What we can learn about security from the Middle Ages.
The Middle Ages have always fascinated me, with its rich history of kings, queens, noble knights in shining armor, magical wizards, and grand castles. This historical period has held a special place in my imagination since childhood. My enchantment was kindled by experiences like attending the Texas Renaissance Festival, a yearly tradition with my father, and exposure to cultural gems like Monty Python and the movie "King Arthur," which I cherished during my youth. As well, my role as a Dungeon Master during extensive Dungeons & Dragons sessions with friends not only deepened my fascination with this era but also honed my problem-solving abilities, strategic thinking, creative solution-building, and a passion for researching complex topics.
When we compare the modern world to the Middle Ages, we can see remarkable similarities. From issues like border insecurity to recent conflicts such as those witnessed in Israel, economic instability impacting a significant portion of the global population, global pandemics, and the persistence of religious extremism, the parallels are impossible to ignore.
As we reflect on the Middle Ages, we can draw intriguing parallels with contemporary data security concerns. In that historical era, security was a pressing concern across different societal levels (similar to today). Small towns were frequently vulnerable to raids by larger towns with differing views, leading to dire consequences: towns burned, women victimized, resources looted, and people forced to flee for safety. To address these threats, small communities aligned with more powerful factions and constructed castle walls with secure gates to provide protection. However, determined adversaries adapted, developing siege equipment to breach the walls or forcibly enter through the gate. This sounds strikingly similar to today's cyber threats.
Recognizing the inadequacy of walls alone, medieval communities innovated by building fortified castles within the castle walls. These fortified castles offered an additional layer of protection for the community's most valuable assets, serving as a refuge in case of a breach and safeguarding the treasures of the realm.
The parallels with our modern cyber world are compelling. In the contemporary era, we confront persistent cyber threats, and traditional defenses, such as firewalls, passwords, and perimeter security (resembling castle walls), are no longer sufficient to protect valuable digital assets. Innovations in cybersecurity continually evolve to adapt to the ever-advancing tactics of malicious actors, much like the fortified castles of old adapted to changing threats in medieval warfare.
During the Middle Ages, even then, there was a challenge of encrypting messages sent from one location to another. This led to the creation of passing along a 'secret coded message' to eventually the Caesar cipher during Julius Caesar's time, providing a method for complex encrypting messages. The cipher involved shifting each letter in the plaintext by a fixed number of positions up or down the alphabet. While relatively simple, it added a layer of security to messages, making them more challenging for unauthorized individuals to decipher. The Caesar cipher serves as an early example of cryptography (a distant cousin from what we have today), laying the foundation for more advanced encryption methods used in modern information security. However, over time, the secret behind the Caesar cipher was revealed, much like today's encryption vulnerabilities due to quantum and AI threats. The days of protected secrets using mathematics alone are over.
Once walls proved no longer strong enough, encryption could be broken and secrets couldn't protect castles, leadership resorted to a distributed model of protection for a kingdom. The largest kingdoms chose to construct diverse castles in many different locations, some in almost impossible locations to reach. The idea was that if one castle was attacked, the others would remain standing, ensuring the survival of the kingdom and providing a place for armies to regroup, rebuild, and live to fight another day. It also allowed wealthy kingdoms a place to protect treasure and diversify risk. Aren't we doing that to some extent today in the cloud? Today's term for that is 'data diversity.' The challenge is, the cloud has challenges protecting data because, after all, they use math for security just like everyone else.
So, what lessons can we learn from the Middle Ages? First, castle walls are not enough; eventually, a determined adversary can breach the walls and find innovative ways to penetrate the inner sanctum of a castle. Encrypted messages can be intercepted, and adversaries have learned the secrets of our most advanced encryption. Today's encryption can be broken. Currently, our digital castles can be breached, and the methods of sending information to and from our castles can be intercepted. This is the current state of cyber security in our modern world.
Secured2 drew inspiration from the past, following the example of major nations like England in safeguarding their global assets. We adopted a strategy of decentralizing power by spreading influence and resources across multiple castles worldwide. This approach ensures that even if one castle is breached, the others remain intact, offering a refuge for recovery and continued operations. Additionally, we developed a method to break data down into binary fragments and distribute them across these castles. Breaching one castle yields no valuable data, as the intruder needs to breach all simultaneously and decipher a scrambled puzzle without the map. This map is also safeguarded to prevent breaches.
Ultimately, we can learn much from the past, and many of the challenges we face today are echoes of those encountered many years ago. While the form of these challenges has evolved, the core issues remain consistent. One truth that holds as true today as it did in the past is that the only way to protect something is through fortified security, authentication (verifying identity), and decentralization (segmentation of data). These three fundamental principles are at the core of Secured2.
Comments