ABSTRACT
The history of defences, barriers and safeguards abounds with paradoxes, often painful ones. Protective measures can cause harm. Conversely, small doses of a harmful entity can provide long-lasting protection, as in vaccination or inoculation. Defensive measures designed to reduce the opportunities for a particular kind of human error can relocate the error opportunities to some other part of the system, and these errors may be even more costly. Defences, barriers and safeguards add additional components and linkages. These not only make the system more complex, they can also fail catastrophically in their own right. Defences-in-depth are built upon redundancy and diversity. However, it is these very features which are highly desirable from an engineering standpoint that also create a variety of problems in complex socio-technical systems to such an extent that Jens Rasmussen, engineer and leading philosopher of technology, has coined the phrase the fallacy of defences-in-depth.
