The theme for this year’s RSA Conference was the “Human Element,” which explored the role of humans in the context of machine intelligence. The RSA Conference organizers described this year’s theme as follows:
New technologies like artificial intelligence and machine learning promise to fight the bad actors more efficiently than we ever could. And the wider, cheaper availability of advanced nefarious tools has democratized cybercrime. Humans, it seems, have been forgotten as key elements in this global fight.
Indeed, as our world grows more automated and our machines achieve greater intelligence, it’s only natural to wonder: What role will humans play in the cyber battlefield of tomorrow?
Which made me recall a seminal moment in world history with an analogous theme: The Battle of Britain, a turning point in World War II as well as one of the first and perhaps finest examples of how an emerging technology was paired with human intelligence that, in turn, changed the course of history.
Defending a Sprawling Perimeter
By the spring of 1940, Hitler’s army had run roughshod over much of Western Europe due in large part to the overwhelming superiority of the Luftwaffe, the largest and most powerful air force in Europe. Because the Nazis had taken considerable amounts of territory, the prospect of an invasion of the United Kingdom was no longer a question of if, but when.
The Nazi generals understood that occupying Britain would be far more challenging than the rest of the European continent because it was afforded protection by the English Channel. For a seaborne invasion to be viable, the Luftwaffe would have to soften the target through sustained air attacks with the goal of destroying the British Royal Air Force, its formidable Navy, and other critical infrastructure.
Meanwhile, the British forces were faced with a still more daunting challenge: How do you defend thousands of miles of unprotected coastline and quickly communicate verified air attacks back to central command in a coordinated fashion?
Machine + Human Intelligence
Unbeknownst to the Nazis, British intelligence had been secretly building and deploying a new early-warning radar system known as the Dowding System, named after Hugh “Stuffy” Dowding, the Commanding Officer of the Royal Air Force and the architect of Britain’s first fully coordinated air defense system.
The Dowding System comprised three interconnected layers, two of which were based on the latest innovations in radar while the third was perhaps the most crucial, yet also the most primitive. The first layer, dubbed Chain Home, consisted of a series of 360-foot radar masts that dotted the southern and eastern coasts and could detect enemy aircraft from 120 miles away. A second array of co-located smaller radar, Chain Home Low, was deployed to spot aircraft flying below the sight line of the taller Chain Home system.
While early radar systems were effective in providing advance warning of an approaching formation, they couldn’t provide important contextual information such as the altitude at which enemy aircraft were flying, or most critically, the types of planes being deployed.
To provide this critical context, the first two layers of radar were reinforced by the “human element” — a reconnaissance corps of 30,000 volunteers manning observation posts day and night, up and down the entire coast.
These observers were responsible for spotting and reporting enemy planes, providing essential intelligence to central command, including the distance and height of observed aircraft, their approximate bearings, and the types of planes in formation. This enabled confirmed reports of enemy raids to be relayed back to command headquarters in under 40 seconds, a remarkable feat that provided ample time for central command to scramble an appropriate response.
The genius of the Dowding System was not in its sophisticated radar capabilities but its ability to orchestrate these disparate machine and human intelligence feeds into a unified early-warning system. While the Germans were well acquainted with radar and were themselves utilizing it, they did not fully appreciate how the British were applying it within the context of an integrated air defense system.
Applying the Lessons of the Dowding System
So, what does all this have to do with cybersecurity and how might we as security leaders employ these lessons? There are a number of parallels that can be drawn from the Dowding System and applied to the modern application of real-time threat intelligence:
- Humans excel at providing context: Modern artificial intelligence (AI) engines can pattern match at a scale that humans simply cannot. But understanding context is something that even the most sophisticated AI struggles with.
- Orchestration enables self-learning: The ability to synthesize human insight and feed it back into the machine in an orchestrated manner is foundational for building a self-learning system.
- Crowdsourcing threat intelligence: A number of leading network and email security tools today are discovering the power of crowdsourcing threat intelligence by providing a mechanism to automatically share real-time threat intelligence across the network.
- A multilayered approach is key: No single system should be relied upon to protect your network. A defense-in-depth approach requires the layered application of multiple tools to ensure resiliency.
Interestingly, when we talk about cybersecurity, humans are often considered the “weakest link” in the cybersecurity chain. Whether it’s the user who carelessly clicks on a phishing link or a network admin who applies the wrong software patch, we are imperfect by nature and bound to make mistakes. By the same token, those individuals with specific domain expertise are able to understand and interpret nuance in a way that even the smartest machines cannot.
Some 80 years ago, the British leveraged a combination of technology and human intelligence to turn the tide of the war. Security leaders would be wise to learn the lessons of history and consider how the human element can make their machine-based systems smarter, more responsive, and ultimately, more effective.
Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises. Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the … View Full Bio