Cybersecurity is the freshest thing out there. Few fully understand it but everyone now knows how important it is. But just because it’s new doesn’t mean lessons from the past can’t be applied.
That was the thrust of a presentation by ZeroFOX head security writer Spencer Wolfe and NATO Ambassador to the Cooperative Cyber Defense Centre of Excellence Kenneth Geers at this year’s RSA Conference in San Francisco.
Wolfe set up the conversation, offering five important lessons from the major battles that shaped the ancient western world, from the rise of Greece to the fall of Rome. Geers followed up each lesson with how it applies to the modern world of cybersecurity.
Lesson 1: Choose your battlefield.
The first lesson was taken from two of the most iconic and important battles of all time: the Grecian defense against the Persians at Thermopylae and Salamis.
In both battles, Greek forces held off significantly larger and better resources attackers by picking the best locations available. The Greeks knew their home turf and led the Persians into traps.
Similarly, an adversary might make initial inroads in an attack but a smart defense will leave them chasing their tails.
“As you architect your cyber defense, you should think in terms of traps, in terms of tricks, in terms of a unique style that no one has ever seen before,” Geers said. “Present the hacker with something that is a challenge because from the hacker perspective, your network is a black box.”
Lesson 2: Be original.
Later in Grecian history, the city-states often warred with each other, often using the same phalanx battle technique, with thin lines and the strongest troops positioned on the right side of the formation. However, during the battle of Leuctra, Theban general Epaminondas turned that tactic upside down, putting his best troops head-to-head with the strongest Spartan units on the field.
“The left side goes forward, meets the Spartans best troops and are able to break them … and of course when you see your best troops defeated and fleeing, the rest of the army folds,” Wolfe explained.
“Pitched battles and cybersecurity are games of wit,” he said. “Originality is your ace in the hole.”
Lesson 3: Know thy enemy.
Wolfe broke from the western-theme briefly to quote Sun Tzu, the famous Chinese philosopher who wrote “The Art of War.”
“If you know your enemies and yourself, you will not be imperiled in a hundred battles,” Sun Tzu wrote. “If you neither know your enemies nor yourself, you will be imperiled in every single battle.”
Wolfe pointed to Phillip II, father of Alexander the Great, as a perfect example of this tactic.
Phillip faced four major powers in his quest to conquer and unite the Greeks: the Paionians, Thracians, Dardanians and Athenians. Knowing he couldn’t take on all four at once, Phillip bought off the first two and married a Dardanian princess, enabling him to focus on defeating Athens.
Today, Geers said understanding the common thread in major cyber incidents can help defenders understand the enemy.
He pointed to Russia as the one to watch, as the country has been at the center of most major incidents since the 1980s. Knowing the kind of attack vectors and intent of the attackers will help defenders anticipate the next incident and mitigate the effects.
Lesson 4: Lead from the front.
Phillip’s son, Alexander the Great, surpassed even his father to become one of the greatest generals of all time. One of the reasons for his success was the unwavering support from his troops, largely due to his prowess as a general but also because he led them into battle from the front lines.
In modern times, we’ve gone from “Alexander the Great to Alexander the Geek,” Geers said, referring to former NSA and CyberCOM Director Gen. Keith Alexander.
Under his tenure, U.S. warfare took on a cyber element as never before.
“He oversaw the rapid expansion of cyber integration into signals intelligence,” Geers said. “Such that now if Seal Team Six goes into Libya, they not only have air cover but they have cyber cover taking them in and protecting them.”
Lesson 5: Fight fire with fire.
The final lesson was taken from one of Rome’s greatest defeats: the Battle of Cannae, in which the Carthaginians slaughtered the Roman army. Carthage used advanced maneurvering to flank the Romans on both sides, enveloping the army and closing off their retreat, Wolfe explained.
As the Punic Wars raged on, Roman general Scipio learned from that defeat and used the same tactics against the Carthaginians in the Battle of Ilipa 12 years later to great effect.
“The lesson here is not only to think like the enemy but also to act like them,” Wolfe said. “Act like a hacker. You have to both think and act like the adversary to understand the threat that’s coming in.”
Conclusion: The modern perimeter.
Wolfe wrapped up the presentation with a look ahead — namely the security issues posed by the widening perimeter caused by the spread of BYOD and the Internet of Things.
“The barbarians are at the gates and, unfortunately, there aren’t any gates,” he said. “The perimeter is that thin.”