InfoSec, Structural Engineering, And The Security Architecture Playbook

By John Kindervag

Last year the country of Japan suffered a devastating disaster of unspeakable proportions. A massive earthquake on the eastern coast of the country triggered a deadly tsunami that caused the flooding of the Fukushima nuclear power plant. Three dominos fell at once, resulting in a significant and tragic loss of life and property. I visited Japan earlier this year. As I traveled throughout the Tokyo area, I couldn’t see any evidence of these disasters. I asked several residents of the city and all told me that the earthquake did not affect the rest of Japan very much. They all discussed how ready Japan was for earthquakes, having suffered many over the centuries. It was in Tokyo that I learned that not many people actually died as the result of the earthquake. Most of the deaths were the result of drowning in the flood waters created by the tsunami. Over and over again, the people I met wanted to talk about how well their buildings were designed to resist the destructive force of earthquakes.

In 2003 a much smaller earthquake struck Iran. Measuring 6.6 on the Richter scale, the Bam earthquake had much less energy but was more destructive than the 2011 Japanese earthquake, which had a magnitude of 9.0. (Data provided by United States Geological Survey.)

The importance of structural engineering has long been recognized as a cornerstone of civilized societies. If we go back almost 4,000 years, we see the Babylonian king Hammurabi concerned with the very same issues. Around 1760 BC, he issued what is known as Hammurabi’s code, which laid the foundation for modern structural engineering:

“If a builder builds a house for someone, and does not construct it properly and the house falls in and kills its owner, then that builder shall be put to death.”


“If it ruins goods, he shall make compensation for them, and shall re-erect the house at his own expense.”

Hammurabi understood that firm structure must be designed into everything that was built. Unfortunately, this is not a lesson that we in the networking world have truly understood and taken to heart yet. Every year many organizations fall down under the weight of various types of cyber-attacks, and every year we rebuild them in the same fragile way.

Imagine if your plumber designed your house. He would put the bathroom in the garage next to the water heater, because that would be the most efficient way to install the bathroom. The pipe runs would be short, the hot water would get to the shower quickly, and the workmanship could be shoddy because if there was a flood only the garage would get wet. While this type of design is in the best interest of the plumber, it would make your home unlivable.

Well that’s exactly what we’ve done in the world of IT and computer networking. We’ve let the plumbers design our house. Network professionals — while they have a critical role — should not be designing our houses. As a former network engineer, I have earned the right to say this. Whenever we put networks in we are very concerned with things like routing protocols and spanning tree. These are equivalent to PVC pipes and valves. Most business leaders don’t know what OSPF or spanning tree even is — nor should they care. But a network engineer cares deeply about these things because his or her job depends on getting those things right. In a modern network that has multiple different energies working to destabilize it — such as compliance, business agility, and cyber-crime — having good plumbing is not enough.

This is where information security comes in. If done right, information security professionals can become the structural engineers of the network. They can work to make sure that the proper balance between easy plumbing and elegant design is created so that when an earthquake comes the network can stay both running and secure. Sure, there may be a confluence of factors where the earthquake, tsunami, and nuclear meltdown all happen at once. But having a sense of structure to the network will make networks much more resilient than they are today.

That’s why Forrester has created our Security Architecture And Operations Playbook based upon our zero trust network architecture. Zero trust is a concept that is resonating worldwide, and we believe these ideas can become a secure foundation for the modern network. Current network designs are from the last century and must be updated to reflect today’s threat environment. In fact, we believe that the concepts articulated in this playbook hold the key to breaking down the silos between security and networking so that the entire IT organization is incented to create secure networks that can respond to current and future threats. Check it out and let us know what you think.

Cybersecurity market research: Top 15 statistics for 2017