Abstract
The predominant metaphor for secure computing today is defence in depth: higher, better layers of walls. This article explains why that approach is as outmoded for cybersecurity today as it became for physical security centuries ago. Three forces are undermining the castle model as a practical security solution. First, organizations themselves tear down their walls and make their gateways more porous because it pays off in terms of better agility and responsiveness—they can do more, faster and better. Second, technological developments increasingly destroy walls from the outside as computation becomes cheaper for attackers, and the implementation of virtual walls and gateways becomes more complex, and so contains more vulnerabilities to be exploited by the clever and unscrupulous. Third, changes in the way humans and technology interact, exemplified (but not limited to) the Millennial generation, blur and dissolve the concepts of inside and outside, so that distinctions become invisible, or even unwanted, and boundaries become annoyances to be circumvented. A new approach to cybersecurity is needed: Organizations and individuals need to get used to operating in compromised environments. The article’s conclusion operationalize this strategy in terms of a paradigm shift away from a Castle Model and towards a more nuanced form of computation and data assurance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Accenture (2008) Millennials at the Gates: results from Accenture’s High Performance IT Research. Accenture Research USA, New York
Agamben G (1999) Potentialities. Stanford University Press, Stanford
Bauman Z, Lyon D (2013) Liquid surveillance: a conversation. Polity Press, Cambridge
Bauman Z, Bigo D, Esteves P, Guild E, Jabri V, Lyon D, Walker RBJ (2014) After snowden: rethinking the impact of surveillance. Int Polit Sociol 8(2):121–144
Beer D (2009) Power through the algorithm? Participatory web cultures and the technological unconscious. New Media Soc 11(6):985–1002
Bloomberg Business (2011) Human errors fuel hacking as test shows nothing stops idiocy. http://www.bloomberg.com/news/articles/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy. Accessed 30 June 2011
Castells M (2001) The internet galaxy: reflections on the internet, business, and society. Oxford University Press, Oxford
Common Vulnerabilities and Exposures, MITRE (2013) Heartbleed. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160. Accessed 1 April 2013
Deloitte (2012) Tech Trends 2012: elevate IT for digital business; a federal perspective. Deloitte LLP Services, London. http://www2.deloitte.com/content/dam/Deloitte/us/Documents/technology/us-cons-tech-trends-2012.pdf. Accessed 1 April 2015
Drapeau M, Wells L II (2009) Social software and national security: and initial net assessment. Center for Technology and National Security Policy. National Defense University, Washington, DC
Fritzson A., Howell LW, Zakheim DS (2007) Military of Millennials. Strategy + Business 49. http://www.strategy-business.com/article/07401?pg=0
Foucault M (1991) Discipline and punish: the birth of a prison. Penguin, London
Foucault M (1998) The history of sexuality: the will to knowledge. Penguin, London
Frincke DA, Bishop M (2004) Guarding the castle keep: teaching with the fortress metaphor. IEEE Secur Priv 2(3):69–72
Gill M (2006) The handbook of security. Palgrave Macmillan, New York
Goldsmith A, Brewer R (2015) Digital drift and the criminal interaction order. Theoretical criminology. Forthcoming
Harris Michael (2014) The end of absence: reclaiming what we’ve lost in a world of constant connection. Current, Toronto
Harknett RJ, Stever JA (2011) The new policy world of cybersecurity. Public Adm Rev 71(3):455–460
Hershatter A, Epstein M (2010) Millenials and the world of work: an organization and management perspective. J Bus Psychol 25(2):211–223
Hibbard L (2011) Communicating with the net generation. U.S. Army War College, Carlisle Barracks, PA
Jacobs J, Diefenbach V (2012) The use of social media in public affairs—a German perspective. North Atlantic Treaty Organization RTO-MP-HFM-201, Brussels
Johnson TJ, Kaye BK (2010) Believing the blogs of war? How blog users compare on credibility and characteristics in 2003 and 2007. Media War Confl 3(3):315–333
Karas TH, Moore JH, Parrott LK (2008) Metaphors for cyber security. SANDIA report SAND2008-5381. Sandia National Laboratories, Albuquerque
Lee CKC, Conroy DM (2003) Teenager’s consumption on the internet. Australas Mark J 13(1):8–19
Leydesdorff L (2010) The communication of meaning and the structuration of exceptions: Giddens’ ‘structuration theory’ and Luhmann’s ‘self-organization’. J Am Soc Inform Sci Technol 61(10):2138–2150
Lu M (2001) Digital divide in developing countries. J Global Inf Technol Manage 4(3):1–4
McDougal M (2009) Castle warrior: redefining 21st century Network defence. In: CSIIRW ‘09 proceedings of the 5th annual workshop on cyber security and information intelligence research: cyber security and information intelligence challenges and strategies. http://www.cisr.ornl.gov/csiirw/09/CSIIRW09-Proceedings/Abstracts/McDougal-abstract.pdf. Accessed 25 May 2015
Myers KK, Sadaghiani K (2010) Millennials in the workplace: a communication perspective on millennials’ organizational relationships and performance. J Bus Psychol 25(2):225–238
National Telecommunications and Information Administration (1995) Falling through the net: a survey of the have nots in rural and urban America. U.S. Department of Commerce, Washington, DC
Norris P (2001) Digital divide: civic engagement, information poverty, and the internet worldwide. Cambridge University Press, Cambridge
Pariser E (2012) The filter bubble: how the new personalized web is changing what we read and how we think. Penguin Books, New York
Pew Research Center (2010) The future of the internet. http://pewinternet.org
Quigley K, Roy J (2012) Cyber-security and risk management in an interoperable world: an examination of governmental action in North America. Soc Sci Comput Rev 30(1):83–94
Resnyansky L, Falzon L, Agostino K (2012) From transaction to meaning: internet-mediated communication as an object of modeling. In: 8th International Conference on Social Science Methodology. Sydney, 9–13 July, Conference Proceedings Vol II. http://itupl-ura1.ml.unisa.edu.au/R/?func=dbin-jump-full&object_id=116267. Accessed 3 May 2015
Sassen S (2002) Towards a sociology of information technology. Curr Sociol 50(3):365–388
Shirky C (2008) Here comes everybody: the power of organizing without organizations. Penguin Press, New York
Statistics Canada (2008) Canada′s Ethnocultural Mosaic, 2006 Census. Ottawa. http://www12.statcan.ca/census-recensement/2006/as-sa/97-562/pdf/97-562-XIE2006001.pdf
Tufekci Z (2008) Can you see me now? Audience and disclosure regulation in online social network sites. Bull Sci Technol Soc 28(1):20–36
Verdon J (2012) The wealth of people: how social media re-frames the future of knowledge and work. North Atlantic Treaty Organization RTO-MP-HFM-201, Brussels (April)
Zedner L (2009) Security. Routledge, Abingdon, chapter 5
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Skillicorn, D., Leuprecht, C., Tait, V. (2016). Computing in Compromised Environments: Beyond the Castle Model of Cyber-Security. In: Masys, A. (eds) Exploring the Security Landscape: Non-Traditional Security Challenges. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-27914-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-27914-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27913-8
Online ISBN: 978-3-319-27914-5
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)