Finding The Hidden InfoSec Story

What the Romans Teach Us About Cybersecurity

Photo Credit: sylvainfriquet via Compfight cc

The year is 119 AD. In Rome, Emperor Hadrian is wondering how to secure his newly won lands in Britannia. He decides to travel over to the northernmost part of the Empire and find out what is required for himself.

The Wall

His solution? A wall. But not just any wall. A kind of super-wall. It ran from the coast to coast with a stone base and stone wall on top. It had multi-layered defences with ditches fronting the wall. It could itself assess the threats to the Empire with soldiers watching constantly from milecastles and viewing turrets in between. A wall that could constantly adapt its defences with garrisons of soldiers in a fort every 7 miles.

Gnaeus Julius Agricola, one of the greatest Roman generals ever to have lived, having surveyed Scotland in 79AD and conquered Caledonia in 83AD, fought with the Caledonians the following year in which 19,000 died. The Romans then realised that this wasn’t a race to be subservient to the empire as expected. Agricola was called back by the Emperor Domitian whilst the Rhine and Danube region frontiers were also weakening. When he returned, he already had in mind a wall as a solution whilst he was staying at Vindolanda, a Roman fort and village which was to be right next to the site of the wall. Agricola never got to see the wall finished.

The wall was built not only to protect Britannia (England) from being invaded by the Picts, compromising the Romans’ control, but to divide the Romans and Barbarians with a physical border that marked the extent of the empire. Some say it was also a kind of border security to stabilise, to watch who entered and left as Roman traffic monitoring, and to bring cohesion to Britannia.

And so an 80 mile long, 4 million tonne wall was built, manned by 10,000 soldiers at any one time as a secure frontier control.

The Failure of the Wall

By the late 4th century the Wall was of limited use. Barbarians had invaded Britannia using other routes in. The economy had declined. Military coups also loosened the Empire’s hold on Britannia.

Hadrian died in 138AD at the age of 63, and the new emperor Antonius Pius decided to abandon the wall and to build a new wall at Forth-Clyde. Needless to say this was not as well built, managed or successful as Hadrian’s, and was abandoned in favour of Hadrians’s wall not long after. The wall then started to expand, with a new road at the frontier later on in the second century. In 180AD, Pictish tribes crossed the wall and killed a general and his troops, forcing more turrets, crags and forces to be introduced. Strengthening the wall proved to be just a short-term solution, though. As the empire weakened, and soldiers, resources and most of all, attention was needed elsewhere closer to Rome, the wall was gradually left to spoil. Troops were withdrawn to defend more alarming threats, but even so there is evidence that forts were held after the Romans withdrew from Britain completely, though not as efficiently as at its pinnacle. The local populace started purloining the stone to build houses and churches. Years of the harsh Northumbrian wind, rain and moss led to the deterioration of the wall after centuries of abandonment.

So What Does This Teach Us About Cybersecurity?

Like a modern firewall, Hadrian’s Wall was engineered with precision. It could respond to threats, was always on and could adapt to different impending hazards. As the world changed however it couldn’t be relied on as the sole means of defence, even after its rejuvenation. The wall was still of some use – regulating threats and traffic into the empire – but it was no longer the sole remedy as it had been.

The Romans teach us that threats are ever-changing and that perimeter security is not total security. Modern-day invaders do get through our firewalls. We need to have the wall in place, but we can’t rely on it to remove all of the risks that lie in wait to attack us. We need to check our defences inside the walls too. Security also can’t be the preserve or the responsibility of the few; even if we have legions of cybersecurity people (and most organisations don’t) we can’t leave cybersecurity just to the professionals. The cybersecurity soldiers need to get everyone involved. They need to educate them properly in what the threats are. And that training needs to be focused on today’s and tomorrow’s threats, not yesterday’s. Citizens also need to be told that the Wall no longer protects them. We need to get everyone inside the wall looking out for threats – not just the soldiers charged with maintaining our defences. We need total vigilance. We need all of our citizens to look for threats and report them quickly. If we can do all of this we may just keep our empire intact.

Share This Post On