Finding The Hidden InfoSec Story

We’ve Only Just Learned to Fly

Photo Credit: US Library of Congress via Google Images Public Domain Mark 1.0
Photo Credit: US Library of Congress via Google Images Public Domain Mark 1.0

December 17th is a red letter day in aviation as it marks the anniversary of man’s first ‘heavier than air’ powered flight. Unbeknown to the Wright Brothers way back in 1903, they were embarking on an adventure that would change the world for good, if not always ‘the’ good.

Indeed barely a day goes by when aviation doesn’t figure in the news. Recently we have been subjected to stories of tragic accidents, war, and increasing runway capacity to support the needs of travellers visiting London. What happened on that bleak North Carolina beach 112 years ago was to be a real ‘game changer’.

Having been brought up close to London’s Heathrow in the Seventies, I became fascinated by the whole concept of air travel. When the first Boeing 747s started transporting upwards of 400 passengers to far-flung destinations, we marvelled at how something so huge could actually get off the ground, let alone fly non-stop to Johannesburg. Then it was Concorde turning heads with its sleek lines and the earth shuddering roar that accompanied every departure, before whisking its hundred odd passengers at the speed of a bullet across the Atlantic to New York City in a tad over 3 hours! Coming back was even quicker.

Without doubt the Internet is having the same impact on the 21st century as aviation did for the 20th, but we are still in the early stages.  The basis of the Internet as we know it was established within academia in the early 1980s, somewhat akin to what the Wright Brothers were up to with their plane in 1903.  The first fare-paying passenger took to the air about 11 years later, which sort of approximates to the arrival of the first Internet browsers. So using similar time lines to extrapolate the evolution of the Internet, in its current guise what we are experiencing today equates to the maiden flight of the venerable DC3 Dakota back in 1935 –  an aircraft that was built in such numbers that a good many well maintained examples still ply their trade 80 years on.

The interesting thing is that flying in a DC3 in the mid-thirties was a far more risky proposition then than it would be today. The reason is that whilst the principles of flight that got the DC3 off the ground then remain the same today, our ability to manage risk where flying is concerned has evolved exponentially.

Pilots are, without doubt, better trained, maintenance is more rigorous, and technology has significantly enhanced our ability to communicate, navigate, and manage increasingly crowded airspace. But none of this would have been achieved without an innate ability for aviation to learn from its mistakes. Indeed the whole industry has developed an unrivalled ability to forensically analyse every incident, be it a near miss or an unprecedented catastrophe, such that the intelligence derived can be used to constantly reduce risk into the future.

There are many parallels when it comes to cyber security. Users are now more aware of the ‘riskscape’, and there are masses of tools on the market to help defend businesses and individuals within an evolving ‘threatscape’. But data compromises can and do happen all the time. Each significant advance in the evolution of aviation took with it the lives of test pilots and fare-paying passengers alike. The benefits of air transportation were there for all to see, however it was acknowledged that safety was what would ultimately make or break the industry.

I would be prepared to argue that we are still in the age of the DC3 where cyber security is concerned. We are still pushing the envelope of what is possible with the Internet, and the commercial benefits outweigh the perceived risks to individual organisations, with a sort of “there but for the grace of God go I” attitude often prevailing.

There is no argument that we are well beyond the point of no return, but to continue ‘onwards and upwards’ we need to learn from those early fliers by getting smarter at using and sharing cyber threat intelligence for the greater good of the interconnected world, upon which we have all come to rely.

Author: Richard Jones

Share This Post On