While previous wars have been centered on weapons systems versus battlefield assets such as tanks and soldiers, the next frontier could be more about network-based attacks versus the ability of nations and organizations to detect such attacks. Roughly a century ago, the world was similarly grappling with a new type of warfare: the one fought in the sky.
Not even 20 years past the Wright brothers’ flight, the airplane had demonstrated great tactical and strategic value in the first World War. Airplanes brought the ability to bomb enemy emplacements during the endless lock of trench warfare, leaving ground-based defenses inadequate at best. The best way to defeat an airplane was to send up another and shoot it down.
In early days of aviation, technology was developing at a rapid rate, much like computer technology is today. Developments in aerial technology quickly led to two types of military planes: the bomber and the fighter.
“The bomber will always get through”
To most, the image of a bomber may be relatively slow and lumbering, whereas a fighter is fast and nimble. In early aerial warfare, however, this was not the case. While interceptors were more maneuverable, their speed difference was negligible. Bombers’ larger size meant they could be fitted with more engines and aerodynamic wings, allowing them to fly farther and to out-last fighters.
With early warning systems based on sight and sound – seeing and hearing an attacking bomber – there was little reason to suspect proper air defenses could be mustered in time to fend off an attack before the munitions were dropped. In the period between World Wars I and II, the prevailing thought was: the bomber will always get through.
Today, that saying should be updated: “the hacker will always get through.” There’s no such thing as an impregnable computer defense. From finding holes in cloud security, coaxing employees into making mistakes, to exploiting zero-day vulnerabilities, a hacker who is determined, skilled, and well-funded is capable of breaking into any system, given enough time. A breach is as inevitable as post-war analysts expected a bomber over London to be.
Technological advancements make defense feasible
Obviously, analysts were a bit off the mark: aerial warfare was tremendously destructive, but it wasn’t unstoppable. Technology advanced in ways that made it more feasible to defend against an aerial raid:
- The invention of radar meant enemy aircraft could be detected at further range; giving far more time to scramble interceptors.
- Engine advancements meant interceptors were faster and more heavily armed, giving them the speed to catch up to bombers – and the firepower to shoot them down.
- Interceptor aircraft were supported by increasingly accurate and powerful ground-based defenses.
Similarly, advancements in cybersecurity make it increasingly feasible to defend against a cyberattack – or prevent one from happening in the first place:
- Protection built into operating systems is more powerful and more widely available than ever, and more frequent updates by vendors limit the window of effectiveness of zero-day exploits.
- Continued development and adoption of artificial intelligence and machine learning makes detecting network threats more feasible – particularly at early stages of an attack before any sensitive data is compromised.
- AI has gone beyond just detecting intrusion and towards what’s now called “active defenses.”
Continuing the analogy, the capability of AI to detect an attack early in the chain is like the development of radar, alerting human security professionals who are backed with robust automated defenses.
It’s not about perfect defense, it’s about cost effectiveness
Even given new advancements, military experts’ predictions weren’t completely wrong. As the occasional unexploded WWII-era bomb can prove, plenty of bombers did make it through.
However, new technology made these attacks incredibly expensive. Attacks were no longer about how many bombers made it to their targets, but how many of them made it home in one piece so that they could fly another sortie.
Every time a hacker tries to penetrate a network without success, they are expending something:
- Time. This may be in short supply if the window to take advantage of an exploit is closing.
- Effort. It can be frustrating working on a project without success.
- Resources. Every hack attempt has the chance of revealing how it was done, leading to new defenses.
For an attacker with resources, time, and enough motivation – such as state-sponsored hackers – these may not be barriers, and defenses will get tested.
However, for everyday cybercriminals, whose chief motivation is profit, effective cloud and on-premises security will eventually make the attack not worth their while. Military planners were always looking for lightly-defended targets. By fortifying virtual defenses the government can improve the chances an attacker will focus their efforts on a softer target.
Richard Henderson is head of global threat intelligence at Lastline, a cybersecurity company based in Redwood City, California.