I applied to a few more places this morning, watched a video or two for Cybrary
(does free Cyber Security training. Though they offer a lot more if you
pay a monthly fee. The training and mentorship sounds amazing, but I
don't think I can commit to paying that fee until I have a reliable
source of income again. Which really rather sucks. Ah, the things I
would do if I had the resources right now! I think I'd get VPN, and try
exploring the Dark Net a bit. Buy a new laptop, I wonder if I could get a
hypervisor one and set up multiple VMs? One for Kali Linux, one for
Windows... I suppose I could try doing it with what I have, and maybe
I'm just making excuses for doing nothing, but my current setup is...
just not conducive to it.)
Anyways, I was remembering something from my undergrad years and figured I'd share it here:
I think I had a stint where I answered phones for our ROTC dept, or something, because I remember raiding the military library in the back and reading quite a bit of what I found. Most of it was fairly typical stuff. World War II stuff, like A Bridge Too Far. Or Vietnam, or the Civil War. One book I found particular fascinating discussed the evolution of military technology and it's impact on how we fought. I tried looking it up much later, and I think it was called From Crossbow to H-Bomb. I may be pulling info from various other things as well, but it's interesting how something like a stirrup or crossbow or gun can change the way we fight.
Guns, in particular, were interesting because up until then a fighter had to go through years of specialized training, and spend quite a bit of money. Learning to use a sword is not something you can do quickly, and if you want to talk about knights you also have to talk about the cost of their horses and armor.
Guns, on the other hand, are something you can train people to use within a couple of weeks to months worth of time. Not only that, but you can train women to use them, and they'll be just as effective as the next guy. They were, in some ways, an equalizer in that a peasant army could reasonably challenge the nobility on the battlefield with only minimal training. (Add in mass manufacturing and, well, the current military environment is very, very different.)
There was also some stuff about whether military technology favors defense or offense. For example, castles were built back when it favored defense. A well designed castle, so long as it had food and water, was nigh impenetrable. Sure, a besieging force might have sappers undermine the wall or find some other way through it, but it took time. Laying siege to a castle could take years, and it was too dangerous to just go around them since it often left an enemy to your rear.
But things changed and walls are pretty much useless now.
Just consider how easily we can send bombers over them, and I'm not even mentioning modern artillery. Heck, a tank can probably take out a wall in reasonably good time, though I'm a little unsure how long it would take to create a hole in a really thick castle wall.
Really, current technology favors offense and will probably continue to do so unless/until we learn how to make force fields. (And maybe that's a prediction people will laugh at in a couple of hundred years, too.)
Anyways, thinking of castles, military technology, and all that reminded me of cybersecurity.
If I were to make an analogy - current defenders are trying to protect their castle. I'm oversimplifying that, as within the castle walls are towers that have their own security and constantly communicate with each other, but let's keep it simple.
Defending the castle.
The current threat environment, on the other hand, goes something like this. Expert hackers have learned how to mass manufacture magical spells and guns. Someone might march up to the castle and cast a spell, suddenly creating multiple clones of themselves that launch attacks on the castle... preventing anyone from going in or out. (In other words, a botnet launching a denial-of-service attack).
When the path to the castle is clear, others approach the front gates and use a magical spell to make themselves look like one of the castle citizens. They pass through security and onward into the castle.
Still others wander around the walls of the castle, casting spells that allow them to find hidden doorways and secret passageways.
And then there are still more attackers, who have information on people within the castle and are trying to convince them to let down a rope.
That's not even including the disgruntled castle citizen that decides to let down a rope or throw open a hidden door of their own volition.
Some of the attackers are doing it for fun, others are doing it to make money, and still others represent enemy nations, but they all have access to magical spells.
The problem isn't just the multitude of ways they can attack, the problem is also that the ability to attack has become mass-produced, so that all these various attacks may be occurring simultaneously. Numerous times a day.
And that is the current threat environment.
Anyways, I was remembering something from my undergrad years and figured I'd share it here:
I think I had a stint where I answered phones for our ROTC dept, or something, because I remember raiding the military library in the back and reading quite a bit of what I found. Most of it was fairly typical stuff. World War II stuff, like A Bridge Too Far. Or Vietnam, or the Civil War. One book I found particular fascinating discussed the evolution of military technology and it's impact on how we fought. I tried looking it up much later, and I think it was called From Crossbow to H-Bomb. I may be pulling info from various other things as well, but it's interesting how something like a stirrup or crossbow or gun can change the way we fight.
Guns, in particular, were interesting because up until then a fighter had to go through years of specialized training, and spend quite a bit of money. Learning to use a sword is not something you can do quickly, and if you want to talk about knights you also have to talk about the cost of their horses and armor.
Guns, on the other hand, are something you can train people to use within a couple of weeks to months worth of time. Not only that, but you can train women to use them, and they'll be just as effective as the next guy. They were, in some ways, an equalizer in that a peasant army could reasonably challenge the nobility on the battlefield with only minimal training. (Add in mass manufacturing and, well, the current military environment is very, very different.)
There was also some stuff about whether military technology favors defense or offense. For example, castles were built back when it favored defense. A well designed castle, so long as it had food and water, was nigh impenetrable. Sure, a besieging force might have sappers undermine the wall or find some other way through it, but it took time. Laying siege to a castle could take years, and it was too dangerous to just go around them since it often left an enemy to your rear.
But things changed and walls are pretty much useless now.
Just consider how easily we can send bombers over them, and I'm not even mentioning modern artillery. Heck, a tank can probably take out a wall in reasonably good time, though I'm a little unsure how long it would take to create a hole in a really thick castle wall.
Really, current technology favors offense and will probably continue to do so unless/until we learn how to make force fields. (And maybe that's a prediction people will laugh at in a couple of hundred years, too.)
Anyways, thinking of castles, military technology, and all that reminded me of cybersecurity.
If I were to make an analogy - current defenders are trying to protect their castle. I'm oversimplifying that, as within the castle walls are towers that have their own security and constantly communicate with each other, but let's keep it simple.
Defending the castle.
The current threat environment, on the other hand, goes something like this. Expert hackers have learned how to mass manufacture magical spells and guns. Someone might march up to the castle and cast a spell, suddenly creating multiple clones of themselves that launch attacks on the castle... preventing anyone from going in or out. (In other words, a botnet launching a denial-of-service attack).
When the path to the castle is clear, others approach the front gates and use a magical spell to make themselves look like one of the castle citizens. They pass through security and onward into the castle.
Still others wander around the walls of the castle, casting spells that allow them to find hidden doorways and secret passageways.
And then there are still more attackers, who have information on people within the castle and are trying to convince them to let down a rope.
That's not even including the disgruntled castle citizen that decides to let down a rope or throw open a hidden door of their own volition.
Some of the attackers are doing it for fun, others are doing it to make money, and still others represent enemy nations, but they all have access to magical spells.
The problem isn't just the multitude of ways they can attack, the problem is also that the ability to attack has become mass-produced, so that all these various attacks may be occurring simultaneously. Numerous times a day.
And that is the current threat environment.
No comments:
Post a Comment