Chapter 1
A âNEW DIMENSIONâ FOR THE SECURITY OF INFORMATION
In the late 1960s and early 1970s, a small group of academics and researchers developed ideas that would have profound effects on the modern world. Their dream was to create a future for computing where information could be protected. They believed that human beings would function as cogs in a rational machine that could then be operated by the United States military. The results of their efforts would indeed change the world but not in the way that they had intended.
That history is the provenance of information security today. Their work established the board on which the game of information security is played. The players are the organizations struggling to defend against computer hackers, the governments attempting to prevent leaks by insiders, and every person trying to protect their personal information. On the opposite side of the board are computer hackers, spies, and terrorists, but they are players too.
The academics and researchers were brought together by the US militaryâan organization with a long history of embracing new technologies, including the earliest computers. The influence of the US military on the development of information security is tightly coupled to the influence that they had over the development of computing itself. Beginning in 1943, the US Army financed the design and development of the ENIACâthe worldâs first âelectronic calculator.â1 The designers of the ENIAC were J. Presper Eckert and John William Mauchly. Eckert was an electrical engineer and Mauchly a physicist, and both worked at the Moore School of Electrical Engineering at the University of Pennsylvania, a center for wartime computing. They formed the Eckert-Mauchly Computer Corporation in 1948 so that they could sell their ENIAC computers.2
The army used the ENIAC to calculate firing tables for artillery guns.3 The ENIAC was a machine well-suited for this task because the work involved having to repeatedly perform the same type of complex mathematical equations.4 Understanding and predicting the ballistics of shells fired from artillery guns was of great interest to the army due to the large number of new types of guns that were being developed to fight World War II.
The ENIAC was an impressive installation. It weighed thirty tons and filled an entire room with eighteen thousand vacuum tubes, noisy Teletype machines, and whirring tape drives.5 It used a vast amount of cablesâcables that were vulnerable to hungry mice. When the ENIAC was being designed, Eckert and Mauchly conducted an experiment in which they put several mice into a box with various types of cable insulation. The insulation that the mice chewed the least was selected to be used in the machine.6
The operators of the ENIAC, who were arguably the first ever computer programmers, were six pioneering women who had been recruited by the US Army from the University of Pennsylvania.7 They were given the task of configuring the ENIAC by using their mathematical knowledge to wire different parts of the computer together. This would enable the requested calculations to be carried out.8 The contributions that they made to the ENIAC and to the field of computing have been recognized only in more recent years.9
In 1950, the Eckert-Mauchly Computer Corporation was acquired by the conglomerate Remington Rand. This organization was no stranger to the military marketâthey manufactured and sold conventional weapons including the now-iconic 1911 handgun.
After the end of World War II, the US military was facing a new set of challenges not directly related to war fighting. Many of those challenges involved logistics: how to most efficiently move around personnel and equipment and how to supply the large number of newly created US air bases around the world. To assist with these tasks, they looked to employ a successor to the ENIAC named the UNIVAC. The UNIVAC had also been designed by Eckert and Mauchly and sold for around a million dollars at the time.10 UNIVAC stood for Universal Automatic Computer, a name that was carefully chosen to indicate that the UNIVAC could solve general problems and was not limited to performing particular types of calculations.11 This flexibility was a valuable innovation and made the UNIVAC especially attractive to the US military because they had many different types of problem to solve.
Three of the first ten UNIVAC computers to be manufactured were installed at US military facilities. The US Army, Navy, and Air Force each received a UNIVAC that they would use for their own specific needs.12 The UNIVAC delivered to the air force was installed at the Pentagon in June 1952.13 It was used on an initiative code named Project SCOOPâthe Scientific Computation of Optimal Problems. Project SCOOP used the UNIVAC to help solve logistics problems by performing mathematical calculations that involved almost one thousand variables. Unlike human mathematicians, the UNIVAC could deliver the answers to those calculations quickly. The project was considered so successful within the air force that the UNIVAC machine was still in use in 1962, at which time there were several other more sophisticated computers available. In the words of one of the Project SCOOP team members, âthe digital computer triggered a vision of what could be accomplished.â14
That vision was expansive. The US military wanted computers to help break encrypted messages, to assist in the development of new weapons, to solve logistics problems, and for hundreds of other tasks large and small.15 They even speculated about using computers to support technologies that had not yet been built, such as for calculating the trajectories of satellites.16 The US military understood the benefits that computers provided, and so they expected the world at large to become increasingly computerized. Indeed, at the end of the 1950s and the beginning of the 1960s, there was a growing dependence on computers. This was also a period of great upheaval and advancement in computing, and those developments would have far-reaching effects on the security of information.
The computers of the late 1950s were baroque by todayâs standards. Like an organist playing a pipe organ within a cathedral, a single operator would sit at the controls, surrounded by the machine. The computer did only what it was told to do, and when the operator stopped to think, the computer waited obediently. This created an inefficiency; computers were extremely expensive and ideally there would be no downtime where the computer wasnât performing some calculation. The solution to this problem came in the form of a brilliant technical innovation: the development of computers with the ability to perform time-sharing. In a time-sharing computer the pauses taken by a user could be used to service other tasks. Even the minuscule gaps between keystrokes could be put to productive use. Several people could now use a computer at the same time, and the computer could operate in a manner where each user felt that they had the machineâs undivided attention.17 The experience of using a computer was transformed from one that was individual and solitary into one that was shared and collaborative. This change created entirely new categories of security risk. Because a computer could now have multiple simultaneous users, those users could potentially interfere with each otherâs programs or perhaps see classified data that they should not see.
The idea of âclassificationâ is at the heart of how the US military secures information. Documents are given a classification level such as Top Secret, Secret, or Confidential. A person is not permitted to view information that has a classification higher than their level of clearance. For example, a person who has only Confidential clearance cannot view information that is classified as Top Secret. One user of a time-sharing computer might have Top Secret clearance and another user might not. How could Top Secret information be stored and processed on that computer without exposing it? Before time-sharing, a computer could be locked in a room and a guard posted at the door. But a time-sharing system could have multiple terminals that users could use to interact with the computer, and those terminals could be spread around a building. This made the physical security of a time-sharing computer and the monitoring of its users much more difficult.18
The economic advantages that time-sharing computers delivered made it highly likely that their use would become widespread, and so time-sharing computers were expected to bring about a revolution in computing. The potential dangers to the security of information stored on computers would increase exponentially, and the fear of those dangers was felt by the US military and the defense contractors they employed. They saw these developments as a ânew dimensionâ for the task of securing information.19 It was a problem the US military had to solve. They did not believe that they could accomplish the task alone, and so they enlisted partners. Those partners were other US government agencies such as the Central Intelligence Agency (CIA) and National Security Agency (NSA), alongside large defense contractors and think tanks. Preeminent among the think tanks was the RAND Corporationâthe name being a contraction of âresearch and development.â RAND was a factory of ideas, a think tank that was already advising the US government on how to wage and win wars.
RAND was conceived in 1942 by Henry âHapâ Arnold, an air force general.20 At the end of World War II, there was deep concern that the scientists and academics who had been gathered together for the war effort would disperse and that the US military would lose access to their expertise.21 Arnold pledged ten million dollars from unspent war funds to form RAND as a group that would provide a home for those researchers.22 In the decades to come, the air force would essentially provide RAND with unlimited fundsâa blank check for attempting to solve some of the trickiest problems faced by the US military.23
RAND researchers were initially housed in offices inside an aircraft plant at the Cloverfield Airport in Santa Monica, California.24 In 1947, RAND moved to a building in downtown Santa Monica, just five minutesâ walk from the white sand of the beach.25 The interior of their new facility was designed to maximize chance encounters between RAND staff members and thereby promote collaboration.26 This is an approach to building design that is still used by companies today, including by Apple.27 The RAND building was innocuous-looking, but it was formally a Top Secret US government research facility, with armed guards twenty-four hours a day. Every RAND employee had to receive a government security clearance, and until they received that clearance they were escorted everywhere inside the buildingâeven to the bathroom.28
RAND would initially report into the part of the air force hierarchy that dealt with research and development, and this placed RAND under the auspices of General Curtis LeMay.29 If any person could be considered the historical heart and soul of RAND, it is LeMay. He played a key role in the development of the organization and imbued it with his mind-set and his approach to the world. Looking at LeMay with modern eyes, he appears to be a parody of the archetypal Cold War general. He had a gruff manner ...