What a 1788 Military Blunder Can Teach Us About Cybersecurity

In 1788, the Austrian Emperor Joseph II. led his army on a march through Romania. 100,000 men from at least ten different nations were in the field to meet a Turkish army holed up in the city of Caransebes.

In 2023, a CIO of a company that could be yours is evaluating the readiness of that business against cyberattacks. They employ about 3,000 people in offices in twelve countries. The CIO is reading up on statistics for 2023. 800,000 cyberattacks so far, one cyberattack every 39 seconds. Average reaction time: 49 days.

One of them is doomed already. The other still has time to learn.

The battle of Caransebes

They camped in front of the city while the cavalrymen were sent to patrol at night. After a few hours of darkness, the camp awoke to the sounds of rifles shooting and squadrons of riders driving their horses hard through the Austrian camp. There were shouts of “Turks! Turks have come!“ from several directions. Chaos ensues as infantry soldiers, who just woke up, grab their guns to find and shoot the closest soldier who speaks Turkish that they can find in the hot, messy mixture of total darkness, blazing fire, and choking smoke.

And before long, armed men shouting “Allah!“ are seen in the camp, brazenly without cover and waving their arms around in the air. With the enemy so deep inside the camp already, the artillery positioned on a hill nearby starts shelling the battlefield, hitting friend and foe alike.

After a while of this madness, Emperor Joseph orders a complete withdrawal from Caransebes.

Two days later, the Turkish army arrives at Caransebes and finds hundreds of dead or dying soldiers where the camp used to be. All of them are wearing Austrian uniforms. So, what happened?

The fact is, there was no Turkish attack that night, and the Austrian army attacked itself because of nervous soldiers, lack of discipline and organization, and serious language barriers between the troops. And it is a cautionary tale for modern-day data-using businesses even more than modern-day militaries.

What really happened

We have only scarce information on what really happened that night, but what seems to have transpired is that the cavalrymen sent out for patrols felt so stressed out by the thought of imminent battle that they sought out a supply of alcohol to numb their fear.

A group of infantry soldiers caught them in the act and demanded that they share the alcohol with them. The cavalry squadron, already intoxicated, refused the demand and began a firefight with the infantry soldiers.

Another infantry group of a different nationality rushed to check out the rifle fire sounds and seeing their comrades engaged in a skirmish with a group of men with curved sabers (which were quite normal with cavalrymen but are to this day associated by popular folklore with Turkey), they deduced in a split-second that it was a Turkish assault and ran to the camp to wake everyone up.

The cavalry, nervous and drunk, heard the call that the Turks had arrived and decided to run away, taking the shortest route out – directly through their camp. As the other soldiers woke up, they identified the fleeing horsemen as the Turks charging at them and either ran away or began chaotically shooting at them.

Most problematically, in their state of absolute confusion and agitation, they began to seek out whoever spoke Turkish and shoot them out of fear for their lives. But these men were often uneducated and had no clue what Turkish sounded like. And when all around them, they heard the other Austrian troops speak one of their ten native languages they also didn’t understand, they figured those must also be the Turks. Czechs fired at Hungarians, who fired at Serbs, who fired at Italians, who fired at Austrians, etc.

The Austrian officers who realized this tried to stop the violence by waving their arms around and shouting “Halt!“ meaning “Stop!“ in German. But the panicked troops just heard what they feared the most: zealous Turks shouting “Allah!“.

The artillerists who were removed from first-hand information just got the word that the Turks were massacring the camp and opened fire in a desperate bid to drive them away.

The Turks have won without even being there. And you may ask, what does this rather lengthy tale of an insane military screw-up that happened over 230 years ago have to do with modern businesses, cyberattacks, or data of any kind at all?

Well… everything.

The battle of databases

As mentioned before, there have been almost a million cyberattacks in the first half of 2023. No cybersecurity framework can hope to detect absolutely everything.

Emperor Joseph, in a sense, also did the best he could in order to protect his infrastructure from attacks and threats. He set up an attack detection system, using the highly mobile and nimble cavalry to look out for potential threats that would want to penetrate their defense and destroy their assets stored within.

But regardless of whether we are in 1788 or in 2023, there are always factors that can cause security frameworks to fail. Sometimes, it is human error. Sometimes, it is the unknown type of attack that causes the security to falter. In Joseph’s example, the security framework was prepared to counter threats of one type – a military assault – but completely vulnerable to a different attack – a psychological one. It was the idea and fear of the Turks that caused the Battle of Caransebes, not the Turks themselves.

Just like that, a cybersecurity breach often happens because the security framework in place simply doesn’t recognize a new type of malware.

Whether or not a cyberattack on you will successfully breach your security is never 100% in your hands. What is, however, is how you deal with a breach once it has occurred.

Second-line defenses

Emperor Joseph’s security was breached despite a security framework being in place. But the carnage that followed could have been avoided completely if he had the following things:

• Clear visibility into how his infrastructure was organized.

• Documented relationships and dependencies between elements of his infrastructure.

• Rapid response plan in place that utilizes the benefits of the first two points.

Imagine your organization is presently facing a successful cyberattack. You don’t want to be able to react in 49 days. If you cannot stop it from happening, you must try your best to stop it from spreading. That means that you have to preventively document all the possible data areas that could possibly be affected.

By knowing what data you keep and what is their purpose and relevance to your business, you’re not only clearly categorizing the areas in which an attack could occur, but you’re also getting closer to determining the attacker’s goal.

Such a level of visibility into infrastructure organization can be achieved in multiple ways, but the tried and proven one we recommend is by mapping out your entire data infrastructure and compiling this knowledge inside a data catalog. That alone doesn’t tell you more than the amounts of tables and columns you possess and where to locate them, much like a simple list of military units wouldn’t tell much about their purpose and capabilities to Emperor Joseph. But it’s a groundwork for something more significant.

The magic starts happening when you connect this rather dry inventory to the respective purposes of its elements. Knowing what the data in a specific table is used for is akin to knowing what the tactical purpose of a specific military unit in the coming battle is. It is important to know in both instances how exactly is this particular element of your infrastructure going to help you gain an edge over your competition.

Such information about the context and purpose of data is mostly stored in a business glossary, but without connection to specific data, a glossary alone lacks purpose itself. Only by connecting elements of the business glossary to the specific elements of the data catalog whose business purpose they describe will you get a benefit that greatly speeds up orientation and organization within your infrastructure.

Without it, locating data on a certain subject matter would become a long and tiresome process of asking people if they, by any chance, know where we can find a table with customer segmentation data that often, in itself, can take weeks to achieve. Or worse – finding somebody who knows why we keep a table of customer addresses for no apparent reason.

Right before a military engagement, a commander also wouldn’t want to spend 20-30 minutes finding an officer who, by chance, knows for what purpose is the 5th Rifles Regiment deployed on the left flank. Even more embarrassing would be to not be aware that there is such a regiment in your army group.

And in your company, chances are you are the commander. The one person that is responsible for many of the crucial battlefield decisions. Why would you ever let the organization slip out of your hands like that?

Under attack, cyber or otherwise, knowing what was attacked and what subject areas of your business (or tactical plan) that attack will affect are crucial to your formulating an efficient response.

And you can go one step further.

Order of battle

Knowing the business subject area, a data element is used to satisfy is very good. But it is even better to know what data elements are used or created by which business processes.

In a modern company, you will likely have hundreds of dependencies between business processes and data. Data are the red blood cells that flow between your systems, your employees, and your departments, carrying nourishing information from one to the next, then getting new information and continuing their journey through the bloodstream.

These connections inform us of what happens to all dependent and connected areas if a subject area upstream gets affected by something, for example, a cyberattack.

To keep up with our historical metaphor, visibility into dependencies between data and processes can be likened to a tactical plan created before a battle. It describes which units will be involved in the fighting, where should they be deployed, and – because battlefield maneuvering is a multi-step process – how the actions of some units depend on positive or negative results of actions of certain other units.

If the 5th Rifles Regiment fails to capture a crucial hill, the 3rd Cavalry Regiment cannot be sent over that hill since they would charge without the fire support. Likewise, if a customer registration process fails to capture the email addresses of registered customers, those customers cannot receive promotional newsletters as a part of the email outreach process.

As a battlefield commander of your organization, you want to know when one of your units was disabled during a cyberattack. With a clear process map documenting dependencies between business processes and data, you will immediately know how exactly the cyberattack is affecting your organization, and you can move forward to enact your rapid response plan.

As to what the plan should be, that much is up to you. If you’re attacked by malware designed to leak your data, you may want to disconnect and quarantine the affected system. If you’re affected by ransomware, maybe you can have an emergency redundancy system ready to be switched on and prevent your organization from becoming completely paralyzed.

Whatever your rapid response plan is, it is much easier to formulate it with the help of the abovementioned tools and practices than without them, especially now, when such tools are more affordable and widespread than they ever were before.

Conclusion

The Battle of Caransebes is a cautionary tale of a screw-up of incredible magnitude. While you probably think something similar is unlikely to happen to you, keep in mind that Emperor Joseph thought the Turkish army attacking two days early was much more believable than the fact that his soldiers just started shooting each other en masse.

Why not then take the precautionary measures, ensure this couldn’t happen to you, and benefit from faster and more efficient data management in the process?

Accurity offers not only solutions for a business glossary, a data catalog, process maps, and the lineages and connections between them but a whole range of other features and functionalities to help you be effective in your everyday data battles, such as data quality management, reference data management, or business data models.

If you are curious, you can see our experts create your use case-specific battle plans in real-time on your own personal live demo or watch one of our short videos explaining how they work in detail on our YouTube channel.