This is the first in a series of blogs written by David Rogers (@drogersuk) of Copper Horse Ltd, which discuss how historical security measures and failures can help inform future security in modern connected device hardware technology

In this blog series, I’m going to mention castles a bit (amongst other things) – so, before I get started, I need to justify that slightly. The castle analogy has often been used when it comes to cybersecurity. It’s attractive – an easily understood concept of walls and layered defences, which can be visualized by a reader. Often the use of ‘walls’ is really used as a meta-physical boundary that doesn’t, in reality, exist and becomes unhelpful by promoting old-school notions of solely using ‘perimeter-based security’. The castle analogy can still be useful if not taken too literally, however there can be no true, direct comparison of cybersecurity to the physical security world of, what was a relatively short period in history. We can however learn much from the way attackers and defenders interacted and crucially, what worked. These lessons can potentially be carried into future security.

Castles developed from around the time of the Norman Conquest of Britain in the 11th century. Defences became more or less important, depending where they were, the particular period of history and the belligerents involved in any conflict. The evolution of different castle technologies is interesting to look at from the point of view of which were subverted by some extremely capable adversaries, as well as those which were compromised primarily by guile. Castles were not impenetrable and there are some very good examples which forced their security to be improved and to develop.

 

One of the first in Britain and the longest continually inhabited castle in the world – Windsor Castle.
Image: David Iliff. License: CC BY 2.5

 

 

Devices and castles

I tend to find myself thinking that, when it comes to the world today, particularly with a large proliferation of quite small, low-powered devices making up the Internet of Things (IoT), that we have lots of little outposts of endpoints that should be more secure, perhaps even castle-like in themselves. In some cases, maybe they should be outposts – within the sphere of protection of something greater which can provide help if needed. Devices come in many different shapes and forms – IoT extends across all business sectors and includes critical things like medical devices, automotive and space applications. They all have differing levels of security requirements and some of these are context specific to the environment they are used in.

Dynamic response and the lack of it

Many castles and fortresses were specifically built because the environment they existed in was hostile. The site itself was extremely imposing; a symbol of authority. If attacked and put under siege, the occupants were not likely to be relieved in a short space of time, but they usually had a garrison of defenders who could repel and harry attackers.

In many ways, the connected devices of today face a similar environment. The moment that a consumer product is put onto the market it faces attack – either by physical tampering and hacker reconnaissance work on the device or through the network when it connects – but unfortunately the device usually doesn’t do anything about it.

It was the hope of forces under siege in a castle that reinforcements would arrive to relieve them. Until that point though, the defenders did not just sit there – they had the ability to respond in a variety of dynamic ways, from cavalry riding forth into the local area outside the castle, through to the ability to leave under cover of darkness via a sally port to raise the alarm or to forage. In some cases, defenders were very lucky – Richard the Lionheart was injured and subsequently died from a crossbow bolt fired from the castle walls he was besieging in Châlus, France.

A well-defended castle could also continue to survive for a long-time, with its own well for water and enough supplies to be largely self-sufficient. One of the key strategic advantages of Edward I’s ring of castles around Wales was that some of them could be re-supplied from the sea and not be completely surrounded like previous castles. One such castle, at Harlech, held out for seven years during the Wars of the Roses.

 

 

 

Artist’s representation of Harlech Castle in the 1400s Image source (used under fair use): http://carneycastle.com/Harlech/index.htm

 

 

 

Many of the devices of today come with very little protection at all. A device is fundamentally based on a printed circuit board, with some hardware chips placed on it, running software. Many of these devices run the same common operating systems which are often pre-configured to be open and not secured and work from hardware interface standards which in some cases go back to the 1970s – with no security designed-in. With this reality, a device which is available to openly buy and which is connected to the open internet is totally compromised from the start. It is akin to putting a cloth tent in an open field in enemy territory (with the door open) and with no guards, so nowhere near a castle in terms of defence!

The same devices are also entirely static – if something were to happen, they’re not able to respond, even though the problems they face are well understood and likely. They can’t survive safety-related issues or outages because they’re simply not designed to deal with the real world. Having said that, there are some connected products out there that do security well, they follow best practices and are tested properly and follow a proper product security lifecycle. Even for these devices, however, they’re very limited when it comes to being able to respond to threats themselves.

If we’re to deal with the future world, devices need to be able to dynamically respond to emergent threats in a way that can detect, respond appropriately. Doing nothing is not an option. If devices are outposts or castles, they need to be garrisoned appropriately and able to respond until help arrives.

Part two in this blog series, discussing the problems of access control and some more lessons from history, is available here.

David Rogers is Founder and CEO at Copper Horse.

You may also be interested in joining our forthcoming  webinar, co-hosted by David Rogers and UltraSoC CSO Aileen Ryan, on ‘The Future of Hardware Security – How history can help’, on 20th November 2019. Please click here to find out more and to register your place.