eBook - ePub

A Vulnerable System

Name: A Vulnerable System
Author: Andrew J. Stewart

The History of Information Security in the Computer Age

Andrew J. Stewart

Share book

312 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

A Vulnerable System

The History of Information Security in the Computer Age

Andrew J. Stewart

Book details

Book preview

Table of contents

Citations

About This Book

As threats to the security of information pervade the fabric of everyday life, A Vulnerable System describes how, even as the demand for information security increases, the needs of society are not being met. The result is that the confidentiality of our personal data, the integrity of our elections, and the stability of foreign relations between countries are increasingly at risk.

Andrew J. Stewart convincingly shows that emergency software patches and new security products cannot provide the solution to threats such as computer hacking, viruses, software vulnerabilities, and electronic spying. Profound underlying structural problems must first be understood, confronted, and then addressed.

A Vulnerable System delivers a long view of the history of information security, beginning with the creation of the first digital computers during the Cold War. From the key institutions of the so-called military industrial complex in the 1950s to Silicon Valley start-ups in the 2020s, the relentless pursuit of new technologies has come at great cost. The absence of knowledge regarding the history of information security has caused the lessons of the past to be forsaken for the novelty of the present, and has led us to be collectively unable to meet the needs of the current day. From the very beginning of the information age, claims of secure systems have been crushed by practical reality.

The myriad risks to technology, Stewart reveals, cannot be addressed without first understanding how we arrived at this moment. A Vulnerable System is an enlightening and sobering history of a topic that affects crucial aspects of our lives.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is A Vulnerable System an online PDF/ePUB?

Yes, you can access A Vulnerable System by Andrew J. Stewart in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Cornell University Press

Year

2021

ISBN

9781501759055

Topic

Computer Science

Subtopic

Cyber Security

Index

Computer Science

Chapter 1 A “NEW DIMENSION” FOR THE SECURITY OF INFORMATION

In the late 1960s and early 1970s, a small group of academics and researchers developed ideas that would have profound effects on the modern world. Their dream was to create a future for computing where information could be protected. They believed that human beings would function as cogs in a rational machine that could then be operated by the United States military. The results of their efforts would indeed change the world but not in the way that they had intended.

That history is the provenance of information security today. Their work established the board on which the game of information security is played. The players are the organizations struggling to defend against computer hackers, the governments attempting to prevent leaks by insiders, and every person trying to protect their personal information. On the opposite side of the board are computer hackers, spies, and terrorists, but they are players too.

The academics and researchers were brought together by the US military—an organization with a long history of embracing new technologies, including the earliest computers. The influence of the US military on the development of information security is tightly coupled to the influence that they had over the development of computing itself. Beginning in 1943, the US Army financed the design and development of the ENIAC—the world’s first “electronic calculator.”¹ The designers of the ENIAC were J. Presper Eckert and John William Mauchly. Eckert was an electrical engineer and Mauchly a physicist, and both worked at the Moore School of Electrical Engineering at the University of Pennsylvania, a center for wartime computing. They formed the Eckert-Mauchly Computer Corporation in 1948 so that they could sell their ENIAC computers.²

The army used the ENIAC to calculate firing tables for artillery guns.³ The ENIAC was a machine well-suited for this task because the work involved having to repeatedly perform the same type of complex mathematical equations.⁴ Understanding and predicting the ballistics of shells fired from artillery guns was of great interest to the army due to the large number of new types of guns that were being developed to fight World War II.

The ENIAC was an impressive installation. It weighed thirty tons and filled an entire room with eighteen thousand vacuum tubes, noisy Teletype machines, and whirring tape drives.⁵ It used a vast amount of cables—cables that were vulnerable to hungry mice. When the ENIAC was being designed, Eckert and Mauchly conducted an experiment in which they put several mice into a box with various types of cable insulation. The insulation that the mice chewed the least was selected to be used in the machine.⁶

The operators of the ENIAC, who were arguably the first ever computer programmers, were six pioneering women who had been recruited by the US Army from the University of Pennsylvania.⁷ They were given the task of configuring the ENIAC by using their mathematical knowledge to wire different parts of the computer together. This would enable the requested calculations to be carried out.⁸ The contributions that they made to the ENIAC and to the field of computing have been recognized only in more recent years.⁹

In 1950, the Eckert-Mauchly Computer Corporation was acquired by the conglomerate Remington Rand. This organization was no stranger to the military market—they manufactured and sold conventional weapons including the now-iconic 1911 handgun.

After the end of World War II, the US military was facing a new set of challenges not directly related to war fighting. Many of those challenges involved logistics: how to most efficiently move around personnel and equipment and how to supply the large number of newly created US air bases around the world. To assist with these tasks, they looked to employ a successor to the ENIAC named the UNIVAC. The UNIVAC had also been designed by Eckert and Mauchly and sold for around a million dollars at the time.¹⁰ UNIVAC stood for Universal Automatic Computer, a name that was carefully chosen to indicate that the UNIVAC could solve general problems and was not limited to performing particular types of calculations.¹¹ This flexibility was a valuable innovation and made the UNIVAC especially attractive to the US military because they had many different types of problem to solve.

Three of the first ten UNIVAC computers to be manufactured were installed at US military facilities. The US Army, Navy, and Air Force each received a UNIVAC that they would use for their own specific needs.¹² The UNIVAC delivered to the air force was installed at the Pentagon in June 1952.¹³ It was used on an initiative code named Project SCOOP—the Scientific Computation of Optimal Problems. Project SCOOP used the UNIVAC to help solve logistics problems by performing mathematical calculations that involved almost one thousand variables. Unlike human mathematicians, the UNIVAC could deliver the answers to those calculations quickly. The project was considered so successful within the air force that the UNIVAC machine was still in use in 1962, at which time there were several other more sophisticated computers available. In the words of one of the Project SCOOP team members, “the digital computer triggered a vision of what could be accomplished.”¹⁴

That vision was expansive. The US military wanted computers to help break encrypted messages, to assist in the development of new weapons, to solve logistics problems, and for hundreds of other tasks large and small.¹⁵ They even speculated about using computers to support technologies that had not yet been built, such as for calculating the trajectories of satellites.¹⁶ The US military understood the benefits that computers provided, and so they expected the world at large to become increasingly computerized. Indeed, at the end of the 1950s and the beginning of the 1960s, there was a growing dependence on computers. This was also a period of great upheaval and advancement in computing, and those developments would have far-reaching effects on the security of information.

The computers of the late 1950s were baroque by today’s standards. Like an organist playing a pipe organ within a cathedral, a single operator would sit at the controls, surrounded by the machine. The computer did only what it was told to do, and when the operator stopped to think, the computer waited obediently. This created an inefficiency; computers were extremely expensive and ideally there would be no downtime where the computer wasn’t performing some calculation. The solution to this problem came in the form of a brilliant technical innovation: the development of computers with the ability to perform time-sharing. In a time-sharing computer the pauses taken by a user could be used to service other tasks. Even the minuscule gaps between keystrokes could be put to productive use. Several people could now use a computer at the same time, and the computer could operate in a manner where each user felt that they had the machine’s undivided attention.¹⁷ The experience of using a computer was transformed from one that was individual and solitary into one that was shared and collaborative. This change created entirely new categories of security risk. Because a computer could now have multiple simultaneous users, those users could potentially interfere with each other’s programs or perhaps see classified data that they should not see.

The idea of “classification” is at the heart of how the US military secures information. Documents are given a classification level such as Top Secret, Secret, or Confidential. A person is not permitted to view information that has a classification higher than their level of clearance. For example, a person who has only Confidential clearance cannot view information that is classified as Top Secret. One user of a time-sharing computer might have Top Secret clearance and another user might not. How could Top Secret information be stored and processed on that computer without exposing it? Before time-sharing, a computer could be locked in a room and a guard posted at the door. But a time-sharing system could have multiple terminals that users could use to interact with the computer, and those terminals could be spread around a building. This made the physical security of a time-sharing computer and the monitoring of its users much more difficult.¹⁸

The economic advantages that time-sharing computers delivered made it highly likely that their use would become widespread, and so time-sharing computers were expected to bring about a revolution in computing. The potential dangers to the security of information stored on computers would increase exponentially, and the fear of those dangers was felt by the US military and the defense contractors they employed. They saw these developments as a “new dimension” for the task of securing information.¹⁹ It was a problem the US military had to solve. They did not believe that they could accomplish the task alone, and so they enlisted partners. Those partners were other US government agencies such as the Central Intelligence Agency (CIA) and National Security Agency (NSA), alongside large defense contractors and think tanks. Preeminent among the think tanks was the RAND Corporation—the name being a contraction of “research and development.” RAND was a factory of ideas, a think tank that was already advising the US government on how to wage and win wars.

RAND was conceived in 1942 by Henry “Hap” Arnold, an air force general.²⁰ At the end of World War II, there was deep concern that the scientists and academics who had been gathered together for the war effort would disperse and that the US military would lose access to their expertise.²¹ Arnold pledged ten million dollars from unspent war funds to form RAND as a group that would provide a home for those researchers.²² In the decades to come, the air force would essentially provide RAND with unlimited funds—a blank check for attempting to solve some of the trickiest problems faced by the US military.²³

RAND researchers were initially housed in offices inside an aircraft plant at the Cloverfield Airport in Santa Monica, California.²⁴ In 1947, RAND moved to a building in downtown Santa Monica, just five minutes’ walk from the white sand of the beach.²⁵ The interior of their new facility was designed to maximize chance encounters between RAND staff members and thereby promote collaboration.²⁶ This is an approach to building design that is still used by companies today, including by Apple.²⁷ The RAND building was innocuous-looking, but it was formally a Top Secret US government research facility, with armed guards twenty-four hours a day. Every RAND employee had to receive a government security clearance, and until they received that clearance they were escorted everywhere inside the building—even to the bathroom.²⁸

RAND would initially report into the part of the air force hierarchy that dealt with research and development, and this placed RAND under the auspices of General Curtis LeMay.²⁹ If any person could be considered the historical heart and soul of RAND, it is LeMay. He played a key role in the development of the organization and imbued it with his mind-set and his approach to the world. Looking at LeMay with modern eyes, he appears to be a parody of the archetypal Cold War general. He had a gruff manner ...