The illusion of being in control –part 3 – castles from the clouds

Let me start with the last in our series of the illusion of being in control- we are at end the cyber awareness month- and what a month it was. If you want to know how to outnumber 1 to 200 read on. By the way it won’t be short, if it is too long save it when someone is watching Abbey on Netflix…

The now

We blindly put our data in the cloud based on trust and price and reputation .yet we don’t know how these castles in the cloud are capable to defend our data.We build castles in the sky like King Edward 1-aka Edward Longshanks with the extra ingredient -experience.

We found out that the Internet of things existing out of an army of poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers were capable of to combine and send packets to one or more specific targets and actually bring down companies like Twitter, SoundCloud, Spotify, and Shopify, Reddit and Heroku and Amazon through DDOS

Who did it?

Who shut down the US internet ? Results were devasting and were taking down internet ..

In the middle ages the equivalent of 10.000 `s archers raining hail with arrows.

But before they could set their arrows they needed to be armed with arrows since a bow on its own won’t do much, aka someone got first into the network before the device was compromised something most people tend to forget.

What we might forget is that this software is the same that has been placed upon many components that is currently controlling our power grids, factories, pipelines, bridges and dams. All sitting ducks and prime targets for digital armies are sitting largely unprotected on the Internet… since many of the computers controlling industrial systems are old and predate the consumer Internet… 57,000 industrial-control systems… more than any other country, “remain vulnerable targets. Predicting the DDOS attacks and the havoc they would rain down… Is Cyber Attack the next Pearl harbor by Lawrence J. Trautman Http://bit.ly/2cVFURY?

We still leave the trust at big institutions that are promising to defend us… -Google Found Disastrous Symantec and Norton Vulnerabilities That Are ‘As Bad As It Gets ‘regardless of the technology. If the technology that need to protect you becomes a liability , is the vehicle that is being used as an entering platform and becomes the Trojan horse that enters your company.

Symantec, which recently purchased the Bain Capital-backed cybersecurity firm Blue Coat for $4.65 billion, also employed open source code that it failed to update even after seven years of use, Ormandy notes. He lists the additional vulnerabilities in that code here.

A good relationship based on mutual trust, the bank in your village were we all went. You knew the banker but now the bank is gone an ATM machine took its place. Same with all other big products which is inherent on internal wanting to be flexible but not having control over the situation.

Are you secure? http://www.cbc.ca/news/technology/norton-antivirus-1.2694494

All vulnerabilities  and how do we counter breach.

So we developed a strategic strategy that goes back to Pearl Harbor: “The modern American intelligence community traces its roots to Pearl Harbor. Everything since that attack has been designed to prevent strategic surprise. We were surprised on September 11. People wanted to know why.” Gen. Michael V. HaydenFormer Director of the National SecurityAgency and CIA34

But is that so?

 

Step into my last time machine and learn from history and I show you why some cloud castles are more defendable than others.

We go back to medieval times –England and the battle with the Welch from 1284 to 1330

King edward 1 a giant for his time 1.88 m  known as Edward Longshanks and the Hammer of the Scots He was not happy with the riches of the Welsh and so Edward subjected Wales to English .

So he build an iron ring around wales which consisted of many castles , where his palace and seat would be Caernarfon Castle.

The design of Caernarfon Castle echoed the walls of Emperor Constantine’s Roman city of Constantinople, which also has polygonal towers and banded stonework, and was thus intended by Edward to be an expression of imperial power.

Caernarfon was built at a dizzying speed. Despite being built by hand, the castle appears to have been substantially completed in just five years to 1287.And its 12 magnificent, multi-angled towers indicate that it was a castle designed to be ‘a cut above’ the rest.

The style of these towers (some of which are octagonal, others hexagonal, and others are ten-sided) is significantly different to the gentler, more rounded profile of the towers on Edward I’s other ‘iron ring’ castles built in the same period – and these towers would have been much harder to build.

Invincibility lies in the defence; the possibility of victory in the attack. Sun Tzu Art of war

So how would that tie into cyber defense you would say , and I would say hold on.

The design was imposed by his wife Eleanor of Castile. She brought something to the table and that was tactics , experience and Seville and Cordoba Moorish Kingdoms that were conquered and all their tactics displayed to the Castilian kingdom. Not only did she bring her weapon into the design she brought some clever and proven defense mechanisms including tactics as well of the Moorish warriors into the cold and damp welsh lands.

 

So with this wisdom she instructed the master Master James of St George an architect who was in charge of building the castle what needed to be done , and the king didn’t shun expenses.. From 1284 to 1330, when accounts end, between £20,000 and £25,000 was spent on Caernarfon’s castle and town walls. Such a sum was enormous and dwarfed the spending on castles such as Dover and Château Gaillard, which were amongst the most expensive and impressive fortifications of the later 12th and early 13th centuries

A report on that time: ´In case you should wonder where so much money could go in a week, we would have you know that we have needed – 400 masons, both cutters and layers, together with 2000 less skilled workmen, 100 carts, 60 wagons and 30 boats bringing stone and sea coal; 200 quarrymen; 30 smiths; and carpenters for putting in the joists and floor boards and other necessary jobs. All this takes no account of the garrison mentioned above, nor of the purchase of material, of which there will have to be a great quantity… The men’s pay has been and still is very much in arrears, and we are having the greatest difficulty in keeping them because they simply have nothing to live on´

Don’t make direct connections to your IT department in defense of your network and compliancy demands….since cyberdefense will cost you money and not able being to get easily invaded seemed such a sum worthy.

The result was great and her tower resembled the weapon of Castilian including the three towers.

A brute of a fortress. Caernarfon Castle’s pumped-up appearance is unashamedly muscle-bound and intimidating. Picking a fight with this massive structure would have been a daunting prospect. By throwing his weight around in stone, King Edward I created what is surely one of the most impressive of Wales’s castles. Worthy of World Heritage status no less. Most castles are happy with round towers, not Caernarfon! Polygonal towers were the order of the day, with the Eagle Tower being the most impressive of these.

The shape of these towers instead being round but octagonal brought a big advantage..during the siege of Owain Glyn Dwr..

Get back into the fighting .

So when the rebel leader of the welsh ( in the eyes of the english) In 1403 and 1404, Owain Glyn Dwr came to the castle Caernarfon he was forging south west and taking Carmarthen castle, an important power base of the English and settlements across south Wales fell one after another, including Cardiff, Newport, Usk and Abergavenny he didn’t think this besiege of the castle, again in the name of Welsh nationalism (but this time backed by French forces) would bring him any trouble :

The troops called stipendaries with the 3000 fighting men of the french and 3000 of the welsh in 1403-1404 weren’t capable to conquer the castle he was, however, unsuccessful.

What makes this story so incredible is that the garrison at the time was around thirty soldiers.

And they warded of 6000 well trained soldiers, hardened on battlefields and keen marksmen with their bows.

I bring you to another viewpoint the one of the attackers and the rich preventive measures Eleanor of Castile placed upon the castle Caernafon.

First-all towers were connected by protected corridors on the top and on the bottom of the passageways . Not seen at any castles before , but enabled bowmen to move from one tower to the other without any arrows raining down on them that could inflict damage. They could move in stealth from one to another tower from the top of the tower but also from the bottom. Protected by the walls no arrow could harm them.

Second-they had not one bow slot but three dispersed in a 180 degree view.

In the caernafon castle the pillar  added extra defence  besides of being the darks so no archer on the outside could see you.

Look at the shape of the towers in front of it.If you are in front of those towers you are in crossfire and if you are behind it you are still in crossfire. If you do break in you are in a kill box, taking arrows from all the interior walls.

So now you know how to withstand an enormous attack how would that reflect back to your current environment of cloud storage, personal data and defense?

By taking the architecture in your controls you can go against current believe where you need to be notified –with high skilled cyber experts when it happens or worse when the data breach happened since they only looked at round towers overlooking the possibility to do something more smart will cost you more without any prevention .

All reactive on the left side of the Cyber bowtie  diagram showed below all on the right after the unwanted event took place .

Just because you haven’t heard of preventive methods doesn’t mean they are not readily available.

“There are a lot of point to point solutions out there, taking care only of your side of the value chain where the investments made in cyber security are based on trust, not proof”.  “By using the Triple A method we are moving from being reactive cyberfirefighters towards a strong preventive failsafe security Triple A switchboard that adds Cyber Intrusion Prevention beyond the cyber dikes.” Peter Rus says. “This translates into minimizing fall out and guarantee that the company is in control while building trust with customers and anticipate on cyber opportunities that Big Data, IOT and Mobility offer” Continuing: “I still see Cisco Pix firewalls and unpatched Symantec security solutions  out here connecting customers and their data solutions in the cloud, an equivalent of putting an unpatched windows XP station on the internet”.

Because not knowing that these controls are part of your business process can be lethal and one cyber exposure can mean a lot of mitigation costs, bad press, and loss of customer confidence, not even mentioning the fines. By using P@ssport Compliancy Investigation Architecture Assessment you get direct insight in your processes, your risks and where you need more control points to get in line with European General Data Protection Regulation, effective May 2018, and hereby radically reduce your overall cyber risk.

  • P@ssport Compliancy Investigation Architecture Assessment is directed towards governance and risk level at senior directors and/or board members to provide compliancy and real time insight.
  • P@ssport Triple A Against Attacks on Assets Strategy allows organizations to implement, sustain and maintain control mechanisms by using simple means.
  • P@ssport Triple A Cyber Risk Barrier Management will enable your organization to see what is missing and take appropriate measures without leaving you in the dark.

So if you want to turn the tide, don’t have as deep pockets as Charles 1 still are not sure about the effectiveness of round towers and want octagonal, others hexagonal, and or ten-sided defense?

Get in touch with P@ssport, explore what you want to achieve on premise or in the cloud and don’t be drawn back to glittering lights and beautiful promises without having a CIA of P@ssport-

Security from a different angle when you construct  octagonal, others hexagonal, and or ten-sided to defend your infrastructure , round is the legacy part of cyber castles. And then your  cyber castle in the cloud can be  victorious as Caernafon castle.P@ssport- we look at compliancy  with a different angle. Privacy by design .Have a right defense and keep the attackers out, we have the first preventive technology to aid you simple and secure your company into compliancy.

This is part of series written during october cyber awareness month

part 1 –the illusion of being in control part 1

part 2- the illusion being in control part 2

 

Become preventive and not reactive ! Don’t delay contact us today!

For more information:

Peter Rus

Chief Innovation Officer / Cyber Security Architect/

Cyber Inspector Architecture

P@SSPORT B.V. | Keizerstraat 17 | 2584BA | Den Haag | KvK 63236257 | IBAN: NL56INGB0006870395

Tel: +31 070-7370471 |info@cybersecurity.industries | http://www.cybersecurity.industries