Cyber security is not an easy task to manage especially in the contemporary times. Cyber security is not just technical part but it also includes the legal aspects as well. This is the reason why cyber security is a techno legal field. We have been treating cyber security as mere technical field for long and this is not producing any productive results.
For instance, the Central Intelligence Agency (CIA) of United States has been struggling to deal with cyber security and computer security since 1968 and much before. At least the official records
about CIA’s involvement in the cyber security fields goes back to 1968 where CIA issued a cyber security warning to US government. This makes it almost 50 years of concern and expertise for CIA in the field of cyber security.
So it would be safe to conclude that US government is seized with cyber security related issues at least since 1968. And if US government is still concerned about cyber security, it means that by and large our cyber security efforts have failed to achieve the required goals. Meanwhile, President Donald Trump is about to sign an executive order
to strengthen US cyber security capabilities. This is in addition to the transborder hacking and search powers
of the Federal Bureau of Investigation (FBI) that gives the US law enforcement agency long arm jurisdiction. Despite all cyber power, US still believe
that cyber warfare is undermining its traditional defenses.
The problem with a sophisticated and global cyber attack is that we cannot ascertain the authorship attribution
with certainty in almost all cases. For instance, US has accused Russia of manipulating its elections results through cyber attacks whereas Russia has accused that CIA has hacked the Kremlin
. Who is speaking truth and who is speaking falsehood is not easy to ascertain in these circumstances.
As per the media report, the U.S. government has been in the cyber security business for many decades. In 1968, the CIA added a computer security subcommittee to the U.S. Intelligence Board, a government wide body convened by the CIA to coordinate intelligence efforts. The US intelligence community has been dealing with many of the problems of access control, physical security, contractor access, data verification and other issues that continue to plague government agencies even today. So the cyber security problems are persistent and ever evolving and this is the reason why laws of various countries are not even close to resolve such complicated cyber issues.
In February 1969, subcommittee participants were instructed to list in order of priority their computer security problem areas
. The NSA member said that access control topped the list, followed by computer malfunctions, information classification and physical security. An Air Force member wanted to prioritise the development of a method to securely erase the drums of magnetic storage tape containing highly classified information, when those tapes needed to be decommissioned. The Navy concurred in this judgement. The Defense Intelligence Agency sought to come up with a working definition of a system and its components as a first step to developing a computer security standard.
In one memo
, the group examined the security threats posed by the possibility of hostile exploitation of weak points in the computer operations of the intelligence community. In assigning this task to the Subcommittee, the Security Committee requested that the Counterintelligence Staff of CIA be asked to report any known cases where hostile services had attempted to exploit the security vulnerabilities of the computer operations. In addition, the Subcommittee was asked to study any possible threat of hostile penetration of the computer operations.
The memorandum also warned about the Soviet Bloc that had interest in the American computing technology. This means US was on loggerheads with Russia regarding computing technology and cyber security at least since 1968. So cyber espionage and cyber warfare are not new concepts but just new definitions for the old forms of computing espionage and cyber attacks.
The Subcommittee asked CIA counterintelligence personnel to look for possible examples of intrusion or exploitation by rivals. According to the memo's findings, the CIA and the FBI "were able to provide information on several cases involving hostile attempts to exploit either personnel associated with Community computer operations or personnel employed by American computing manufacturers having potential contact with government operations."
Additionally, that report confirmed the existence of vulnerabilities in intelligence community systems that were postulated as possible threats in a draft of a classified Defense Science Bureau Task Force report from January 1970 -- including one flaw that allowed for system-wide memory dumps to be initiated by programmers who were only supposed to have limited access. Another bug from back in the days of magnetic tape storage allowed users to bypass storage protection features of the IBM 360 system to access program data.
Information and communication technology (ICT) has significantly changed since 1968 and many more layers of complications and complexities have been added. This discussion by CIA is a hint how the future of computers, Internet and ICT can be changed by States and State actors forever.