Page 29 - SyI Quarterly - Q3 and Q4 Edition 2023
P. 29
The concept of Onion Skin Defence-in-Depth recognises
that no single layer of security is fool proof. By
implementing multiple layers of protection, each with
its own unique characteristics and strengths, the overall
security posture becomes stronger and more resilient.
Even if one layer is breached, there are additional layers
in place to impede further progress and increase the
chances of detection or intervention.
The Onion Skin Defence-in-Depth approach is not
limited to physical security measures but can also be
applied to cybersecurity, information security, and
other domains where protection of assets is crucial. In
these contexts, layers may include firewalls, intrusion.
The development of an appropriate security culture, where the right secure behaviours are adopted
by an organisation’s workforce can be an essential element of a protective security defence-in-depth.
By adopting desired behaviours, the leadership, employees, contractors, visitors, and suppliers can be
a huge force multiplier, at a relatively low cost, in strengthening the overall resilience to security events
and adversarial attacks.
A Behavioural-Based Security (BBS) programme should be risk-based and concentrate on what a person
needs to know to meet the organisation’s security expectations. Workforce behaviour and staff vigilance
are amongst the most off-putting factors for someone who is up to no good; it makes them think that
they are being watched and that they are more likely to be detected and intercepted.
When workers support protective security through their behaviours, by being vigilant and report
suspicious activities, they provide a deterrent, create an early warning mechanism, and assist in initiating
an impactful and proportionate response. This reduces the likelihood of a security event, limits the
negative consequence, and reduces the lost work time. By using the workforce eyes and ears, the
chances of keeping an organisation’s people and property safe are significantly enhanced.
By adopting a layered Defence-in-Depth concept —like that of an onion skin— organisations can
enhance their overall security posture, deter potential threats, detect intrusions early, delay the adver-
sary’s attack plan, and minimise the potential impact of security incidents. This layered approach pro-
vides a comprehensive and robust defence against a wide range of adversaries and attack vectors.
6. Does there need to be a difference between the Industrial Safety and Protective
Security Risk Management approach?
Whilst the Swiss Cheese Model and the protective security Onion Skin Defence-in-Depth concept share
some similarities in their approach to risk management and protection, they are primarily designed for
different domains—industrial safety and protective security, respectively. Let’s assess their synergies:
6.1. Layered Approach. Both models embrace a layered approach to risk mitigation. The Swiss
Cheese Model emphasises the need for multiple layers of defence to prevent accidents, whilst the Onion
Skin Defence-in-Depth concept focuses on creating multiple barriers to deter and mitigate threats in
protective security. Both concepts recognise that relying on a single layer of defence is insufficient and
that multiple layers increase the overall robustness of the system.
29