Beyond the Castle Model of cyber-risk and cyber-security

Christian Leuprecht, David Skillicorn, Victoria Tait

    Research output: Contribution to journalArticlepeer-review

    27 Citations (Scopus)


    The predominant metaphor for secure computing today is modeled on ever higher, ever better layers of walls. This article explains why that approach is as outmoded for cyber security today as it became for physical security centuries ago. Three forces are undermining the Castle Model as a practical security solution. First, organizations themselves tear down their walls and make their gateways more porous because it pays off in terms of better agility and responsiveness - they can do more, faster and better. Second, technological developments increasingly destroy walls from the outside as computation becomes cheaper for attackers, and the implementation of cyberwalls and gateways becomes more complex, and so contains more vulnerabilities to be exploited by the clever and unscrupulous. Third, changes in the way humans and technology interact, exemplified (but not limited to) the Millennial generation, blur and dissolve the concepts of inside and outside, so that distinctions become invisible, or even unwanted, and boundaries become annoyances to be circumvented. A new approach to cyber security is needed: Organizations and individuals need to get used to operating in compromised environments. The article's conclusion hints at more nuanced forms of computation in environments that must be assumed to be potentially compromised.

    Original languageEnglish
    Pages (from-to)250-257
    Number of pages8
    Issue number2
    Publication statusPublished - 1 Apr 2016


    • Boundaries
    • Compromised environments
    • Cyberdefense
    • Generational differences
    • Millennials
    • Organizational boundaries
    • Security


    Dive into the research topics of 'Beyond the Castle Model of cyber-risk and cyber-security'. Together they form a unique fingerprint.

    Cite this