Issue No. 03 - May-June (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.64
Shari Lawrence Pfleeger , Dartmouth College
Grey towers of Durham,
Yet well I love thy mixed and massive piles,
Half church of God; half castle 'gainst the Scot.
—Sir Walter Scott
Durham Castle sits high atop a peninsula, surrounded by the River Wear on three sides. Its construction by the Saxon Earl of Northumberland began in 1072, under William the Conqueror's orders, and for centuries, the castle (and Durham Cathedral within it) was home to the Prince Bishops of Durham. Extraordinarily powerful, the Prince Bishops had administrative as well as ecclesiastical power; they governed the surrounding countryside with judicial, financial, and religious control.
The fourth side of the castle consisted of a castle wall, keep, and a multilayered gate: defense in depth. In its early days, many people lived within the castle's protection, on what is now called the Palace Green. Commerce took place on and around the Green, and the Prince Bishops could move safely and swiftly between their homes and their workplaces.
Castle and fortress metaphors are often overused in security. But walking within and around Durham Castle, I realized that the castle analogy offers us many more lessons than just "build the walls higher and thicker." For example, William the Conqueror was wily. He instructed that the castle be built not only to provide a physical barrier from the Scots in the north but also to provide a psychological one: an imposing structure accompanied by powerful administrators over loyal subjects. After all, the Roman emperor Hadrian had already built a wall across Britain in 122; it was the most heavily fortified border in the Roman Empire. Like William, Hadrian took a multifunction approach: the gates in Hadrian's Wall enabled taxation and control of commerce, too. But unlike Hadrian's Wall, Durham Castle and Cathedral became a center for commerce, not just a pass-through. The lesson? Embed security as a natural part of the system's overall design, so that security is a welcome feature in a feature-rich system.
Indeed, the Prince Bishops soon realized that the Anglo-Saxons living within the castle walls were potentially dangerous: an insider threat. In security, when we perceive a threat, we tend to think immediately of using technology to tighten behavioral constraints. The Prince Bishops could have put more watchmen on duty to monitor the Anglo-Saxons' behavior. Or they could have just banned Anglo-Saxons from the castle, creating a disgruntled group that might eventually seek revenge. Instead, the wise Prince Bishops commissioned a city wall to be constructed north of the existing castle wall, thereby creating a new commercial center outside the Palace Green. This new space gave the Anglo-Saxons (and others) incentive to move to a newer, well-protected area, which they promptly did. Today, the city of Durham still has a Market Square (including an indoor market six days a week) that forms the city's thriving core. As is often the case with cybersecurity, understanding and providing incentives for good security behavior can be more effective and welcome than disruptive or constraining technology.
In fact, Durham Castle was never attacked, and the city has grown and thrived. Today, the castle belongs to Durham University, and 100 students make their home within its walls. But its history and architecture continue to offer lessons about thoughtful and effective ways to provide security without threatening or impeding commerce.