Defence in depth (non-military)
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
A defence in depth uses multi-layered protections, similar to redundant protections. The intention is to create a reliable system using the multiple layers, rather than making any one layer perfectly reliable.
The term defence in depth is now used in many non-military contexts.
A defence in depth strategy to fire prevention does not focus all the resources only on the prevention of a fire; instead, it also requires the deployment of fire alarms, extinguishers, evacuation plans, mobile rescue and fire-fighting equipment and even nationwide plans for deploying massive resources to a major blaze.
Defense-in-depth is incorporated into fire protection regulations for nuclear power plants. It requires preventing fires, detecting and extinguishing fires that do occur, and ensuring the capability to safely shutdown.
Defence in depth may mean engineering which emphasizes redundancy – a system that keeps working when a component fails – over attempts to design components that will not fail in the first place. For example, an aircraft with four engines will be less likely to suffer total engine failure than a single-engined aircraft no matter how much effort goes into making the single engine reliable. However, Charles Perrow, author of Normal accidents, has said that sometimes redundancies backfire and produce less, not more reliability. This may happen in three ways: First, redundant safety devices result in a more complex system, more prone to errors and accidents. Second, redundancy may lead to shirking of responsibility among workers. Third, redundancy may lead to increased production pressures, resulting in a system that operates at higher speeds, but less safely.
In nuclear engineering and nuclear safety, all safety activities, whether organizational, behavioural or equipment related, are subject to layers of overlapping provisions, so that if a failure should occur it would be compensated for or corrected without causing harm to individuals or the public at large. Defence in depth consists in a hierarchical deployment of different levels of equipment and procedures in order to maintain the effectiveness of physical barriers placed between radioactive materials and workers, the public or the environment, in normal operation, anticipated operational occurrences and, for some barriers, in accidents at the plant. Defence in depth is implemented through design and operation to provide a graded protection against a wide variety of transients, incidents and accidents, including equipment failures and human errors within the plant and events initiated outside the plan.
Likewise, in information security / Information Assurance defence in depth represents the use of multiple computer security techniques to help mitigate the risk of one component of the defence being compromised or circumvented. An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment. Different security products from multiple vendors may be deployed to defend different potential vectors within the network, helping prevent a shortfall in any one defence leading to a wider failure; also known as a "layered approach".
- NRC: 10 CFR Appendix R to Part 50—Fire Protection Program for Nuclear Power Facilities Operating Prior to January 1, 1979
- Scott D. Sagan (March 2004). "Learning from Normal Accidents" (PDF). Organization & Environment. Archived from the original (PDF) on 2004-07-14.
- International Nuclear Energy Agency (1996). Defence in depth in nuclear safety (INSAG-10) (PDF). ISBN 92-0-103295-1.