Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Dr. Mike Lloyd
Dr. Mike Lloyd
Connect Directly
E-Mail vvv

On Norman Castles and the Internet

When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?

I recently had the pleasure of attending the ninth annual Workshop on Internet Economics (WIE) at the University of California, San Diego. It might not seem a likely place to discuss English castles after the Norman Conquest, but that turned out to be a strong analogy for the security challenges of our modern Internet.

Explaining why takes a little bit of context. The Internet's early history is a great example of a runaway experiment escaping from the lab that went on to conquer the world. The intent was a network for exchange of scientific and technical data among a select few institutions. It was so good at information exchange that it grew far beyond that.

The Internet began with a great deal of optimism — open communication and a belief that connecting people would lead to wonderful things. While some wonderful things did happen, so did some unfortunate things. The Internet has become an important tool for those keen to manipulate elections and public opinion as well as a breeding ground for extremism.

Every new technology begins with a rush of optimism, followed by coming to terms with the downsides and limitations it has; the Internet is no different. The WIE conference gathered experts from many disciplines — Internet measurement, public policy, economics, security, and more — to look at what we know, what we don't know, and how we can close the gap through measurement. The perspective that emerged was not optimistic.

Today, a new computer will be attacked within minutes of getting on the Internet. Bad guys are relentless. They use automation on a seriously large scale looking for weaknesses to exploit. They often don't know exactly what they are looking for, so they go into any computer they can. They either find something valuable on it, use it as an anonymous base for future attacks, or even add it to a network of enslaved devices — see, for example, the Mirai botnet. It's like a neighborhood where any packages left on the porch or mail in mailboxes are immediately taken, and every door and window are repeatedly tested to see if anything was left open — a scary and untrusting place.

It's in this context that Norman castles came up. After the Normans conquered England in 1066, they needed to hold on to the power they won. They built castles — first of wood, then of stone. These classic castles combined a raised, fortified area (the "motte") with a much larger walled courtyard (called the "bailey") where people and livestock could shelter. Life in the bailey was crowded, smelly, and restrictive, but it beat living in the countryside, which was full of bandits who would attack anyone passing by. Travel by road was a very dangerous affair, undertaken only when necessary, and ideally with guards. 

How does this aromatically challenging environment compare to the modern Internet? Well, consider what we call "the cloud." For businesses that have been around for a while, the cloud isn't an abstract notion of "computers somewhere else" — it's a concrete proposition, just like a motte and bailey castle. A few cloud service providers have built serious walls around their courtyards. If you set up shop inside one of these spaces, you can benefit from the protection against the brigands who will constantly test you if you strike out on your own. The consensus of the discussion at the workshop was that today's Internet is like that medieval countryside — far too dangerous a place to live. Adopting cloud technology may not be about price or productivity — it's about protection.

This picture of the Internet as a dangerous wilderness dotted with forts and enclaves where people can huddle in relative safety is a long way from its optimistic beginning with the free flow of information.

Does this dismal view mean the Internet is broken beyond repair? Certainly not. Our world is far more peaceful, productive, and pleasant to live in than Norman England ever was. To emerge from the confines of the few castle enclosures dotted around, we need either the rule of law or better ways to defend ourselves. A new international system for policing the online world doesn't seem imminent — the global political winds are currently fanning flames of nationalism and isolation, exactly the wrong direction for Internet safety. We need to get better at defending ourselves — finding our defensive weaknesses before the bad guys do. Relying on the castle makers to protect us in our confining compounds isn't a long-term strategy. Businesses run the risk of "vendor lock-in," the modern-day equivalent of being stuck as a feudal vassal of the guy who can muster a fighting force and build a wooden wall around you and your compatriots.

What Can Be Done
The takeaway from all this is actually good news. These problems can be managed, first by realizing that the situation is serious, and then using modern automation to build digital resilience. Resilience means understanding that attacks are inevitable, but planning to survive them, rather than hoping to just get lucky and stay out of harm's way. The Internet has become a quite dangerous place, and it requires strong defenses, as well as recovery plans.

If you're not sure where to start, the best place to begin is mapping — map your defenses so you can find defensive gaps, map your business processes so that you can recover from compromise, and map out your recovery steps. The wandering marauders are out there. What you need to do is plan ahead, find protected places to hide your valuables online, and know what to do when they do breach your defenses.

Related Content:



Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dr. Mike Lloyd is CTO of cyber terrain mapping company RedSeal. Dr. Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-11
FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.