How is WWI Similar to IT Security Today?


One of the biggest relationships I see between the world’s first horrific war and the current state of IT Security. Hang with me as I explain.

The weapons of WW1 had never been tested on a mass scale. Prior to it the only other benchmark was a rather limited engagement in scale with the Russo Japanese War.

WW1 had no precedent. That last major war was the Napoleonic Wars that we had a hundred years earlier.

  • No one knew that machine guns would be such a huge killing machine
  • No one could plan for the scale of loss of human life lost – which was unimaginable. The number of people that died during the American Civil War was close to 600,000. 620,000 people died in the first two months of fighting in WW1.
  • No one would know that 29,000 British deaths on the first day of the battle of the Somme (largely in the first couple of hours) on 1 July 1916 would ultimately lead to 1.2 million soldiers ultimately dying in this battle alone.
  • No one knew how useless horses would be in the fight. In fact 1,000,000 horses left England to fight in the war and only 63,000 returned.
  • No one knew that all participants would break the 1907 banned use of poison gas.
  • No one knew how deadly, accurate and devastating artillery would be.
  • No one knew that Trench warfare would stalemate the war and stymie the smartest generals in the world.

The best podcast I ever listened to on WW1 history (any history for that matter) is called Hardcore History. The specific show is called Blueprint for Armageddon


We are in a similar situation now with IT Security and I compare it to WW1 because of the devastation that it is causing across the globe.

  • Ransomware has turned vicious and is up 500% over the previous year as reported in Symantec’s report.
  • The stakes are unbelievably high. A business can be taken to it’s knees by simply getting Cryptowall. Defending against Cryptowall and Cryptolocker.
  • The tools we have employed to defend ourselves are entirely inadequate.
  • JP Morgan invested $250M in security this year alone and yet 76 million individual records and 7 million small business records were stolen
  • The causalities of internet war are out of control – Verizon’s data breach investigation report

We need an armistice between countries – attribution.

In WW1 Russia tried to have a conference call to the Hague conference to put rules in place against the use of certain weapons. This was most likely due to the fact that they couldn’t keep up financially with the arms race that countries around them were going through prior to the start of WWI. Even though large scale killing hadn’t started there was an inkling it could happen given the type of weapons that were being built.

Seems familiar…..

The best standard I can find that would get all countries to agree to a certain set of Cyberwar rules is put out by IEEE in their rules for a “Geneva Convention” for Cyber Warfare.

What do you think?