Monday, February 11, 2008

IV Things the Roman Aqueducts Can Teach Us About Securing the Power Grid

Good thought-piece by Michael Assante and Mark Weatherford in CSOonline.com.
Some time around 313 B.C., the Romans built the first of eleven aqueducts--engineering marvels that would become critical to their capitol and to the influence of the Roman Empire. This first aqueduct was built completely underground for what historians have concluded were three main advantages: first, to conceal and to protect the water supply from enemies; second, to provide an additional level of protection from erosion and pollution; and finally, to be less disruptive to life above ground.

Back then, as now, the perception of risk had a direct correlation to how systems were designed. Over time, a decreased sensitivity to security risk in ancient Rome resulted in design modifications that made the aqueducts more vulnerable to disruption. Roman engineers began to incorporate architectural “advances” into the aqueduct system, adding magnificent arcades with arches and other above-ground structures that advertised Roman greatness.

Unfortunately these structures also made the aqueducts vulnerable to exploitation, because the water supply was no longer protected underground.

Thus, the infrastructure changed from a hidden and purpose-built system into a visible symbol that invading forces found appealing. Eventually those vulnerabilities were exploited by invading German tribes, who damaged the aqueducts, disrupting water supplies...



As the flow of water dwindled, so did the hope of Rome’s ability to repel the foreign invaders. Ironically, the only aqueduct left in commission after these invasions was the Aqua Virgo, which had been built underground...

Given the current risks and vulnerabilities, we feel that the history of the Roman aqueducts--both as they were originally built and as they changed over the centuries--holds great lessons for the security community today.

Lesson 1: Infrastructures are critical to the security of a state and represent a common good...

Lesson 2: Incorporating new technology can introduce vulnerabilities...

Lesson 3: Infrastructures are built to last and are seldom replaced, even when they may need to be...

Lesson 4: Security in the design is directly tied to how designers perceive security risk...

Modern day engineers should learn from this example and draw from it the understanding that design decisions should anticipate changes over time to environmental and system factors, including security.

Perceptions often lag reality, and it can be costly to weigh your options or implement changes only after security threats become too great to ignore. Built-in security is cheaper and more effective than trying to retrofit it after the system has already been placed into operation. Once the last brick has been placed, infrastructure design decisions have been “cast in stone,” and like the aqueducts, are built to last and hence not easily changed or replaced...
The full paper is also available online.

Labels: , ,

0 Comments:

Post a Comment

<< NIASAWHIWB Home