacks and every year we rebuild them in the very same fragile way.
Imagine if your plumber designed your house. He would put the bathroom in the garage next to the water heater because that would be the most efficient way to install the bathroom. The pipe runs would be short, the hot water would get to the shower quickly, and the workmanship could be shoddy because if there was a flood only the garage would get wet.
While this type of design is in the best interest of the plumber, it would make your home unlivable.
Well that’s exactly what we’ve done in the world of IT and computer networking. We’ve let the plumbers design our house. Network professionals - while they have a critical role - should not be designing our houses. As a former network engineer I have earned the right to say this. Whenever we put networks in we are very concerned with things like routing protocols and spanning tree.
These are equivalent to PVC pipes and valves. Most business leaders don’t know what OSPF or spanning tree even is - nor should they care. But a network engineer cares deeply about these things because his/her job depends on getting those things right. In a modern network that has multiple different energies working to destabilise it - such as compliance, business agility, and cyber-crime - having good plumbing is not enough.
This is where information security comes in. If done right, information security professionals can become the structural engineers of the network. They can work to make sure that the proper balance between easy plumbing and elegant design is created so that when an earthquake comes the network can stay both running and secure.
Sure, there may be a confluence of factors where the earthquake, tsunami and nuclear meltdown all happen at once. But having a sense of structure to the network will make them much more resilient than they are today.
That’s why Forrester has created our Security Architecture Playbook based upon our Zero Trust Network Architecture. Zero Trust is a concept that is resonating worldwide and we believe these ideas can become a secure foundation for the modern network. Current network designs are from the last century and must be updated to reflect today’s threat environment.
In fact, we believe that the concepts articulated in this Playbook hold the key to breaking down the silos between security and networking so that the entire IT organisation is incentivised to create secure networks that can respond to current and future threats. Check it out and let us know what you think.
Posted by John Kindervag