In 2023, we’re more reliant on computer systems than we ever have been. No matter where we are, the range of devices that constitute the Internet of Things makes life easier for us at every opportunity. From phones and laptops to smart fridges, heating systems, and pacemakers, technology has literally become a part of us.
However, this reliance on our devices provides hackers, scammers, and criminals with ever more opportunities to gain access to our personal information, finances, and even our workplace data. The more sophisticated our devices’ firewalls and anti-viruses become at preventing these attacks, the better the hackers get.
But where did cybersecurity start and how have the tried and tested methods of prevention come to be? We can learn more about the best tools and techniques for online safety, as well as the changing nature of cybersecurity, by exploring its development. In this article, we’ll take a look at the history of cybersecurity and how experts believe building upon old systems can still protect us today.
The History of Cybersecurity
Let’s take a look at the origins of cybersecurity and how responses to past threats have shaped today’s preventative landscape.
Creeper and Reaper
Ironically, the malware wasn’t created with malicious intent. Instead, it was an almost-accidental discovery by BBN Technologies employee Bob Thomas. In 1971, while attempting to create a system that would allow multiple users to ‘share’ the resources of a single CPU, known as a time-sharing system, Thomas discovered that a computer program could move through a network of computers and leave a trail.
Interested in the potential for a self-replicating program and communication between computers, Thomas designed the malware to move through time-sharing terminals on the ARPA network. He named the malware ‘Creeper’, and in a move that would inspire many a hacker movie in the years since, programmed Creeper to print a message from all infected devices; ‘I’M THE CREEPER: CATCH ME IF YOU CAN.’
While Thomas never intended to do damage, and while Creeper never acted maliciously beyond annoying ARPANet’s users, it did highlight the importance of catching and stopping such malware. Creeper met its match with Thomas’s research colleague, Ray Tomlinson, creator of email. Named Reaper and designed to delete Creeper, Tomlinson developed the first actual self-replicating program and anti-virus software.
The Morris Worm and Commercial Anti-Virus
Almost 20 years after Reaper, commercial anti-virus programs were the newest, and by many accounts, the first instances of coordinated cybersecurity made available to the masses. Andreas Lüning and Kai Figge, working to protect the Atari ST personal computers, created the Ultimate Virus Killer. In the same year, NOD antivirus came into use and McAfee was founded with the release of VirusScan.
However, despite more people installing anti-virus on their personal and work computers, the malware was about to evolve yet again. In 1988, graduate Robert Tappan Morris was intrigued by viruses and wanted to create his own. Looking to impress MIT, he released his worm, which exploited weak passwords, onto their network. In a mistaken move, Morris tried to one-up system administrators by instructing the virus to replicate itself. As a result, some computers were infected several times, slowing them down until they were barely usable.
Although an impressive evolution for malware, the Morris Worm landed its creator with a fine of $10,050 and 400 hours of community service in violation of the Computer Fraud and Abuse Act. People quickly became aware of how important strong passwords were to protect their information and hardware. It also caused many defense agencies to rally for the creation of a central network that could prevent and remedy coordinated attacks like the Morris Worm. This was realized with the establishment of CERT/CC in late 1988.
The Dawn of the Information Age
The internet had become a part of millions of lives by the beginning of the 1990s. An unprecedented amount of data was available on the new world wide web. This also meant that organized criminals could gain access to valuable information with historic ease, using the techniques that had been pioneered by researchers back in the 70s.
Attacks and scam attempts were more frequent than ever, and commercial anti-viruses quickly kicked up a gear to protect the average citizen’s data. But, in 1998, the most sophisticated cyberattack yet seen was launched on the Department of Defense. The subsequent investigation, named ‘Solar Sunrise’, involved the CIA, FBI, NSA, NASA, and DOJ, who suspected Iraqi information warfare. Instead, the attack was launched by three high school students.
The Solar Sunrise incident made it clear how important constant cyber vigilance was to everyone from the individual in their own homes, to governments protecting entire populations, and how cybercrime could be used to steal national secrets and incite information warfare. Improved intrusion detection and early warning systems for cyberattacks were pioneered by the National Infrastructure Protection Center and quickly filtered down to the masses.
The New Millennium
The battle between cyberattacks and cybersecurity became a vicious cycle, as both evolved to keep up with the other. The new millennium saw the number of online attacks using viruses, malware, scams, and frauds skyrocket. In response, new laws were created across the world to criminalize these actions and ensure victims were adequately compensated.
As the 2010s progressed, the Blaster Worm and SQL Slammer caused widespread disruption on both home-based and industrial computer networks, while governments battled through state-sponsored cyberattacks like the Stuxnet Worm and Operation Aurora. In 2013, the Edward Snowden leaks brought increasing attention to government surveillance, as well as to the value of our information and data being stored and shared online.
In the decade since, the growing number of devices and an exponential amount of data being shared on the internet have made clear the need for advanced preventative cybersecurity, from the highest echelons of government to the smallest smartwatch. Nowadays, many individuals receive cybersecurity education as part of ICT in schools, and attack prevention software is standard on all operating systems. But, as the cat-and-mouse game between attacks and security continues, what does the future of cybersecurity look like?
The Future of Cybersecurity
Throughout the last 40 years, it’s become clear that anyone can fall victim to a cyberattack. However, how we protect ourselves is much the same no matter how valuable our data is. This united front is all-important according to Brad Smith, President and Chief Legal Officer at Microsoft:
“We are witnessing a rise of large-scale attacks on critical infrastructure. Governments, the private sector, and individuals all must play a part in strengthening our ability to safeguard the digital world we depend on.”
No matter if we’re at home or acting as an employee, we all have a shared responsibility to protect our devices and prevent viruses, malware, and online fraud attempts from spreading through our networks. Analyzing disruptive attacks such as the WannaCry ransomware of 2017, it becomes clear just how important one device can be in the spread of malware to millions of others. A coordinated prevention effort and understanding of where we sit as individuals in the Internet of Things will be key to protecting our data at large.
However, Kevin Brown, former Managing Director of BT Security in the UK, provides a slightly gloomier outlook on the future of cybersecurity. As we come together to avoid falling victim to attacks, and in the process protect our networks and each other, cyber-criminals are expected to do the same.
“We’re in a period of evolution. My prognosis is that we’re going to start seeing a clustering of cybercrime, with particular criminal expertise focusing on different aspects of attacks. When it comes to thwarting that and getting the right level of intelligence to deal with it, we’re a long way from that yet.”
These groups of cybercriminals do and will work as their own organizations, with certain programmers and hackers holding specialisms in certain areas. Far from being teenagers in their bedrooms or researchers creating self-replicating programs, these sophisticated organizations will work together to launch larger and more devastating attacks, profiting off them and then wiping their presence from the affected devices to avoid repercussions. By joining together, cybercriminals are expediting their evolution, and according to experts, individual action will do little to stop this.
Fortunately, another group of experts believes individuals won’t have to act. Mark Orlando, CTO of Raytheon Cyber Security, which specializes in large-scale cybersecurity audits through simulated attacks, believes we aren’t too far away from computers being able to protect themselves.
"In the coming years, we will see more automation and AI applied to security solutions so that human analysts can focus their efforts on strategic, complex threats...In the cyber arms race, we need every advantage we can get and that means arming ourselves with innovative technologies."
AI has several applications in several industries, but when it comes to cybersecurity, machine learning may be able to detect anomalies caused by malware, alert human security administrators, initiate security protocols on individual devices and networks, analyze the behavior of malware, hackers, and fraudsters to provide detailed reports and aid in their capture. Similarly, with a combination of AI and biometric data, device security will become much harder to bypass for imposters or robots.
Of course, this poses the problem that, in using AI for security, hackers and cybercriminals will use it for malicious means, too. However, with a synthesis of human intuition and experience, alongside AI’s software-based capabilities, predictive analysis, and subsequent security insights, it may just be enough to ensure we can stay one step ahead of cyberattacks.
In Conclusion
The history of cyberattacks and cybersecurity are one and the same. By understanding this history, we can stay on top of the near-constant need for improved preventative measures. The importance of protecting our personal information, financial data, and networks only grows as we become increasingly reliant on technology.
The future of cybersecurity, according to experts, will require us to collaborate with best practices used by security agencies and governments. Potential advancements in AI and automation will help us stay ahead of cybercriminals, but we certainly haven’t seen the limits of the damage that cybercriminals can do.
While there are challenges ahead, with a united and proactive approach, internet users across the globe can strengthen our ability to safeguard the digital world we depend on, ensuring a secure future for all.
Sources
- https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/
- https://www.techtarget.com/searchsecurity/CyberResiliency/5-Key-Elements-of-a-Modern-Cybersecurity-Framework
- https://medium.com/cybernoobing/the-people-that-put-the-cyber-in-cyber-security-cyber-noobing-806e4d00519a
- https://www.lifewire.com/brief-history-of-malware
- https://en.wikipedia.org/wiki/Morris_worm
- https://nsarchive.gwu.edu/briefing-book/cyber-vault/2023-02-28/solar-sunrise-after-25-years-are-we-25-years-wiser
- https://cybermagazine.com/cyber-security/history-cybersecurity
- https://www.siliconrepublic.com/enterprise/bt-eagle-i-cyber-security-platform
- https://www.latimes.com/world/europe/la-fg-europe-computer-virus-20170514-story.html
- https://www.washingtonpost.com/podcasts/post-live/brad-smith-on-cybersecurity-and-microsofts-role-in-aiding-ukraine-against-russian-cyberattacks/
Add comment