Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Eyal Benishti
Eyal Benishti
Connect Directly
E-Mail vvv

What the Battle of Britain Can Teach Us About Cybersecurity's Human Element

During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.

The theme for this year's RSA Conference was the "Human Element," which explored the role of humans in the context of machine intelligence. The RSA Conference organizers described this year's theme as follows:

New technologies like artificial intelligence and machine learning promise to fight the bad actors more efficiently than we ever could. And the wider, cheaper availability of advanced nefarious tools has democratized cybercrime. Humans, it seems, have been forgotten as key elements in this global fight.

Indeed, as our world grows more automated and our machines achieve greater intelligence, it's only natural to wonder: What role will humans play in the cyber battlefield of tomorrow?

Which made me recall a seminal moment in world history with an analogous theme: The Battle of Britain, a turning point in World War II as well as one of the first and perhaps finest examples of how an emerging technology was paired with human intelligence that, in turn, changed the course of history.

Defending a Sprawling Perimeter
By the spring of 1940, Hitler's army had run roughshod over much of Western Europe due in large part to the overwhelming superiority of the Luftwaffe, the largest and most powerful air force in Europe. Because the Nazis had taken considerable amounts of territory, the prospect of an invasion of the United Kingdom was no longer a question of if, but when.

The Nazi generals understood that occupying Britain would be far more challenging than the rest of the European continent because it was afforded protection by the English Channel. For a seaborne invasion to be viable, the Luftwaffe would have to soften the target through sustained air attacks with the goal of destroying the British Royal Air Force, its formidable Navy, and other critical infrastructure.

Meanwhile, the British forces were faced with a still more daunting challenge: How do you defend thousands of miles of unprotected coastline and quickly communicate verified air attacks back to central command in a coordinated fashion?

Machine + Human Intelligence
Unbeknownst to the Nazis, British intelligence had been secretly building and deploying a new early-warning radar system known as the Dowding System, named after Hugh "Stuffy" Dowding, the Commanding Officer of the Royal Air Force and the architect of Britain's first fully coordinated air defense system.

The Dowding System comprised three interconnected layers, two of which were based on the latest innovations in radar while the third was perhaps the most crucial, yet also the most primitive. The first layer, dubbed Chain Home, consisted of a series of 360-foot radar masts that dotted the southern and eastern coasts and could detect enemy aircraft from 120 miles away. A second array of co-located smaller radar, Chain Home Low, was deployed to spot aircraft flying below the sight line of the taller Chain Home system.

While early radar systems were effective in providing advance warning of an approaching formation, they couldn't provide important contextual information such as the altitude at which enemy aircraft were flying, or most critically, the types of planes being deployed.

To provide this critical context, the first two layers of radar were reinforced by the "human element" — a reconnaissance corps of 30,000 volunteers manning observation posts day and night, up and down the entire coast.

These observers were responsible for spotting and reporting enemy planes, providing essential intelligence to central command, including the distance and height of observed aircraft, their approximate bearings, and the types of planes in formation. This enabled confirmed reports of enemy raids to be relayed back to command headquarters in under 40 seconds, a remarkable feat that provided ample time for central command to scramble an appropriate response.

The genius of the Dowding System was not in its sophisticated radar capabilities but its ability to orchestrate these disparate machine and human intelligence feeds into a unified early-warning system. While the Germans were well acquainted with radar and were themselves utilizing it, they did not fully appreciate how the British were applying it within the context of an integrated air defense system.

Applying the Lessons of the Dowding System
So, what does all this have to do with cybersecurity and how might we as security leaders employ these lessons? There are a number of parallels that can be drawn from the Dowding System and applied to the modern application of real-time threat intelligence:

  1. Humans excel at providing context: Modern artificial intelligence (AI) engines can pattern match at a scale that humans simply cannot. But understanding context is something that even the most sophisticated AI struggles with.

  2. Orchestration enables self-learning: The ability to synthesize human insight and feed it back into the machine in an orchestrated manner is foundational for building a self-learning system.

  3. Crowdsourcing threat intelligence: A number of leading network and email security tools today are discovering the power of crowdsourcing threat intelligence by providing a mechanism to automatically share real-time threat intelligence across the network.

  4. A multilayered approach is key: No single system should be relied upon to protect your network. A defense-in-depth approach requires the layered application of multiple tools to ensure resiliency.

Interestingly, when we talk about cybersecurity, humans are often considered the "weakest link" in the cybersecurity chain. Whether it's the user who carelessly clicks on a phishing link or a network admin who applies the wrong software patch, we are imperfect by nature and bound to make mistakes. By the same token, those individuals with specific domain expertise are able to understand and interpret nuance in a way that even the smartest machines cannot.

Some 80 years ago, the British leveraged a combination of technology and human intelligence to turn the tide of the war. Security leaders would be wise to learn the lessons of history and consider how the human element can make their machine-based systems smarter, more responsive, and ultimately, more effective.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises. Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...