by Jay Heiser | January 4, 2019 | Comments Off on Open Shares in the Trenches
Today’s open sharing of sensitive files from the public cloud parallels an information warfare problem from 1916. It should remind us that security always takes a back seat when there’s an urgent need to share data, and that there is nothing new about information war.
The fatal addition of 20th century weaponry and logistics to 19th century military approaches ensured that the first world war quickly devolved into a bloody stalemate. As the Allies and Axis dug into ever more elaborate and longer systems of trenches, military leadership was desperate for reliable communications systems that could enable spotters at the front of the lines to feed information on opposition activities back to the field command centers, and to help artillery crews improve their targeting. Human runners and visual telegraphs both proved impractical. Electronic communications systems, originally using Morse code and soon using voice, quickly became indispensable. Thousands of miles of copper wire were haphazardly pulled through wet Belgian clay.
The primitive communications technology unfortunately emanated signals that were carried through the wet soil by electrical induction, a signals leakage further facilitated by the jumble of barbed wire, rail lines, and abandoned copper wire that littered no man’s land. The Germans were the first to realize that the field communications could be detected, and they developed amplified equipment for sniffing out the British traffic. It didn’t take English intelligence long to realize that there was a leak, but it wasn’t until they interviewed a British civilian who escaped from the Germans that they learned the surprising source.
The response started with a requirement to change human behavior. A policy to use code words to obscure communications was only partially successful. The ultimate solution was a new technology. In 1915, Algernon Clement ‘AC’ Fuller, a signals Captain in the Royal Engineers, developed a new form of Morse telegraph that was not vulnerable to induction attacks. Referred to as the Fullerphone, a version was soon introduced that could support voice communications.
It took almost three years of effort to fully plug the leak. Policies restricting the use of the older communication systems, and the use of ‘plain text’ continued to be sidestepped. The first versions of the Fullerphone were considered clumsy and difficult to maintain. As a result, before the mid-1916 Battle of the Somme, German sigint teams were able to intercept British battle plans. Thousands of Allied soldiers died because the British were unnecessarily losing the infowar.
Over time, stories about what was actually happening were circulated and believed, creating a culture climate of receptivity to change. Officers who didn’t follow the new practices, or use Fullerphones, were disciplined, including loss of promotion and pay. It took a sustained multi-year effort involving cultural, technical, and economic controls to fully introduce policy-compliant trench communications systems.
I think its unlikely that thousands of people are at risk of death due to open shares from AWS S3, One Drive or Dropbox—but it is the case that every organization that has attempted to control open shares has discovered far more shared sensitive data than they ever expected. When people are asked to do a job, they tend to do their job, including using whatever tool ‘works’, especially when their management fails to provide them with a better tool. Encryption provides collaboration systems that avoid signals leakage, and CASB provides mechanisms to control the use of insecure systems, but history reminds us that it takes a concerted effort to change behavior, and apply secure communications technology.
When I first researched this story in 2002, I spent a couple of days visiting libraries in London, finding a copy of Priestley’s 400 page book, and several other references. Today, a great deal of material can be found online:
- Photo of the 1917 Fullerphone at the Imperial War Museum
- Stealth comms 100 years ago, in the trenches of World War One: a short technical discussion of the Fullerphone
- What is a Fullerphone and how does it work? a long technical discussion of the Fullerphone
- Communication on the Front Line: a summary of WWI trench communications
- WW1: First World War communications and the ‘Tele-net of Things’: a lengthier treatment of WWI trench communications
- World War One – A Revolution in Military Communications: article from Telecommunications Heritage Journal, Issue Number 88, Autumn 2014
- Signalling at the Battle of Passchendaele, July to November, 1917
By Dr Elizabeth Bruton
- Fullerphone references in The Signal Service in the European War of 1914-1918, by R.E. Priestley.
Read Complimentary Relevant Research
2019 Planning Guide Overview: Architecting Your Digital Ecosystem
Technical professionals are confronting increasingly complex technology ecosystems. They must overcome this complexity to create solutions...
View Relevant Webinars
State of Cloud Security
This webinar presentation will help you and your organization fully understand and address cloud risks. We will discuss the current and...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.