It is a hundred years to the day since the Australian and New Zealand Army Corps (ANZACs) landed on a beach at Gallipoli, Turkey, to fight in a war — not a ‘cyber’ war, where people often lose web servers, but the type of war where people often lose mates, comrades, loved ones, and their lives. This is a change from my usual technical writing, and given the sensitive subject matter, the lack of sleep that I got last night, and the fact that I’m more comfortable writing about my technical endeavours, I’m hoping that I don’t cock this up.
I can’t imagine what it must have been like for our ANZAC diggers back in 1915, in fact I had to check that I was spelling ‘artillery’ correctly, but when I hear infosec (information security) professionals refer to a ‘cyber war‘, I wonder if doing so is underplaying what our diggers and soldiers worldwide have, and continue to, experience during war.
I attended my first ANZAC Dawn Service this morning, and heard soldiers’ accounts of the war from diaries, and from letters sent home to loved ones. Letters telling of the horrors of war — the conditions, the fighting, and the bloodshed — and that no doubt seeded countless prayers for their writer’s safe return.
It must have taken courage to do what they did — to head to a place they didn’t know, and to fight without knowing whether or not they would ever see home again.
The Australian Band 1927’s ‘Compulsory Hero’ expresses it nicely
So all that had to be heroes
went off to do their chores
none of them really would have known
how far a bloody war goes
they’re dying to make it home
In fact, there are a few songs that I think are quite apt.
The Band Played Waltzing Matilda (written by Eric Bogle about the war in Gallipoli)
I Was Only Nineteen (originally by Red Gum)
Compulsory Hero (1927)
Twenty years of working in IT hasn’t exactly endowed me with a lot of muscle strength, and the sore legs that I had after standing for just over an hour at the Dawn Service this morning are testament to that. Consequently I’ll be the first to admit that I’d make a pretty bad soldier, and I certainly don’t claim to be one, but I am fighting, along with a number of other infosec professionals.
However, we’re fighting against a different kind of attacker, in a different kind of war.
A war which is not fought in trenches, cold and damp in the winter, and sweltering hot in summer, with wounded and decaying comrades, the sight and stench of whom only serves to remind us of a fate from which we have not yet been spared.
A war which is fought in a place where the only stench comes from left over food in the fridge, and any flashing light is not that of exploding artillery shells, but that of a failing overhead fluorescent lighting tube. The sound of gunfire replaced with the sound of fingertips typing away, and of people’s discussions of lunch venues or the latest sports results.
A war where we don’t lose loved ones — in fact a successful identity theft attack may mean that we end up with duplicate loved ones, at least on paper — and missing colleagues return an hour later, the spatters on their shirt not a sign of blood shed, but of a misaligned napkin.
A war where the closest we’ve come to blood shed was the Heartbleed attack or, for the more adventurous amongst us, a slight disagreement with gravity during a lunch time bike (or unicycle) ride to help lessen an otherwise monotonous work environment.
A war fought in an environment from which we can expect to be released at the end of each day. The only flashing light then being that of the tail lights of vehicles lighting up our faces as we grumble about how bad the traffic is. Traffic delaying our arrival home to loved ones whose welcoming greeting is met with stories of our ‘bad day at the office’.
A war where the only sacrifices made are that of time and costs for equipment and training.
A war where Shellshock is not a psychological condition but a software bug that allows an attacker to send a ‘specially crafted’ string of characters designed to cause a command shell to execute commands of the attackers choosing, the closest we get to post-traumatic stress disorder is the realisation that we don’t know where our iPhone is, and losing our iPhone is the closest that we get to losing an eye.
Maybe we infosec professionals are fighting a war, but it is a different kind of war. A war with far less physical and mental dangers than the wars faced and fought by soldiers the world over, and let’s not forget that.
Lest we forget.