Every year on November 5th, we celebrate the failure of a plot to blow up the Houses of Parliament and kill the king, along with his relatives, a large part of the aristocracy, bishops, and judges. The plotters were English Catholics who wanted to replace King James with his daughter, Elizabeth, but they were detected in time and the plot was foiled.
That was over 400 years ago, but we still celebrate the detection and prevention of the overthrow of the king and the Establishment—usually with fireworks and a bonfire.
The Gunpowder Plot and Security
Obviously, there was no ‘cyber’ back then, but there are still useful parallels with security today, notably around prevention and detection of incidents.
- Prevention – physical security and identity checks.
The explosives were concealed in an undercroft—a general storage space that was easily accessible to many people. There was apparently little security to restrict access to this space, which was dangerously close to the Houses of Parliament: literally underneath the House of Lords.
The man who rented the storage space used a false identity. There were no checks before giving permission to lease the space.
- Detection – threat intelligence and threat detection.
A warning was received but was not passed on immediately. When it was, however, an initial search was instigated.
The initial search failed to find anything except firewood and a man claiming to be a servant. This was reported and additional threat intelligence identified that his alleged employer was a known Catholic agitator.
This caused concern, and a second, more thorough, search found explosives concealed behind the firewood and the primary plotter (Guy Fawkes) with fire-starting kit in his pockets.
Prevention and Detection
While the Gunpowder Plot was not directly relevant to cyber security, there are lessons we can learn.
Physical security and access control matter. The public doesn’t need access to all areas of your business. And you should think about the security of the perimeter of your business (doors, gates, fences and so on).
Physical access should be controlled, and the strength of that control will depend on the nature of your business. Those people who are given access but are not employees could be recorded—for example, by completing a visitor log—and issued with a visitor pass. People with access to the most sensitive areas, could have their identities checked: for example, identity confirmation for a new employee, or non-employees to provide ID.
Threat intelligence—keeping up to date with news about potential threats to your business—is also important. For example, retail outlets share information about shoplifters in the area on any given day. Combining bits of information to estimate the scale of the threat—as the authorities did in November 1605, when they identified that the name given by the alleged servant was known to be a risk—can ensure that sufficient effort and resources are applied to detect and manage the threat. In the case of the Gunpowder Plot, the explosives were found before the plotters could set light to the fuse.
If you enjoy reading our blog posts, sign up for our monthly newsletter for cyber security tips for your business. And if you’d like any cyber security help, do contact us on 0113 733 6230 or via the contact form.