The Conundrum of Walls
The Diaoyu Fortress was a 13th century city in western China, legendary for its resistance to destruction by invading forces. For more than 30 years it successfully resisted more than 200 efforts by Mongols to breach its massive walls.
Like Diaoyu, today’s computer networks are protected by walls separating our safe place from intrusion by barbarians. How much higher must we make them to keep out intruders? How much thicker to stop our enemies from breaking them down?
Let’s face it. We rely too much upon walls. We discuss height and thickness more often than we acknowledge the less secure doorways. We need to step back, recognize that passageways are the weakness, and fix the problem.
More recent history than the Song Dynasty supports this premise. The German Enigma machine was a formidable “wall” encrypting radio communications. By the time of its military use in the Second World War, an intruder needed to find the exact “password” from 159 quintillion different possibilities.
The combination was changed every day. By trial and error, a successful effort was valid for less than 24 hours.
We cannot build the walls high or thick enough unless we redesign the whole system to recognize that the Internet is not a fortress city.
Was the system impregnable? Not at all.
The Allies did not succeed in breaching the wall. Instead, they concentrated on the traffic.
By a combination of operator mistakes, the capture of documents and machines, and procedural errors, they entered the system every day and read communications that totally compromised the security of German military forces. The Allies went through the doorways. That is the story of hackers today.
To update the lesson from the Enigma machine, we need to distinguish the differences among social media, email, and serious system security. For Facebook, nothing is safe.
In the language of the Sopranos, “fuh ged da boud it” when it comes to securing anything. Email is more consequential so we secure it by starting our password with a capital letter and ending it with a number.
“Password1” feels sufficient even though it can be cracked by hackers in no time at all. Not a good idea for our bank account, compared to something like [email protected]# that can also be remembered without too much difficulty.
The more consequential cybersecurity issue involves the infrastructure of the Internet and other electronic systems. We need a far-better structure to protect us from attacks on power plants, telecommunications, financial systems, and a myriad of vulnerable organizations.
We cannot build the walls high or thick enough unless we redesign the whole system to recognize that the Internet is not a fortress city. It is a highway for communications and increasingly a tool to support our lives whether at home, in our cars, and everywhere else.
At the moment, our security walls do not protect us from egregious misbehavior. We can visualize a sign above our computer networks.
“Through these firewalls pass the best people in the world. Also, ultra-sophisticated hackers, authorized users who do not protect their passwords, and disgruntled parties who seek to do us harm.”
Our computers and networks must always have highways and access points. We should always add more height and thickness to the walls. We desperately need better strategies to guard the openings.
How do we provide protection and access 24 hours a day in a complex and changing world? This is the cybersecurity conundrum of walls.