Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/18/2020
10:00 AM
Eyal Benishti
Eyal Benishti
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

What the Battle of Britain Can Teach Us About Cybersecurity's Human Element

During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.

The theme for this year's RSA Conference was the "Human Element," which explored the role of humans in the context of machine intelligence. The RSA Conference organizers described this year's theme as follows:

New technologies like artificial intelligence and machine learning promise to fight the bad actors more efficiently than we ever could. And the wider, cheaper availability of advanced nefarious tools has democratized cybercrime. Humans, it seems, have been forgotten as key elements in this global fight.

Indeed, as our world grows more automated and our machines achieve greater intelligence, it's only natural to wonder: What role will humans play in the cyber battlefield of tomorrow?

Which made me recall a seminal moment in world history with an analogous theme: The Battle of Britain, a turning point in World War II as well as one of the first and perhaps finest examples of how an emerging technology was paired with human intelligence that, in turn, changed the course of history.

Defending a Sprawling Perimeter
By the spring of 1940, Hitler's army had run roughshod over much of Western Europe due in large part to the overwhelming superiority of the Luftwaffe, the largest and most powerful air force in Europe. Because the Nazis had taken considerable amounts of territory, the prospect of an invasion of the United Kingdom was no longer a question of if, but when.

The Nazi generals understood that occupying Britain would be far more challenging than the rest of the European continent because it was afforded protection by the English Channel. For a seaborne invasion to be viable, the Luftwaffe would have to soften the target through sustained air attacks with the goal of destroying the British Royal Air Force, its formidable Navy, and other critical infrastructure.

Meanwhile, the British forces were faced with a still more daunting challenge: How do you defend thousands of miles of unprotected coastline and quickly communicate verified air attacks back to central command in a coordinated fashion?

Machine + Human Intelligence
Unbeknownst to the Nazis, British intelligence had been secretly building and deploying a new early-warning radar system known as the Dowding System, named after Hugh "Stuffy" Dowding, the Commanding Officer of the Royal Air Force and the architect of Britain's first fully coordinated air defense system.

The Dowding System comprised three interconnected layers, two of which were based on the latest innovations in radar while the third was perhaps the most crucial, yet also the most primitive. The first layer, dubbed Chain Home, consisted of a series of 360-foot radar masts that dotted the southern and eastern coasts and could detect enemy aircraft from 120 miles away. A second array of co-located smaller radar, Chain Home Low, was deployed to spot aircraft flying below the sight line of the taller Chain Home system.

While early radar systems were effective in providing advance warning of an approaching formation, they couldn't provide important contextual information such as the altitude at which enemy aircraft were flying, or most critically, the types of planes being deployed.

To provide this critical context, the first two layers of radar were reinforced by the "human element" — a reconnaissance corps of 30,000 volunteers manning observation posts day and night, up and down the entire coast.

These observers were responsible for spotting and reporting enemy planes, providing essential intelligence to central command, including the distance and height of observed aircraft, their approximate bearings, and the types of planes in formation. This enabled confirmed reports of enemy raids to be relayed back to command headquarters in under 40 seconds, a remarkable feat that provided ample time for central command to scramble an appropriate response.

The genius of the Dowding System was not in its sophisticated radar capabilities but its ability to orchestrate these disparate machine and human intelligence feeds into a unified early-warning system. While the Germans were well acquainted with radar and were themselves utilizing it, they did not fully appreciate how the British were applying it within the context of an integrated air defense system.

Applying the Lessons of the Dowding System
So, what does all this have to do with cybersecurity and how might we as security leaders employ these lessons? There are a number of parallels that can be drawn from the Dowding System and applied to the modern application of real-time threat intelligence:

  1. Humans excel at providing context: Modern artificial intelligence (AI) engines can pattern match at a scale that humans simply cannot. But understanding context is something that even the most sophisticated AI struggles with.

  2. Orchestration enables self-learning: The ability to synthesize human insight and feed it back into the machine in an orchestrated manner is foundational for building a self-learning system.

  3. Crowdsourcing threat intelligence: A number of leading network and email security tools today are discovering the power of crowdsourcing threat intelligence by providing a mechanism to automatically share real-time threat intelligence across the network.

  4. A multilayered approach is key: No single system should be relied upon to protect your network. A defense-in-depth approach requires the layered application of multiple tools to ensure resiliency.

Interestingly, when we talk about cybersecurity, humans are often considered the "weakest link" in the cybersecurity chain. Whether it's the user who carelessly clicks on a phishing link or a network admin who applies the wrong software patch, we are imperfect by nature and bound to make mistakes. By the same token, those individuals with specific domain expertise are able to understand and interpret nuance in a way that even the smartest machines cannot.

Some 80 years ago, the British leveraged a combination of technology and human intelligence to turn the tide of the war. Security leaders would be wise to learn the lessons of history and consider how the human element can make their machine-based systems smarter, more responsive, and ultimately, more effective.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises. Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7822
PUBLISHED: 2020-08-04
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
CVE-2020-7823
PUBLISHED: 2020-08-04
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
CVE-2020-6012
PUBLISHED: 2020-08-04
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems.
CVE-2019-20001
PUBLISHED: 2020-08-04
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
CVE-2020-15467
PUBLISHED: 2020-08-04
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.