Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Dr. Mike Lloyd
Dr. Mike Lloyd
Connect Directly
E-Mail vvv

On Norman Castles and the Internet

When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?

I recently had the pleasure of attending the ninth annual Workshop on Internet Economics (WIE) at the University of California, San Diego. It might not seem a likely place to discuss English castles after the Norman Conquest, but that turned out to be a strong analogy for the security challenges of our modern Internet.

Explaining why takes a little bit of context. The Internet's early history is a great example of a runaway experiment escaping from the lab that went on to conquer the world. The intent was a network for exchange of scientific and technical data among a select few institutions. It was so good at information exchange that it grew far beyond that.

The Internet began with a great deal of optimism — open communication and a belief that connecting people would lead to wonderful things. While some wonderful things did happen, so did some unfortunate things. The Internet has become an important tool for those keen to manipulate elections and public opinion as well as a breeding ground for extremism.

Every new technology begins with a rush of optimism, followed by coming to terms with the downsides and limitations it has; the Internet is no different. The WIE conference gathered experts from many disciplines — Internet measurement, public policy, economics, security, and more — to look at what we know, what we don't know, and how we can close the gap through measurement. The perspective that emerged was not optimistic.

Today, a new computer will be attacked within minutes of getting on the Internet. Bad guys are relentless. They use automation on a seriously large scale looking for weaknesses to exploit. They often don't know exactly what they are looking for, so they go into any computer they can. They either find something valuable on it, use it as an anonymous base for future attacks, or even add it to a network of enslaved devices — see, for example, the Mirai botnet. It's like a neighborhood where any packages left on the porch or mail in mailboxes are immediately taken, and every door and window are repeatedly tested to see if anything was left open — a scary and untrusting place.

It's in this context that Norman castles came up. After the Normans conquered England in 1066, they needed to hold on to the power they won. They built castles — first of wood, then of stone. These classic castles combined a raised, fortified area (the "motte") with a much larger walled courtyard (called the "bailey") where people and livestock could shelter. Life in the bailey was crowded, smelly, and restrictive, but it beat living in the countryside, which was full of bandits who would attack anyone passing by. Travel by road was a very dangerous affair, undertaken only when necessary, and ideally with guards. 

How does this aromatically challenging environment compare to the modern Internet? Well, consider what we call "the cloud." For businesses that have been around for a while, the cloud isn't an abstract notion of "computers somewhere else" — it's a concrete proposition, just like a motte and bailey castle. A few cloud service providers have built serious walls around their courtyards. If you set up shop inside one of these spaces, you can benefit from the protection against the brigands who will constantly test you if you strike out on your own. The consensus of the discussion at the workshop was that today's Internet is like that medieval countryside — far too dangerous a place to live. Adopting cloud technology may not be about price or productivity — it's about protection.

This picture of the Internet as a dangerous wilderness dotted with forts and enclaves where people can huddle in relative safety is a long way from its optimistic beginning with the free flow of information.

Does this dismal view mean the Internet is broken beyond repair? Certainly not. Our world is far more peaceful, productive, and pleasant to live in than Norman England ever was. To emerge from the confines of the few castle enclosures dotted around, we need either the rule of law or better ways to defend ourselves. A new international system for policing the online world doesn't seem imminent — the global political winds are currently fanning flames of nationalism and isolation, exactly the wrong direction for Internet safety. We need to get better at defending ourselves — finding our defensive weaknesses before the bad guys do. Relying on the castle makers to protect us in our confining compounds isn't a long-term strategy. Businesses run the risk of "vendor lock-in," the modern-day equivalent of being stuck as a feudal vassal of the guy who can muster a fighting force and build a wooden wall around you and your compatriots.

What Can Be Done
The takeaway from all this is actually good news. These problems can be managed, first by realizing that the situation is serious, and then using modern automation to build digital resilience. Resilience means understanding that attacks are inevitable, but planning to survive them, rather than hoping to just get lucky and stay out of harm's way. The Internet has become a quite dangerous place, and it requires strong defenses, as well as recovery plans.

If you're not sure where to start, the best place to begin is mapping — map your defenses so you can find defensive gaps, map your business processes so that you can recover from compromise, and map out your recovery steps. The wandering marauders are out there. What you need to do is plan ahead, find protected places to hide your valuables online, and know what to do when they do breach your defenses.

Related Content:



Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dr. Mike Lloyd is CTO of cyber terrain mapping company RedSeal. Dr. Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.