Finding The Hidden InfoSec Story

What the Elizabethans Teach us About Cyber-Security

Photo Credit: david5151 via Compfight cc
Photo Credit: david5151 via Compfight cc

The year is 1586. In the middle of England’s Golden Age, Elizabeth I rules alone – confident, and yet in fear.

The Tudor dynasty had been secured on the foundations of illegitimacy, intrigue and disloyalty. With a claim at best fragile, cemented only by his marriage to the old king’s niece, Henry VII effectively legitimised becoming king by conquest and opened the floodgates for future foreign-backed military interference in the English monarchy.

As a result, Henry established an almost European-wide prototype MI6, with agents collecting information on foreign monarchs, subjects in exile and pretenders to the throne. When Henry’s granddaughter, Elizabeth I, faced the same dire international threats during her reign as her grandfather did, she again built up a network of espionage defence through the innovation of Sir Francis Walsingham – principal secretary, competent linguist and crucially, loyal Protestant – and her chief political adviser Lord Burghley. Although she had many threats during her reign, by the 1570s the threat was substantial.

Mary, Queen of Scots, a virtual prisoner in various English country houses from 1568 was the focus for the opposition. She was the heir to childless Elizabeth, and, crucially for many Continental monarchs, a strict Catholic.

Elizabeth, a moderate Protestant whose so-called ‘Middle Way’ aimed to end the decades of religious persecution by banning any form of religious extremism, nonetheless did not accept subservience to the Pope and followed the religion of the Lutheran revolution. The powerhouses of western continental Europe, namely the Kings of Spain and France and the Duke of Guise (the latter two were Mary’s relations by marriage and mother respectively), were desperate for England to revert to Catholicism and so sponsored a series of plots to try to put Mary on the English throne.

Elizabeth’s challenge

Having just emerged from what was effectively a civil war of ideologies between the strong English Protestantism of Edward VI and the strong Spanish-flavoured Catholicism of Mary I, Elizabeth faced not only the perils of foreign invasion but also rebellion from amongst her own subjects.

After the failure of the Throckmorton Plot, the ‘Holy Alliance’ of Spain, France and Guise conspired again through a group of English Catholics led by Sir Anthony Babington.

Walsingham, well aware of the danger posed to Elizabeth whilst Mary still lived, infiltrated Babington’s group and one of his agents gained their confidence. But for Walsingham, ardent Protestant and Elizabethan, this was not enough: he needed Mary’s head.

In one of the earliest recorded examples of a double agent, he turned Gifford, a Catholic, who engineered a plan to catch Mary out. By persuading a local brewer to allow Mary to send correspondence secretly inside beer barrels entering and leaving the country home she was being kept in, Elizabeth’s network gained a secret advantage.

By intercepting the barrels, decoding Mary’s basic code and making a copy of the letter, Walsingham kept Elizabeth fully informed of the plot, and, by inserting a postscript in Mary’s handwriting, gained the names of all the plotters. One letter fully revealed the extent of her guilt; she was accordingly convicted of treason, and duly executed in 1587.

What does the Tudor use of espionage teach us about cyber-security?

In the 1580s, the threat of barrel interception was unknown, just  like the zero-day cyber vulnerabilities of today. The proper security training for Mary’s entourage and the plotters would be to guard against anything unusual, excessive or unexpected, as it is for Internet users today. As the methods and means of communication multiply, it is less and less practical to tell people how to avoid specific threats, just as it became impractical as English espionage expanded and developed under Walsingham.

Proper training includes telling people to communicate as securely as possible, for example Mary should have used better encryption instead of a simple cipher.

But we also need to tell people to be ever vigilant. In the information security world, the watch-words must be, “If you see something, say something!” We can’t train every person in every specific threat they face. What we can do is train them to be cautious and questioning. With hindsight, the Babington plotters should have at least questioned the friendly approaches by English-speaking strangers in France, the randomly kind offer by the brewer and a request to name all the culprits.

The threat from governments who fear outside influence has also remained with us from Tudor times. Just as the Tudors gave their networks almost unlimited scope in penetrating the networks of those who sought to do them harm, some nation states do the same on the Internet today. Some Communist states truly believe that the West intends to bring down Communism and will do all they can to protect their ideology and political dynasty, as Elizabeth did to protect hers. Beer barrels may have been replaced by Trojans and watering holes, but the risks of compromise remain the same.

Share This Post On