The changing security battlefield

Over the years, I have heard some of the leading thinkers in the intelligence and military fields talk about history, as they often do. They turn and gaze back on the fields in which wars were won and lost, and discuss what caused those victories or defeats.

In the 16th century, Sir Walter Raleigh famously said, “He who controls the seas controls the world.” In the 20th century, that saying became, “He who controls the air controls the world,” and now in the 21st century it has become, “He who controls cyberspace controls the world.” The battlefields have changed, but the game remains the same and it’s increasingly difficult to mount an effective defense.

Throughout history, alliances have been born that allowed nations with like-minded interests to pool their resources to achieve their goals, whether they sought economic advantage, strategic protection or conquest. Most recently, we learned from the New York Times that the United States and Israel may have collaborated in the development of the Stuxnet worm. Stuxnet was designed to attack Siemens controllers for industrial systems, like those used to run the centrifuges in Iran’s nuclear production facilities. Stuxnet was so successful that experts believe it may have damaged or destroyed more than 900 centrifuges, setting Iran’s nuclear-weapon-production capability back as much as five years.

Stay on top of evolving threats with the CSO Daily Dashboard

Stuxnet is a beautiful piece of cyber­engineering. But it points out a problem all security professionals face: You can’t defend against everything. The United States developed nuclear weapons without the assistance of modern computers. What’s to stop Iran, or any other nation with nuclear ambitions, from going old school? Every weapon used to attack will at some point be vulnerable to countermeasures. Controlling the sea? You probably don’t like torpedoes much. Controlling the air? You could do without surface-to-air missiles. Controlling cyberspace? You get the idea. If Iran were to unplug, its vulnerabilities would decrease.

Now reverse that idea: As we focus on defending against the latest and greatest cyberattacks, our adversaries can always go old school. Nowhere is this truer than in cyberspace, where old variants of viruses, worms and Trojans are still floating around 10 years after they appeared. Why is this important? Because as we focus on today’s threats we may forget to protect ourselves from simpler attacks that worked in the past. There’s only so much budget, only so many resources, that any entity can afford to dedicate to defense.

This is one of the reasons that security will never, ever be perfect. The abilities of our enemies to develop new, more sophisticated attacks will always outstrip our ability to defend against all threats. Because when we really get good at defending against their new attacks, they can and will go old school and run right through our elaborately designed defenses. While at some point we have to stop worrying about SQL Slammer, we can’t really afford to. Can we?