Let’s Prevent Cyber Attacks with Swiss Cheese Model

In today’s digital world, devices such as smartphones, computers and tablets are increasingly becoming essential tools for communication and doing financial transactions via the Internet. It becomes a common practice in our daily life that the corporate data and the personal data are transmitted between such devices.

On the other hand, computer viruses have been developed to access those devices and steal sensitive data. Auto bots are coded to scam bank accounts, hack credit cards, or even steal cryptocurrency.

Thus, cybersecurity strategies are developed to protect digital assets, reduce risks, and prevent cyber attacks for organizations.         

There are many cybersecurity measures such as the following physical measures.

  • Do not use an unknown USB flash drive. Or make sure to execute a virus scan before using it.
  • Do not click or open suspicious SMS or e-mails.
  • Install a firewall or an antivirus program.

There is one model that looks interesting. It is the Swiss Cheese Model.

Speaking of Swiss cheese or Gruyere cheese, many people may think of the cartoon “Tom & Jerry” which Jerry always steals cheese from the kitchen to eat.

There are many holes in the cheese because when it is kept for a long time, carbon dioxide will form inside. When you slice the cheese, you will see the holes scattered unevenly and not the same on each sliced cheese. And when you put the sliced cheese together, the holes won’t match from the first to the last one.

The idea is to slice the cheese and specify what each slice is used for. As each hole varies in size and position in each slice, it is like a “flaw”. Failure occurs when the holes in the slices align, allowing a hazard to pass through all of the layers of defense and causing serious accidents.

From the figure, assuming that slice A is a physical screening point, for example, there is a flash drive slot but the user does not use. However, hackers may get through the internet where the user unintentionally accesses some unsafe websites. At slice B, IP address will be filtered by a firewall, so some hackers cannot pass through slice C.

Anyway, some might get through the firewall but they will be removed by malware protection at slice C.

In case it cannot detect the malware and the hackers get through slice D, they won’t be able to pass the admin system. Finally, if the hackers can pass through every slice, you have to add more layer of security.

Below is a sample image of how to manage cybersecurity defense with the Swiss cheese model.

At present, the Swiss cheese model is widely used in the medical profession as a means of addressing COVID-19, medication dispensing, public health services providing, and emergency services providing. This model is also used in the aviation business to manage aviation risks.

Below is an example of COVID-19 countermeasures concept from the World Health Organization.

Bill Hanage, an Associate Professor of Epidemiology of Harvard T.H. Chan School of Public Health, mentioned that the concept of the Swiss cheese model is composed of 2 parts.

  1. Personal responsibilities such as social distancing, face mask or face shield wearing, hand washing
  2. Shared responsibilities such as testing and tracing, creating quarantine and isolation practices, communicating with the public, vaccination

The above measure is like placing several slices of the Swiss cheese and the holes in each slice are flaws in each system. When the holes in each slice align, a hazard can pass through the entire slices of cheese, so it causes a failure.

In conclusion, there is no fixed pattern for cybersecurity measures. Each organization might have different strategies depending on its plan and the environment at that time. However, every organization can apply the concept of the Swiss cheese model to prevent potential risk of cybersecurity threats.


The Swiss Cheese Model of Pandemic Defense, Dec. 5. 2020, nytimes.com
Swiss cheese model, wikipedia.org