In the first part of this multi-part blog post, Defense-in-Depth is defined and discussed from an historical perspective. In follow-on posts, the application of Defense-in-Depth in a cyber security role will be discussed.
What is Defense-in-Depth?
Defense-in-depth is a defensive strategy designed to protect by using multiple layers of mutually supporting or reinforcing defenses where each layer must be penetrated and overcome before an attack can be successful.
Defense-in-depth is a military strategy that is used as a model for defending computer networks. Originally, from a military standpoint, defense-in depth was mostly a physical security strategy intended to deny your adversary access to assets and resources needed to wage war: People (soldiers), supplies, transport, facilities, command and control, etc.
In order to stave off an attack, a military unit might deploy layers of defense consisting of dragon’s teeth to slow down tanks and mechanized infantry, fields of anti-personnel mines, rows of razor wire, ditches and moats, machine guns placed in pillboxes, fences, artillery, including anti-air artillery, and other defensive measures. These measures often have the dual purpose of slowing down an attack and channeling the attacker into kill zones where defensive weapons may be concentrated. Usually, the layered defense surrounds something of high value to the defender: A fortification or fort, air base, naval station, or anything that serves as a place where warfighters are housed and trained and where military matériel is supplied and stored.
Not everything on a military base has the same level of strategic value. Those things that have higher value such as command and control headquarters and supply stores will be behind several layers of defense. Those things that have lower strategic value such as the golf course, hobby shops and bowling alley would be positioned behind fewer layers of defense. Even though these things are assets, they are not assets that are required to accomplish the mission of the military unit and would receive fewer defensive resources. The golf course, if present, and consisting of up to 200 acres of mostly cleared land, may actually be a defensive layer itself, as well as a recreation and welfare asset.
Defense-in-Depth Planning Assumptions
A central assumption driving military defense-in-depth is the assumption that a determined attacker will always be able to penetrate the perimeter defense. Stated another way, the assumption is that an attacker will always be able to defeat or at least partially defeat any individual defensive layer and penetrate beyond that layer. If there is only one layer of defense, then the attack is likely to succeed. Therefore, the defense-in-depth strategy relies upon multiple defensive layers where each layer must be penetrated and overcome before an attack can be successful. The defense-in-depth layers are designed to slow down an attacker so that a counterattack may be mounted, or causes the attacking force to expend resources until they no longer have sufficient resources to sustain an attack. In some cases, a formidable array of defensive layers may even convince an enemy force that an attack is unwinnable and dissuade them from mounting an attack at all.
Assumptions within military defense-in-depth planning can be summarized:
- An attacker will always be able to penetrate the perimeter
- Defense-in-depth enables counterattacking the enemy
- The enemy will be located some distance away from what requires defending-yielding space to the attacker in order to outflank and destroy them is part of the strategy
- It is possible to eliminate the attacker or at least degrade their ability to continue an attack
In the next post of this series, the appropriate application of defense-in-depth in a cyber security environment will be discussed, including the risks involved in applying a military strategy designed for the physical world to the distributed, cloud-based cyber security challenge that characterizes today’s operating environment.