Cybersecurity expert David Rogers discusses the ever-evolving tactics of both attackers and defenders in his latest blog exploring how we can learn from history to inform future cybersecurity design. Read David’s full series of cybersecurity blogs: 1, 2, 3, 4
Security is sometimes described as an art form – whether you’re breaking security or making something secure, you have to be creative. It is a continuous game or duel of wits that has played out throughout history from the physical enclaves of castles through to the hardware of connected devices.
In the same way as modern cybersecurity techniques are constantly evolving to counteract defensive or attack techniques, the same happened with castles although over a much longer period.
In England in the 12th century, castles had become stronger over the years since the Norman invasion, because they needed to be – it wasn’t enough to create wooden buildings. There had been much learnt from the techniques for defence and attack used during the first crusade and these were being applied on both sides. Large siege weapons were being built and stone was the only way to defend against them. Some mechanisms for attack were abandoned as others became more effective, for example the battering ram was largely abandoned for the Trebuchet and subsequently in later centuries that was abandoned with the development of the cannon.
Depiction of a Trebuchet at the Siege of Acre (public domain image)
Using time and logic as mechanisms for defence
Building thick walls gave defenders more time. It is something that is under-utilized in the cybersecurity world, in my view. If a defender can increase the time (often through effort and cost) that an attacker needs to succeed in their objectives, the defender starts to get significant security gains. For example, they may hold out long enough to be relieved as I have discussed in an earlier blog. Time, incidentally is also how Napoleon lost the Battle of Waterloo in 1815, by starting late; and how Wellington won – by fighting a defensive battle, with von Blücher arriving just in time to relieve the British. But back to castles and trebuchets. Time can also cause an attacker to change tactics, which may not go in the favor of the defender. At Rochester Castle, England in 1215 during a long siege, King John’s trebuchets could not defeat the walls and a mine was dug under one of the corners of the castle’s keep.
The undermining was then completed by burning 40 pigs in the mine – the high temperature of the fire burnt all the mine props, bringing down the corner tower of the keep. This led to the demise of the defenders – but not directly, they retreated to the other half of the castle – there was a wall in between (a good layering of defence – or what we would call sandboxed in the technology world!). Eventually however, supplies ran out and the defenders surrendered.
Images: Clem Rutter, Rochester, Kent, CC BY 3.0
In the pictures above of Rochester Castle today, you can see the tower that has been rebuilt – it was rebuilt as a round tower – another example of defensive technological development and evolution over time; round towers are easier to defend and more robust against undermining. These new round towers (or drum towers) were more stable than ones with corners. Round towers also gave better visibility for defenders and little room for attackers to hide. They were also more secure against missiles such as stones from trebuchets or catapults.
When attackers were undermining a castle, there was not just one technique that they could employ, it depended on the situation and location as well as the backgrounds and cultures of those involved. Some attempts at undermining would get very close to the castle under the cover of a defended cart with a roof on, sometimes known as a ‘cat’. This could be parked above where diggers were building their tunnel.
Equally, defenders would seek to detect and discover any tunnels being dug. They could directly attack the entrance point if they could find it, or even dig into the tunnel from inside the fortifications in order to get to the miners.
Moats were a good example of a defensive measure which was not easy to circumvent. The natural landscape had been modified to create a large ditch surrounding a castle. The word moat originally comes from Motte and Bailey castles, from where the hill of the castle had been excavated. The moat prevented attackers from getting too near to the curtain wall of the castle, stopping ladders and siege towers from being placed against the walls. Attackers would need to build mud bridges across moats in order to bring up siege equipment, which was a hazardous operation for the attackers who would invariably be under fire from archers in the castle.
The moat at Caerphilly Castle, Wales. Image: CADW, license: OGL v1.0
Moats were not always filled with water, but if they were, they provided a very effective, almost natural defence against undermining. This kind of “logical defence” is something that can be brought into play in the hardware security world. An electromagnetic shield as a defence against side-channel attacks could be seen as a form of moat – it is something that can’t easily be defeated with a direct attack using the original method (i.e. measuring electromagnetic radiation). There are other logical defences in castles – the most famous being the direction of spiral staircases, often ascending clockwise, supposedly favouring right-handed sword-wielding defenders (although it is not proven whether this is a deliberately defensive feature of early castles).
Another thing that was common amongst castle defences that is rarely seen in the technology world is the sally port. A sally port had a number of functions:
- To harry the besiegers
- To forage for supplies
- To report that the castle is under attack and to get help
- To escape!
They were also relatively easy to defend – again a logical measure – it was a tight space that could not easily be entered by attackers without significant losses. They were generally hidden, sometimes in the moat, other times via tunnels. Windsor Castle has one confirmed passage which exits under a shop in the high street and there are probably others.
Whilst we don’t generally use this mechanism in technology, it is certainly worth thinking about. One form of example is burglar alarms. If an attacker cuts the wires to an alarm – they will often use out-of-band alerts by sending messages using a GSM SIM. This message to get help has resulted in burglars then responding by bringing GSM jammers to burglaries showing that attackers will always react.
In the future we could think about the possibilities of scenarios such as: if the system is under attack could we get the important data out and make the system useless or less valuable? This could be like the King escaping through the sally port – it potentially makes the whole attack pointless if the objective was to capture him. There are many potential options for the future for ‘digital sally ports’ as a form of active defence too.
Use of coercion as a tactic during sieges and in cyber attacks
Other techniques are always open to attackers that may ‘horrify’ defenders or cause them to submit to a siege via another way using coercive techniques. We see this in modern cyber attacks – demonstrations of power, for example blackmailers using DDoS demonstrations against systems to convince website owners and businesses to pay up. This is a tactic that has previously been used against gambling companies and banks.
Ransomware is another mechanism, usually against PCs, but more recently against cities, the attack against the US city of Baltimore’s computer servers in 2019 being the most prominent example. Although ransomware has been theorised against IoT devices, it hasn’t really manifested itself properly yet, apart from the odd TV running Android. Other coercion techniques can be used in the cyber world, just as in the historical world; it simply depends on the attacker’s objective.
In the future connected car, one could imagine an attack where the objective was the leakage of a car owner’s trip data into the public domain – there is a chance in some cases that this may be sensitive to that owner – perhaps they were conducting an affair or were moonlighting from their job, there could be many reasons. The attacker doesn’t actually care, they have coercive control over the user of the car and therefore, they’re more likely to pay up. This is also common in speculative phishing attacks which are a form of ‘sextortion’ or ‘webcam blackmail’. The phishing attack only needs to get a tiny number of users who are worried because they genuinely had secrets to hide.
This whole domain is a problem for technology companies – when the security of a system becomes strong, attackers often target the weakest link, the user, and use them as the agent of their attack.
The power of coercion was used in history to entirely defeat castles. One such example in England was in 1139. King Stephen succeeded in taking Devizes Castle from Matilda of Ramsbury by building a platform in front of the castle and putting her son on it, in chains and with a noose around his neck. She immediately surrendered the castle.
Keeping attackers out is not easy if you’re the defender! I’ve covered a lot in this blog and it marks the end of the series, I hope you enjoyed reading them as much as I enjoyed writing them. Hopefully it has got you thinking about what lessons we can learn from history to apply to future security problems!
On 20 November 2019, UltraSoC held a webinar hosted by security expert David Rogers MBE, CEO of Copper Horse and recently awarded MBE, and UltraSoC CSO Aileen Ryan.
On the webinar David Rogers discussed historical security measures and failures of hundreds of years that can help instruct the future of security design for hardware in connected devices.
If you would like to access a recording of the webinar, please click here