1
Components with Known Purposes: Technologies

In Greek mythology, when Theseus left to fight the Minotaur, his father Aegeus asked him to replace the black sail of his boat with a white one if he returned victorious. Just like components of an information system, Theseus and Aegeus were exchanging information through a clearly defined procedure. An information system is not a computer system. Organizations can see their information system supported by a computer system, but the information system cannot be reduced to a computer system. Individuals, the users of the computer system, are components of the information system: they also process, store and spread information, whether through the computer system or not. In this way, they themselves are also entry points likely to constitute the insider threats that this book addresses.

This chapter will discuss the technologies that have been used by human beings to support and secure information systems throughout history. From the decrease in transmission time to the massification of the quantities processed, the purposes of these technologies have evolved through the years and led to the explosion of a threat that is still part of every information system: the insider threat.

It is not our intention to focus on a history of the concept of information systems, but rather on a history of artifacts and technologies implemented by human beings to support and secure it. In fact, for authors such as Weizenbaum [WEI 84]: “the remaking of the world in the image of the computer started long before there were any electronic computers”. Thus, the reader will see how, over the years, these artifacts have pursued goals such as decreasing transmission time, decreasing processing time or the massification of quantities of information in an information system. Each time, these artifacts have revealed new threats to the information system’s security and the history that we offer in this chapter is intended to make the reader aware of the possibility of threats that do not come from the technological component of the information system. Indeed, since the beginning of time, the human component of the information system has constituted an insider threat, as this history will demonstrate.

1.1. Up to the end of the 19th Century: decreasing transmission time

In the second Century BC, the Greek Polybius developed a system for transmitting information over long distances in a few minutes where otherwise several hours of travel on horseback would have been necessary [LAU 77]. An operator showed or hid torches behind two walls in order to represent a letter of the alphabet (Figure 1.1). In fact, Polybius proposed dividing the alphabet into five groups of letters, with the result that only two “digits” were sufficient to represent the entire alphabet. Table 1.1 shows Polybius’ code: to represent an “A”, a torch was raised on the first wall and another on the second (first line and first column); to represent a “Ω”, five torches were raised on the first wall and four on the second (fifth line and fourth column).

Figure 1.1. Artifacts supporting an information system in the second Century BCE ([LAU 77], source: Bibliothèque Nationale de France)

Table 1.1. Polybius’ code

1

2

3

4

5

1

A

B

Γ

Δ

Ε

2

Ζ

Η

Θ

Ι

Κ

3

Λ

Μ

Ν

Ξ

Ο

4

Π

Ρ

Σ

Τ

Υ

5

Φ

Χ

Ψ

Ω

Independently of any artifact, an individual, from the moment he/she exchanges information, places himself/herself in an information system in which he/she is a component. In this way, the author, while writing this book, is part of an information system and the reader, when he or she reads these words, is within an information system. Information systems are everywhere and very often it has been military motivations that have motivated humanity to perfect them, thus raising the question of the security of such systems.

Indeed, talking is a natural process for human beings who are able to comprehend the risks inherent in the security of the information that spreads when they talk. For example, a child knows that he/she risks being overheard. If we can imagine what dangers might threaten a messenger on horseback in Ancient Greece, it is also possible to see security breaches in Polybius’ information system: everyone has access to the information being transmitted. This awareness of security flaws is not natural for human beings insofar as the means of communication is not natural. The same thing is true when information systems within organizations are increasingly supported by digital artifacts.

From the moment it is supported by an artifact, an information system presents security flaws that we are not naturally aware of.

Although artifacts can give a false impression of security and lead to flaws that individuals must be made aware of, the fact remains that natural forms of communication can also lead to flaws that individuals must be made aware of.

Polybius perfected his system very quickly with the help of a password: one starts to fill in the square (Table 1.1) with the letters of this password and then completes it with the remaining letters of the alphabet. At the time, the message was indecipherable without the password. This kind of encryption with monoalphabetic substitution is easily decipherable today with an analysis of how frequently letters appear in a language. In French, for example, the letter “e” is the most frequently used.

There are documents attesting to the existence of systems comparable to Polybius’, although simpler, used by the ancient people of Europe and Asia. For example, the Roman army established telecommunication stations along Roman roads [LAU 77]. Trajan’s column in Rome provides a visual representation of these observation turrets equipped with torches (Figure 1.2). In China, the Great Wall was equipped with fires used to signal an attack. Brick cones full of wood and straw also served to create smoke to announce the arrival or retreat or enemy troops.

Figure 1.2. Artifacts supporting the Roman army’s information system in the first Century

In the Middle Ages, the Romans’ system fell into disuse in Europe while in Constantinople, signal lights remained in use for signaling Muslim incursions. Progress in physics in the 16th and 17th Centuries rekindled the idea of systems that could transmit information over distances at “great speed”. In France in 1705, the Royal Academy of Sciences wrote the following about the system of physicist and academician Guillaume Amontons:

“[Amontons’ system] consists of having several people in consecutive posts who, by means of telescopes, having seen certain signals from the previous post, transmit them to the following one, and so on, and these different signals are the letters in an alphabet whose code is known in Paris and in Rome. Most of the telescopes cover the distance between the posts, whose number must be as low as possible; and the same way the second post sends signals to the third as soon as they see the first post sending it, the news is sent from Paris to Rome in as little time as it took to send the signals in Paris”. [FON 05, p. 152]

The telegraph of the Chappe brothers (Figure 1.3) followed at the end of the 18th Century and was the first telecommunications network with a national scope. By defining the conventions and vocabularies, the Chappe brothers made it possible to link very precise signals to specific dispatches especially applying to the army. Figuier [FIG 68] explains how it works:

“The telegraph itself, or the part of the machine which creates the signals (fig. [1.3]), is made up of three mobile branches: a main branch AB, 4 meters long called the regulator and two small branches 1 meter long, AC, BD, called indicators, or wings. Two iron counterweights p, p’ attached to a rod of the same metal, balance the weight of the wings, and making it possible to move with very little effort. These rods are somewhat thin so they are not visible from a distance. The regulator is secured in the middle to a pole or at a height, that elevates above the roof of the hut in which the observation post is located”. [FIG 68, p. 51]

The key to the vocabulary changed frequently to keep the system secure and its use was then dedicated to military communications during the French Revolution. Some clandestine systems were nevertheless dismantled in the years 1833–1834, while businessmen wanted access to a telecommunications network for commercial purposes. In 1837, a law was passed giving the French state a monopoly on the transmission of information by telegraph or any forthcoming means of transmission. In France, only the French government could use, manage and install the means of transmission of information for 150 years. This was known as the Post,...