From ancient Jericho through to medieval Constantinople, people built walls around cities as a main method of defense for around 10,000 years. But we don’t live in walled cities any more – why not? That’s a really big change, and it deserves an explanation.
You could say it’s because the cannon got too strong – what’s the point in building thicker walls if your attacker is just going to bring bigger guns to knock them down? There is some truth to this point; there’s no doubt historically that there was an arms race, but it’s not that simple. (American Civil War era forts show how you could still defend with earthen ramparts, even when you know both sides in the fight will bring cannon.) A better explanation is that cities became less worth attacking, because we stopped concentrating all our wealth in things that were easy for raiders to walk off with – mostly cattle and precious metals. This is a little harder to visualize than guns versus walls, because it’s all about intangible assets: bank accounts, credit books, networks of economic relationships.
The great American lesson on finance called It’s A Wonderful Life contains the right point – just because you put your money in the bank doesn’t mean it’s sitting there waiting for you, because that money is out working in the community, as a loan to someone else. These financial webs are decentralized, based on networks of trust, and they turn out to be both amazingly efficient and surprisingly resilient to all manner of attacks. This, in effect, is why we don’t need to live in walled cities anymore – because raiders can’t walk off with the money from the vault, because it’s not in the vault, it’s spread out across the community. You can’t steal a community – all you can do is install a new ruler over it (and that’s how wars go nowadays).
The threats are there
This takes on new resonance now that we’ve passed the 12-month mark of everyone working from home due to the pandemic. Our companies aren’t walled cities, but they certainly had a strong tradition of being centralized and walled off. A year ago, we suddenly found that we couldn’t do that any longer. I’ve spoken to many managers who were frankly surprised at how well it has worked to abruptly change the paradigm, and let people work out in the community, away from the supervisor’s beady eye, and outside the protective walls of the building or the network. Technology changes like video conferencing have made this far more practical than it would have been before, and in that sense we got lucky on the timing. Still, the same lesson comes through – distributed networks are surprisingly effective and resilient. Cloud has caused similar disruption for data centers – instead of one big building with a firewall at the edge, cloud fabric is more diffuse, with many interoperating sub-units, each of which may be harder to control (from a security point of view), but the whole is more resilient because it’s loosely coupled, not hard and brittle like old data centers.
Does this mean our security troubles are over, now that we’ve distributed the workforce and broken up the monolithic data centers? Far from it. Just ask the mayor of any major city whether they have an easy job. Sure, they don’t spend a lot of time worrying about cannons and breaches in the outer city wall, but they have plenty of other stuff to worry about. Indeed, the mindset of a mayor is the appropriate one for security teams navigating in today’s world. In the ancient past, a city leader’s job was to coordinate against one major threat – raids from neighboring cities or wandering bands. Call this a “mid-sized” threat.
A shift in the mindset
Defenses were designed with this in mind. Today, the threats to the people in a city fall into two very different extremes – local problems such as crime, or riots, or public health, and at the other extreme, nation-states and wars. We ask our mayors to worry just about the local scale – we don’t expect the mayor of LA to invest in nuclear weapons to fend off the Russians, we let the national government deal with that. Security is facing similar challenges – it’s one thing to fend off ransomware thieves just out for a quick buck, it’s quite another if a nation-state decides to, say, infiltrate the software supply chain of the very tools you use to monitor your network. The smaller problem is tractable, but the large-scale one is essentially impossible for individual companies to handle.
So our cities changed a few hundred years ago, and just recently, our digital world took a shock to the system and had to catch up after a comparable shift. The right mindset in security now is to think like a city mayor – how do you find all the things you’re responsible for? How do you map out what depends on what? How do you prepare in advance, using threat modeling, so that you are ready when the inevitable crisis comes along? How can you rehearse your emergency response plans, since it’s certain there will be an emergency sooner or later. Fortunately, digital assets are easier to map out using automation, so that you stand a fighting chance of being able to keep up with, and even protect, these distributed and rapidly changing assets.
Dr Mike Lloyd, CTO RedSeal
- Check out our list for the best web browsers
