By Tim Matthews
As I walked around the RSA Conference this year, one thing I realized I was missing was the theme. For years, RSA would tie the conference to an important event or development from the centuries of security, from the conqueror Caesar to the Navajo code talkers in WWII. And it’s not just me; the security community is interested in its own history.
It was that sentiment that sparked an idea at Exabeam. We thought it would be fun to look back over the recent history of cybersecurity and chronicle the important events to share with the security community. The end result of the project is the 2019 History of Cybersecurity Calendar.
As we started our research, we found that major events were chronicled across the internet, but there was no central place to find all the information. As a history buff who has been in the cybersecurity space for some time—and maybe because historical timelines of attacker behavior are in my company’s DNA—that only inspired me more to fill the gap.
Today, cybersecurity is top of mind for just about everyone. But when the internet’s first draft appeared a half-century ago, security wasn’t in the outline. The technical focus was how to make this new packet-based networking scheme work. Security did not occur to the close-knit crew of academic researchers who trusted each other; it was impossible at the time for anyone else to access the fledgling network.
With today’s pervasive use of the internet, a modern surge in cyberattacks and the benefit of hindsight, it’s easy to see how ignoring security was a massive flaw.
Looking back at security events, the relatively short history of cybersecurity reveals important milestones and lessons on where the industry is heading.
Here are some key events that will help you understand how we’ve arrived at today’s point of cybersecurity. We start in the 1970s, with the first discovery of a computer virus. For the full list of cybersecurity events, download or purchase the History of Cybersecurity 2019 Calendar. We chose a 1970s motif in honor of that decade’s importance to modern cybersecurity. For some fun, you can also test your knowledge of cybersecurity history with monthly trivia questions. All proceeds will be donated to the Computer History Museum and WiCyS (Women in Cybersecurity).
March 16, 1971 – Discovery of the Creeper Virus
Believe it or not, the idea of a computer virus preceded computer networks. Mathematician John von Neumann predicted the idea in the late 1940s, but it wasn’t until 30 years later before someone created one. During the age of ARPANET (the internet at its earliest form) in 1971, the few users of the network were surprised when their screens displayed the phrase: “I’m the creeper, catch me if you can.” At the time, users had no idea who or what it could be. Creeper was a worm, a type of computer virus that replicates itself and spreads to other systems; it was created by Bold, Beranek and Newman. Unlike today’s malicious viruses, all Creeper did was display messages.
Sept. 20, 1983 – The First U.S. Patent for Cybersecurity
As computers began to evolve, inventors and technology experts around the world were rushing to make history and claim patents for new computer systems. The first U.S. patent for cybersecurity came in September of 1983 when MIT was granted U.S. Patent 4,405,829 for a “cryptographic communications system and method.” The patent introduced the RSA (Rivest-Shamir-Adleman) algorithm, which was one of the first public key cryptosystems. Cryptography is the bedrock of modern cybersecurity.
June 9, 1993 – The First DEF CON Conference
DEF CON is one of the world’s most popular cybersecurity technical conferences. Started in June of 1993 by Jeff Moss, it opened in Las Vegas with roughly 100 people. Today the conference is attended by over 20,000 cybersecurity professionals from around the world.
February 1995 – The Birth of Secure Sockets Layer (SSL) 2.0
The security protocol that allows people to do simple things like purchase items online securely was made possible by the Secure Sockets Layer (SSL) internet protocol. Netscape began developing the SSL protocol not long after the National Center for Supercomputing Applications released the first web browser. In February 1995, Netscape released SSL 2.0, which became the core of the language for securely using the web, called Hyper Text Transfer Protocol Secure. Today, when you see “HTTPS” in a website address, you know its communications with your browser are encrypted.
Oct. 1, 2003 – Anonymous is Born
Anonymous was the first universally known hacker group. The group has no leader and represents many online and offline community users. Together, they exist as an anarchic, digitized global brain. Wearing the mask of Guy Fawkes, the group gained national attention when the group hacked the Church of Scientology website with distributed DDoS attacks. Anonymous continues being linked to numerous high-profile incidents; its main cause is protecting citizens’ privacy.
Jan. 12, 2010 – Operation Aurora Reveals a Nation-as-Hacker
Before 2010, disclosures of security breaches were considered highly unusual. On Jan. 12 of that year, Google shocked the world when it announced “Operation Aurora,” a major breach on its infrastructure in China. Google initially thought the attackers’ goal was to access Gmail accounts of Chinese human rights activists. Analysts discovered the true intent was identifying Chinese intelligence operatives in the U.S. who may have been on watch lists for American law enforcement agencies. The attacks also hit more than 50 companies in the internet, finance, technology, media and chemical sectors.
Recent Exploits, Countermeasures and Looking Forward
In recent years, massive breaches have hit name brands like Target, Anthem, Home Depot, Equifax, Yahoo, Marriott and more – compromising data for the companies and billions of consumers. In reaction, stringent regulations to protect citizen privacy like the EU General Data Protection Regulation (GDPR) and the new California Consumer Privacy Act are raising the bar for compliance. And cyberspace has become a digital battleground for nation-states and hacktivists. To keep up, the cybersecurity industry is constantly innovating and using advanced machine learning and AI-driven approaches, for example, to analyze network behavior and prevent adversaries from winning. It’s an exciting time for the market, and looking back only helps us predict where it’s going.