The Bomber Will Always Get Through: What Early Air Warfare Can Tell Us About Protecting Cloud Workloads

The Bomber Will Always Get Through: What Early Air Warfare Can Tell Us About Protecting Cloud Workloads

We’ve written before in this blog about the rise of asymmetric cyber warfare; it is feasible that the next major war on this planet will be less about missiles vs. tanks and more about computer worms vs. network threat detection. To get a sense of how this new type of conflict – whether it involves nation-states, corporations, or cybercriminal gangs – might develop, it may be wise to examine an oddly analogous situation. A century ago, the world was similarly grappling with a new type of warfare: One fought in the sky.

Not yet 20 years past the Wright brothers’ flight, the airplane had demonstrated great tactical and strategic value in the Great War – World War I. Airplanes had been able to bomb enemy emplacements during the endless lock of trench warfare, and ground-based defenses were inadequate. The only real way to defeat an airplane was to send another airplane up to try and shoot it down.

In the early days of aviation, technology was developing at a rapid rate, much like computer technology is today. It wasn’t long before developments in aerial technology led to these two types of military planes diverging into what we would now know today as “bomber” planes and “fighter” planes (then called “interceptor” or “pursuit” aircraft).

The Bomber Will Always Get Through

To a person familiar with modern military aircraft – certainly one in the post-“Top Gun” era – the mental image one might have of a bomber is something relatively slow and lumbering, whereas a fighter plane is fast and nimble, capable of flying rings around the former. In early aerial warfare, however, this was not the case. While interceptor aircraft were more maneuverable, bombers’ larger size meant that they could be fitted with more (and more powerful) engines and more aerodynamic wings.

A bomber would almost always out-speed an interceptor. Considering that, at the time, most early warning systems were based on sight and sound – seeing and hearing an attacking bomber – there was little reason to suspect proper air defenses could be mustered in time to fend off an attack before the payload would have been dropped. In the period between World War I and World War II, the prevailing thought was this: “The bomber will always get through.”

Aerial warfare was simply not defensible. Any war fought from the sky would simply result in mutually assured destruction, leaving cities on all sides in smoking rubble.

In the modern day, the saying should be updated a bit: “The hacker will always get through.” There’s no such thing as an impregnable infosec defense. Whether through finding holes in your cloud security, coaxing your employees into making mistakes, or exploiting zero-day vulnerabilities, a hacker who is determined, skilled, and well-funded will be able to break into any system, given enough time. Your on-site and cloud defenses won’t be enough; a breach is as inevitable as interwar analysts expected a bomber over London to be.

Technological Advancements Make Defense Feasible

Obviously, military analysts wound up being a little off the mark: Aerial warfare was tremendously destructive, but it wasn’t unstoppable. In the interwar years and throughout World War II, technology advanced in ways that made it more feasible to defend against an aerial raid.

  • The invention of radar meant that enemy aircraft could be detected well out of auditory or visual range; giving more time to scramble interceptors.
  • Advancements in engine technology meant that those interceptors were faster and more heavily armed than they had been, giving them the speed to catch up to bombers – and the firepower to shoot them down.
  • Interceptor aircraft were being supported by increasingly accurate, and increasingly powerful, ground-based defenses.

Similarly, technological advancements in cybersecurity make it increasingly feasible to defend against a cyberattack – or prevent one from happening in the first place.

  • Protection built into operating systems is more powerful and more widely available than ever before, and more frequent updates limit the effectiveness window of zero-day exploits.
  • Continued development and adoption of AI for security purposes makes detecting network threats more feasible – particularly at early stages of an attack before any sensitive data is compromised. Moreover, AI-powered network security becoming far more affordable than the cost of potential data breaches, making them more widespread.
  • Development of AI for security has gone beyond a world in which AI-powered security systems just detect intrusion, to one where they actively fend it off – so-called “active defenses.” For instance, a system that detects an attack coming in over a certain port can automatically shut that port off, or revoke access to a server based on suspicious activity from an account that has legitimate credentials.

To use an only slightly stretched analogy: The capability of AI to detect an attack early in the chain is like the development of radar, alerting human infosec professionals (scrambling interceptor aircraft) who are backed up with robust automated defenses (ground-based anti-aircraft guns).

It’s Not About Perfect Defense – It’s About Cost Effectiveness

Even given the new technological advancements between the end of WWI through WWII, the military experts’ predictions weren’t completely wrong. As the occasional unexploded WWII-era bomb proves, plenty of bombers – most of them, in fact – did still make it through. They reached their targets and dropped their payloads.

However, what the new technology did accomplish was that it made these attacks nigh-prohibitively expensive. Attacks were no longer about how many bombers made it to their targets, but how many of them – and their trained, veteran crews – made it home in one piece. The Luftwaffe suffered such severe losses over Britain that its leadership switched to the infamous night raids, which were harder to defend against, but also resulted in less accurate, and therefore less effective, raids.

Every time a hacker tries to penetrate a network without success, they are expending something:

  • They’re expending time, which may be in short supply.
  • They’re expending effort; it can be frustrating to keep working on a project without any success.
  • They’re expending potential resources; a technique that gets detected and rebuffed can be patched or fixed. Every hack attempt, therefore, may very well be burning its method, meaning it can’t be easily reused.
  • They’re expending money; if they paid to acquire any of the tools that they burned in an unsuccessful attempt, or if it’s simply just another day without a payoff, it’s a net loss to them.

For an attacker with nigh-unlimited resources and time and enough motivation – for instance, a state-sponsored hacker – these may not be barriers, and your defenses will keep getting tested. However, for everyday cybercriminal gangs, whose chief motivation is profit, effective cloud and on-premises security will eventually make trying to hack you not worth their while. Eventually, they’ll give up and look for softer targets elsewhere.

Lastline’s network detection and response solutions can be the defensive boost your business needs to fend off cyberattacks – the radar emplacements on the Strait of Dover, if you will. Contact us today to learn how we can start protecting your organization.

 

This post originally appeared in FifthDomain.

Richard Henderson

Richard Henderson

Richard Henderson is Head of Global Threat Intelligence, where he is responsible for trend-spotting, industry-watching, and evangelizing the unique capabilities of Lastline’s technologies. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground. He is a researcher and regular presenter at conferences and events and was lauded by a former US DHS undersecretary for cybersecurity as having an “insightful view” on the current state of cybersecurity. Richard was one of the first researchers in the world to defeat Apple’s TouchID fingerprint sensor on the iPhone 5S. He has taught courses on radio interception techniques multiple times at the DEFCON hacker conference. Richard is a regular writer and contributor to many publications including BankInfoSecurity, Forbes, Dark Reading, and CSO.
Richard Henderson