The upcoming main navigation can be gotten through utilizing the tab key. Any buttons that open a sub navigation can be triggered by the space or enter key.
Search Lawfare
The meaning of the cyber revolution.
The article makes three main arguments.
Jack Goldsmith
The article makes three main arguments. First, integrating cyber realities into the international security studies agenda is necessary both for developing effective policies and for enhancing the field’s intellectual progress. Second, the scientific intricacies of cyber technology and methodological issues do not prohibit scholarly investigation; a nascent realm of cyber studies has already begun to emerge. Third, because cyberweapons are not overtly violent, their use is unlikely to ªt the traditional criterion of interstate war; rather, the new capability is expanding the range of possible harm and outcomes between the concepts of war and peace—with important consequences for national and international security. Although the cyber revolution has not fundamentally altered the nature of war, it nevertheless has consequences for important issues in the field of security studies, including nonmilitary foreign threats and the ability of nontraditional players to inflict economic and social harm. Three factors underscore the cyber danger for international security: the potency of cyberweapons, complications relating to cyber defense, and problems of strategic instability. The article has three sections. First, it reviews the sources and costs of scholarly inattention toward the cyber issue and argues why this must change. Second, it presents a selection of common technical concepts to frame the issue from the perspective of security scholars. Third, it assesses the potential consequences of cyberweapons for international security. The article concludes by outlining a research agenda for future cyber studies.
More Articles
Beyond the Battlefield, Beyond al Qaeda: The Destabilizing Legal Architecture of Counterterrorism
Other topics.
Subscribe to Lawfare
- Today on Lawfare
- The Week That Was
Academia.edu no longer supports Internet Explorer.
To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to upgrade your browser .
Enter the email address you signed up with and we'll email you a reset link.
- We're Hiring!
- Help Center
The Meaning of the Cyber Revolution: Perils to Theory and Statecraft
2013, International Security
While decisionmakers warn about the cyber threat constantly, there is little systematic analysis of the issue from an international security studies perspective. Some scholars presume that the related technology's scientific complexity and methodological issues prohibit orderly investigation; only a minimum degree of technical acuity is needed, however, revealing the scope of maneuver in the cyber domain. Other skeptics argue that the cyber peril is overblown, contending that cyber weapons have no intrinsic capacity for violence and do not alter the nature or means of war. This view misses the essence of the danger and conceals its true significance: the new capability is expanding the range of possible harm and outcomes between the concepts of war and peace—with important implications for national and international security. The cyber domain, moreover, features enormous defense complications and dangers to strategic stability: offense dominance, attribution difficulties, techno...
Related Papers
Russell Dunne
International Relations theory has endured two failures in the last half century. No International Relations theorist foresaw the end of the Cold War. Likewise with the rise of Cyber War. Whilst the Internet is acknowledged as having the CIA as its parent, no one predicted that it would become a theatre for conflict. Cyber War is here and its impact on our lives will only increase in time. It is only a matter of time before a completely cyber conflict is waged. Yet no theory on Cyber War exists…until now.
Diego Canabarro , Thiago Borne
CANABARRO, D. R. ; BORNE, T. ; CEPIK, M. A. C. . Three Controversies on Cyberwar: a Critical Perspective. In: MPSA Annual Conference, 2013, Chicago - IL - Estados Unidos. MPSA Conference Paper Archive, 2013, on line. The spread of contemporary information and communication technologies among state and non-state actors adds new dimensions to the study of diffusion in global politics. The Digital Era brings about different challenges for national and international security policymaking, heating up academic and political debate surrounding the scope and the implications of the term cyberwar. This paper surveys the evolution of academic and technical production on cyberwar with the intention of providing background for the critical evaluation of the Brazilian case. Finally, it details the prospective research agenda that follows from the evaluation of the Brazilian case.
Conflict Zone Cyberspace: Prospects for Security and Peace Cyberspace as a Domain of Military Action 2 ETHICS AND ARMED FORCES 01/19
Philipp von Wussow
Myriam Dunn Cavelty
Cyber security is seen as one of the most pressing national security issues of our time. Due to sophisticated and highly publicised cyber attacks such as Stuxnet, it is increasingly framed as a strategic issue. The diffuse nature of the threat, coupled with a heightened sense of vulnerability, has brought about a growing militarisation of cyber security. This has resulted in too much attention on the low probability of a large scale cyber attack, a focus on the wrong policy solutions, and a detrimental atmosphere of insecurity and tension in the international system. Though cyber operations will be a significant component of future conflicts, the role of the military in cyber security will be limited and needs to be carefully defined.
Ryan C Maness
Cyber security is seen as one of the most pressing national security issues of our time. Due to sophisticated and highly publicised cyber attacks, it is increasingly framed as a strategic-military concern and many states have or at least want to acquire offensive cyber “weapons”. The aim of this paper is to show that particular ways of framing threats are not only a matter of choice but also come with political and social effects. Focusing on the strategic-military aspects of cyber security means subjecting it to the rules of an antagonistic zero-sum game, in which one party’s gain is another party’s loss. This invokes enemy images even though there is no identifiable enemy, centres too strongly on national security measures instead of economic and business solutions, and wrongly suggests that states can establish control over cyberspace. Not only does this create an unnecessary atmosphere of insecurity and tension in the international system, it is also based on misperceptions of the nature and level of cyber risk and on the feasibility of different protection measures in a world characterised by complex, interdependent risk. While it is undisputed that the cyber dimension will play a substantial role in future conflicts of all grades and shades, threat-representations must remain well informed and well balanced at all times in order to rule out policy (over-)reactions with too high costs and uncertain benefits.
The International Spectator
Gian Piero Siroli
Strategic Studies Quarterly
John Sheldon
What is the strategic purpose of cyberpower? All too many works on cyberspace and cyberpower are focused on the technical, tactical, and operational aspects of operating in the cyber domain. These are undoubtedly important topics, but very few address the strategic purpose of cyberpower for the ends of policy. Understanding its strategic purpose is important if policy makers, senior commanders, and strategists are to make informed judgments about its use. Cyberpower does indeed have strategic purpose relevant to achieving policy objectives. This strategic purpose revolves around the ability in peace and war to manipulate perceptions of the strategic environment to one's advantage while at the same time degrading the ability of an adversary to comprehend that same environment. While it is proper to pay attention to the technological, tactical, and operational implications, challenges, and opportunities of cyberspace, this article concerns itself with its use-"the ability to use cyberspace to create advantages and influence events in all the operational environments and across the instruments of power"-for achieving the policy objectives of the nation. 1 Transforming the effects of cyberpower into policy objectives is the art and science of strategy, defined as "managing context for continuing advantage according to policy" (emphasis in original). 2 The definition provides the overall strategic impetus for the use of cyberpower. To fully understand the power of cyber, one must acknowledge the character of cyber-power and cyberspace. The linkage between strategic context, strategy, and
Jonah Feldman
Jonah Feldman Ming Chow COMP-116 6 December 2017 The Internet’s Security Dilemma: Why Cyber-Weapons Beget Instability Abstract This paper analyzes interstate cyberwarfare through the lens of Robert Jervis’s offense/defense paradigm. In this paradigm, two factors are important in determining technology’s impact on global stability: whether a technology favors offensive or defensive strategy, and whether offensive technology can be distinguished from defensive technology. This paper argues that cybersecurity exemplifies Jervis’s “third world,” where offense has the advantage while offensive and defensive technologies are easily distinguishable. The case for offense/defense distinguishability is straightforward: defensive tactics like encryption, firewalls, and air gapping have little offensive utility. Thus, this paper will focus primarily on cybersecurity’s offensive advantages and its implications for the international system.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.
RELATED PAPERS
Francis Otiato
Troy Smith, PhD
Kevin Govern
Justine Chauvin
Strategic Analysis
Prashant Vats
Science Research Society
Dr K Sita Manikyam
Journal of Information Technology & Politics Vol. 12 No. 4 (2015), 399-401
Francis C . Domingo
Peter Dombrowski
Dr. Ehab Khalifa
Yale University Press
Lucas Kello
Kanun Jurnal Ilmu Hukum
Maskun Maskun
Roger Bradbury
GP ORF Future Warfare and Technology
Noelle Van der Waag-Cowling
Brett J Patron
James Farwell
Review of Policy Research
Geoffrey Herrera
Nikola Schmidt
Ion Alexandru
Dr. Matthew Crosston
2019 11th International Conference on Cyber Conflict
Scholars International Journal of Law, Crime and Justice
Mohd Badrol Awang
Journal of Contemporary Studies
Fahad Nabeel
Current and Emerging Trends in Cyber Operations: Policy, Strategy and Practice
Scott Applegate
RELATED TOPICS
- We're Hiring!
- Help Center
- Find new research papers in:
- Health Sciences
- Earth Sciences
- Cognitive Science
- Mathematics
- Computer Science
- Academia ©2024
What Is the Cyber Revolution?
- First Online: 11 December 2018
Cite this chapter
- Joseph N Pelton 2
694 Accesses
- The original version of this chapter was revised. The correction to this chapter is available at https://doi.org/10.1007/978-3-030-02137-5_11
The world as we know it is changing. This is no small change but fundamental change. These are sea-changes that will alter the course of human history. There are now truly massive drivers of change afoot. These basic shifts are much larger than most people comprehend. Certainly, we are not prepared for the “Cyber Revolution” or transformations that ‘Space 2.0’ can bring about. These capabilities can open the door to what we call “the Fourth Wave Economy.” In this Fourth Wave Economy work will be redefined. The Internet will challenge democracy. NewSpace systems can not only create a new space economy but also totally new capabilities that might allow us to create new space structures that could allow us to better cope with climate change or even terraform Mars so that its newly created atmosphere can sustain vegetation and life.
Within a few decades, machine intelligence will surpass human intelligence, leading to The Singularity – technological change so rapid and profound it represents a rupture in the fabric of human history. Ray Kurzweil , The Law of Accelerating Returns ( http://www.kurzweilai.net ) I really think there are two fundamental paths [for humans]: One path is we stay on Earth forever, and some eventual extinction event wipes us out…. The alternative is, become a spacefaring and multi-planetary species. Elon Musk (Nick Stockton, “Elon Musk Announces His Plan to Colonize Mars and Save Humanity” Science, Sept. 27, 2016 https://www.wired.com/2016/09/elon-musk-colonize-mars/ )
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
- Get 10 units per month
- Download Article/Chapter or Ebook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
- Available as EPUB and PDF
- Read on any device
- Instant download
- Own it forever
- Compact, lightweight edition
- Dispatched in 3 to 5 business days
- Free shipping worldwide - see info
Tax calculation will be finalised at checkout
Purchases are for personal use only
Institutional subscriptions
Similar content being viewed by others
Nomos Earth
Geoheritage: A Strategic Resource for the Society in the Anthropocene
A Critically Overpopulated Planet
Change history, 24 october 2019.
This book was inadvertently published without updating the corrections to the chapters noted below.
In truth, it turns out that ‘technological fixes’ to human social issues are quite hard to accomplish and when implemented lack staying power. Automobiles were touted to the London City Council around 1900 as a fix to massive heaps of horse manure and city pollution. More recently, the noted economist John Kenneth Galbraith in the 1950s wrote a book that was much celebrated at the time. It predicted a bright future fueled by technology. This book The Affluent Society that held out so much hope for the future is today considered an exercise in looking to the future through rose-colored glasses. (John Kenneth Galbraith, The Affluent Society , (1958) https://www.goodreads.com/book/show/41589.The_Affluent_Society )
Meara Sharma “Why We Can’t Comprehend Climate Change”, Washington Post, April 8, 2018, p. B-1, B-5.
Geoff Colvin and Ryan Derousseau, “Bill Gates Proposes a Robot Tax” Fortune, February 22, 2017. http://fortune.com/2017/02/22/bill-gates-proposes-a-robot-tax/
Jeffrey Lin and P.W. Singer, “Watch Out SpaceX: China’s Space Start Up Industry Takes Flight,” Popular Science, April 22, 2016. https://www.popsci.com/watch-out-spacex-chinas-space-start-up-industry-takes-flight
Maureen O’Hara, “First luxury hotel in space announced”, https://edition.cnn.com/travel/article/aurora-station-luxury-space-hotel/index.html
Adam Withnall “World’s leading futurologist predicts computers will soon be able to flirt, learn from experience and even make jokes”, The Independent, February 23, 2014. https://www.independent.co.uk/life-style/gadgets-and-tech/news/robots-will-be-smarter-than-us-all-by-2029-warns-ai-expert-ray-kurzweil-9147506.html
David Bell, The Coming of Post-Industrial Society: A Venture in Social Forecasting (1973) Basic Books, New York.
Author information
Authors and affiliations.
International Association for the Advancement of Space Safety, Arlington, VA, USA
Joseph N Pelton
You can also search for this author in PubMed Google Scholar
Rights and permissions
Reprints and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Pelton, J.N. (2019). What Is the Cyber Revolution?. In: Preparing for the Next Cyber Revolution. Springer, Cham. https://doi.org/10.1007/978-3-030-02137-5_1
Download citation
DOI : https://doi.org/10.1007/978-3-030-02137-5_1
Published : 11 December 2018
Publisher Name : Springer, Cham
Print ISBN : 978-3-030-02136-8
Online ISBN : 978-3-030-02137-5
eBook Packages : Engineering Engineering (R0)
Share this chapter
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Publish with us
Policies and ethics
- Find a journal
- Track your research
The Evolution of Cybersecurity
When ENIAC , the first modern computer, was brought online in 1945, cybersecurity wasn’t a word you could find in the dictionary. The only way to interact with the building-sized computers of the era was to be physically present, so virtual threats weren’t a risk, and access control was a matter of physical security.
Cybersecurity developed as a distinct field throughout the 1960s and 70s and exploded into the public consciousness in the late 1980s, after a series of events that highlighted just how dangerous a lack of security could be. Continuing to grow throughout the 90s, cybersecurity is now a core part of modern life. Let’s explore the brief history of this field!
When you hear the word “hacker” , you probably think of a mysterious individual sitting alone in a dark room, watching information scroll by on multiple windows as they conduct nefarious deeds.
The media often takes creative liberties when depicting hackers. It may surprise you to learn that the origin of the ‘modern hacker’ was a counterculture of people tinkering with technology or finding new ways of sharing information. Hacking is not innately tied to breaking into computers. In fact, an early instance of hacking in 1963 involved hacking a phone system to make long-distance calls for free. Hacking is the act of working within the confines of a system to produce unintended behavior. That behavior ranges from cracking passwords to saving a spaceship’s air system using spare parts .
The more connected we are, the more important cybersecurity is, and the widespread adoption of time-sharing in the 60s was a big increase in connectivity. Computers of the era were expensive and bulky; timesharing let multiple people use a single large computer at the same time, which meant that precautions were needed to prevent unauthorized access to files and to the computer itself. Computing time was expensive in those days! The solution of protecting accounts with passwords has persisted to modern times.
The creation of ARPANET , the earliest form of the internet, gave hackers a lot to think about and explore. ARPANET was a testing ground for new technologies, and the hacker and technical communities busied themselves with developing and prototyping new technologies, including email. There were a few adventures into the development of malware (short for malicious software), including Creeper and Reaper, the first computer worms, but these were academic exercises more than anything else.
The message you would have seen if you received a visit from Creeper!
In this era of rapid development and experimentation, the security of the technology being developed was not a concern. The widespread view of ARPANET as a cooperative academic endeavor and the absence of well-established best practices meant that the motivation and means to design secure systems and software were limited. However, people were starting to think about security. A 1975 paper titled The Protection of Information in Computer Systems presented principles and concepts that would become critical to cybersecurity in the future.
The 1980s were a chaotic time; the Internet was formed in 1983, and the adoption of the Internet Protocol Suite by ARPANET and other networks added more potential targets and attackers to the mix. The first “real” malware emerged during this time, as did the public panic around The Cold War. Tools and techniques developed during this era would become common in modern cybersecurity; dictionary attacks used stolen lists of passwords and exploited weak default credentials, while decoy computer systems trapped attackers.
The late 80’s gave two major events.
- The first was the discovery that a hacker working for the KGB gained access to sensitive documents from the U.S. military.
- The second was the creation of the world’s truly serious piece of malware: the Morris Worm . It was originally written to map the size of the internet but quickly grew out of control, choking computers with multiple copies of itself, and clogging the network as it kept replicating.
These incidences exploited unsecured default settings; default passwords like “admin” ensured a system or piece of software was easily exploitable.
The 1990s are widely considered to be the era of viruses. Computers that connected to the internet became more common in households and this increased access. This led to unskilled script kiddies — individuals who download a piece of code and run it without having to write any code themselves. They can use that code to launch attacks they don’t understand in order to vandalize or destroy targets for fun.
The unfocused, scattered attacks of the era led to the rise of the anti-malware industry, evolving from a curiosity to a core part of modern cybersecurity. Cybersecurity, as a whole, started to be taken much more seriously. Large companies made public pushes to improve the security of their products. Household computers were often targeted by the rampant malware of the era, demonstrating the consequences of poor cybersecurity to their owners.
More and more data became digitized — particularly monetary transactions. As the script kiddies of the 90s grew up and gained more experience, the scale of threats shifted, and attackers started having larger targets beyond vandalism and destruction. Credit-card breaches, hacktivism, and holding corporations’ systems for ransom became increasingly common, as malicious hackers realized there was real money to be made from cybercrime.
Hundreds of millions of sets of credit card data were breached over the course of the decade.
The threats of data breaches and ransomware attacks forced large businesses to improve their cybersecurity programs. Being hacked was no longer just a matter of vandalism; it could lead to extended downtime, loss of customer loyalty, lawsuits, and fines from regulatory bodies.
During the 2010s, the scale of threats continued to grow: Attacks by nation-states increased in frequency, and they carried out infiltration and surveillance campaigns and deployed cyberweapons to attack strategic objectives. Malicious hacker groups targeted major corporations and government organizations, stealing data and launching ransomware attacks, and the growing number of smart devices in circulation gave these groups an entirely new type of target.
The most dangerous of these new threat actors are known as APTs: Advanced Persistent Threats . Often funded by nation-states, APTs possess resources and determination far beyond what smaller threat actors might have access to. While lesser threat actors might be capable of launching cyber attacks against a target, APTs are capable of running entire cyber-campaigns, attempting to infiltrate their target across multiple domains simultaneously.
Large-scale cybersecurity incidents became more and more common: WannaCry and NotPetya caused global damage, the [Equifax) and Yahoo! breaches revealed hundreds of millions of pieces of personal information, and countless companies and organizations were hit by ransomware attacks, bringing their operations grinding to a halt.
The present
With the world as connected as it is, cybersecurity is about protecting people as much as it is about protecting computers. People are fallible, and, like computers, we have vulnerabilities that can be exploited: Emotional manipulation and social engineering are powerful tools, used by hackers to gain access to secure systems. Many of the systems we rely on run on computers, and the stakes for protecting them have never been higher. Attacks on those computers can disrupt transportation, power, economy, healthcare, communication, and even lives.
With computers so integrated into our lives, it’s crucial that we protect them. In cybersecurity, we must learn from our mistakes, applying the lessons learned in the past to prevent attacks in the future. This is the domain of security researchers and ethical hackers: Finding and fixing vulnerabilities before they can be exploited, and helping to make us and our computers as safe as possible.
Learn More on Codecademy
Cybersecurity for business, introduction to cybersecurity.
Evolution Of Cybersecurity: A Brief History And Future Outlook
crawsecurity
The evolution of cybersecurity is a fascinating journey that has closely followed the rapid development of information technology. This brief overview covers key milestones in the history of cybersecurity and offers insights into its future outlook:
1. Early Beginnings (1940s-1960s): The field of cybersecurity has its roots in the early days of computing when security concerns were limited to the physical protection of machines. Early efforts focused on secure communication, and concepts like cryptography began to emerge.
2. The Rise of Hacking (1970s-1980s): As computer networks grew, so did the interest in exploiting vulnerabilities. The 1970s and 1980s saw the emergence of the first hackers, like Kevin Mitnick, who gained notoriety for their exploits. This era also saw the development of the first antivirus software.
3. Internet Explosion (1990s): The proliferation of the internet brought about new challenges. The Morris Worm (1988) demonstrated the destructive potential of malware, leading to increased efforts in intrusion detection and antivirus tools. Firewalls also became commonplace.
4. Y2K and Cybersecurity Awareness (2000s): The fear of the Y2K bug prompted organizations to invest in cybersecurity. The early 2000s saw the emergence of more sophisticated malware and the need for improved defense mechanisms, including intrusion prevention systems and secure coding practices.
5. Advanced Persistent Threats (2010s): The 2010s witnessed the rise of sophisticated cyberattacks attributed to nation-states and advanced criminal groups. High-profile breaches, like those at Target and Sony, highlighted the importance of cybersecurity. This period also saw the growth of the cybersecurity industry, with increased investment in startups and innovations like machine learning-based threat detection.
6. IoT and Cloud Security (2010s-2020s): With the proliferation of Internet of Things (IoT) devices and the shift to cloud computing, new attack vectors emerged. Ensuring the security of these technologies became a top priority for organizations.
7. The Future Outlook (2020s and Beyond): Looking ahead, several trends are shaping the future of cybersecurity:
- Artificial Intelligence (AI) and Machine Learning: AI-powered threat detection and response will become more prevalent, both for cybersecurity and in the hands of attackers.
- Zero Trust Security: The traditional perimeter-based approach is giving way to a zero-trust model that assumes no trust by default, with strict access controls.
- Quantum Computing Threats: The advent of quantum computing poses a potential threat to current encryption methods, spurring the development of quantum-resistant cryptography.
- IoT Security: As IoT devices continue to multiply, security concerns will intensify, requiring better device security and network segmentation.
- Regulations and Compliance: Stricter data protection regulations, like GDPR and CCPA, will drive organizations to prioritize cybersecurity compliance.
- Cybersecurity Workforce: The shortage of skilled cybersecurity professionals will remain a challenge, emphasizing the need for education and training programs.
- Cyber-Physical Systems Security: As more systems become interconnected, securing critical infrastructure and cyber-physical systems will be a focal point.
In conclusion, the evolution of cybersecurity has been a dynamic response to the changing landscape of technology and threats. The future of cybersecurity will continue to adapt to emerging technologies and threats, emphasizing the importance of proactive measures, strong collaboration between public and private sectors, and ongoing innovation in the field.
Written by crawsecurity
Best Ethical Hacking Institute In Delhi
Text to speech
30 Nov The History Of Cybercrime And Cybersecurity, 1940-2020
From phone phreaks to next generation cyberattacks.
Prague, Czech Republic – Nov. 30, 2020
From the 1940s to the present, discover how cybercrime and cybersecurity have developed to become what we know today.
Many species evolve in parallel, each seeking a competitive edge over the other. As cybersecurity and technology have evolved, so have criminals and ‘bad actors’ who seek to exploit weaknesses in the system for personal gain – or just to prove a point.
This arms race has been going on since the 1950s, and this article explains the evolution of cyberattacks and security solutions.
- 1940s : The time before crime
- 1950s : The phone phreaks
- 1960s : All quiet on the Western Front
- 1970s : Computer security is born
- 1980s : From ARPANET to internet
- 1990s : The world goes online
- 2000s : Threats diversify and multiply
- 2010s : The next generation
1940s: The time before crime
For nearly two decades after the creation of the world’s first digital computer in 1943 , carrying out cyberattacks was tricky. Access to the giant electronic machines was limited to small numbers of people and they weren’t networked – only a few people knew how to work them so the threat was almost non-existent.
Interestingly, the theory underlying computer viruses was first made public in 1949 when computer pioneer John von Neumann speculated that computer programs could reproduce.
1950s: The phone phreaks
The technological and subcultural roots of hacking are as much related to early telephones as they are to computers.
In the late 1950s, ‘phone phreaking’ emerged. The term captures several methods that ‘phreaks’ – people with a particular interest in the workings of phones – used to hijack the protocols that allowed telecoms engineers to work on the network remotely to make free calls and avoid long-distance tolls. Sadly for the phone companies, there was no way of stopping the phreaks, although the practice eventually died out in the 1980s.
The phreaks had become a community, even issuing newsletters, and included technological trailblazers like Apple’s founders Steve Wozniak and Steve Jobs. The mold was set for digital technology.
Igor Golovniov / Shutterstock.com
1960s: All quiet on the Western Front
The first-ever reference to malicious hacking was in the Massachusetts Institute of Technology’s student newspaper.
Even by the mid-1960s, most computers were huge mainframes, locked away in secure temperature-controlled rooms. These machines were very costly, so access – even to programmers – remained limited.
However, there were early forays into hacking by some of those with access, often students. At this stage, the attacks had no commercial or geopolitical benefits. Most hackers were curious mischief-makers or those who sought to improve existing systems by making them work more quickly or efficiently.
In 1967, IBM invited school kids to try out their new computer. After exploring the accessible parts of the system, the students worked to probe deeper, learning the system’s language, and gaining access to other parts of the system.
This was a valuable lesson to the company and they acknowledged their gratitude to “a number of high school students for their compulsion to bomb the system”, which resulted in the development of defensive measures – and possibly the defensive mindset that would prove essential to developers from then on. Ethical hacking is still practiced today.
As computers started to reduce in size and cost, many large companies invested in technologies to store and manage data and systems. Storing them under lock and key became redundant as more people needed access to them and passwords began to be used.
Roman Belogorodov / Shutterstock.com
1970s: Computer security is born
Cybersecurity proper began in 1972 with a research project on ARPANET (The Advanced Research Projects Agency Network), a precursor to the internet.
ARPANET developed protocols for remote computer networking.
Researcher Bob Thomas created a computer program called Creeper that could move across ARPANET’s network, leaving a breadcrumb trail wherever it went. It read: ‘I’m the creeper, catch me if you can’. Ray Tomlinson – the inventor of email – wrote the program Reaper, which chased and deleted Creeper. Reaper was not only the very first example of antivirus software, but it was also the first self-replicating program, making it the first-ever computer worm .
An example of the Creeper’s taunting message. (Image credit: Core War )
Challenging the vulnerabilities in these emerging technologies became more important as more organizations were starting to use the telephone to create remote networks. Each piece of connected hardware presented a new ‘entry point’ and needed to be protected.
As reliance on computers increased and networking grew, it became clear to governments that security was essential, and unauthorized access to data and systems could be catastrophic. 1972-1974 witnessed a marked increase in discussions around computer security, mainly by academics in papers .
Creating early computer security was undertaken by ESD and ARPA with the U.S. Air Force and other organizations that worked cooperatively to develop a design for a security kernel for the Honeywell Multics (HIS level 68) computer system. UCLA and the Stanford Research Institute worked on similar projects.
ARPA’s Protection Analysis project explored operating system security; identifying, where possible, automatable techniques for detecting vulnerabilities in software.
By the mid-1970s, the concept of cybersecurity was maturing. In 1976 Operating System Structures to Support Security and Reliable Software stated :
“Security has become an important and challenging goal in the design of computer systems.”
In 1979, 16-year-old Kevin Mitnick famously hacked into The Ark – the computer at the Digital Equipment Corporation used for developing operating systems – and made copies of the software. He was arrested and jailed for what would be the first of several cyberattacks he conducted over the next few decades. Today he runs Mitnick Security Consulting.
Gennady Grechishkin / Shutterstock.com
1980s: From ARPANET to internet
The 1980s brought an increase in high-profile attacks, including those at National CSS, AT&T, and Los Alamos National Laboratory. The movie War Games, in which a rogue computer program takes over nuclear missiles systems under the guise of a game, was released in 1983. This was the same year that the terms Trojan Horse and Computer Virus were first used.
At the time of the Cold War, the threat of cyber espionage evolved. In 1985, The US Department of Defense published the Trusted Computer System Evaluation Criteria (aka The Orange Book) that provided guidance on:
- Assessing the degree of trust that can be placed in software that processes classified or other sensitive information
- What security measures manufacturers needed to build into their commercial products.
Despite this, in 1986, German hacker Marcus Hess used an internet gateway in Berkeley, CA, to piggyback onto the ARPANET. He hacked 400 military computers, including mainframes at the Pentagon, intending to sell information to the KGB.
Security started to be taken more seriously. Savvy users quickly learned to monitor the command.com file size, having noticed that an increase in size was the first sign of potential infection. Cybersecurity measures incorporated this thinking, and a sudden reduction in free operating memory remains a sign of attack to this day.
1987: The birth of cybersecurity
1987 was the birth year of commercial antivirus, although there are competing claims for the innovator of the first antivirus product.
- Andreas Lüning and Kai Figge released their first antivirus product for the Atari ST – which also saw the release of Ultimate Virus Killer (UVK)
- Three Czechoslovakians created the first version of NOD antivirus
- In the U.S., John McAfee founded McAfee (now part of Intel Security), and released VirusScan.
Also in 1987:
- One of the earliest documented ‘in the wild’ virus removals was performed by German Bernd Fix when he neutralized the infamous Vienna virus – an early example of malware that spread and corrupted files.
- The encrypted Cascade virus, which infected .COM files, first appeared .A year later, Cascade caused a serious incident in IBM’s Belgian office and served as the impetus for IBM’s antivirus product development. Before this, any antivirus solutions developed at IBM had been intended for internal use only.
The Cascade virus made text ‘fall’ to the bottom of the screen
By 1988, many antivirus companies had been established around the world – including Avast, which was founded by Eduard Kučera and Pavel Baudiš in Prague, Czech Republic. Today, Avast has a team of more than 1,700 worldwide and stops around 1.5 billion attacks every month.
Early antivirus software consisted of simple scanners that performed context searches to detect unique virus code sequences. Many of these scanners also included ‘immunizers’ that modified programs to make viruses think the computer was already infected and not attack them. As the number of viruses increased into the hundreds, immunizers quickly became ineffective.
It was also becoming clear to antivirus companies that they could only react to existing attacks, and a lack of a universal and ubiquitous network (the internet) made updates hard to deploy.
As the world slowly started to take notice of computer viruses, 1988 also witnessed the first electronic forum devoted to antivirus security – Virus-L – on the Usenet network. The decade also saw the birth of the antivirus press: UK-based Sophos-sponsored Virus Bulletin and Dr. Solomon’s Virus Fax International.
The decade closed with more additions to the cybersecurity market, including F-Prot, ThunderBYTE, and Norman Virus Control. In 1989, IBM finally commercialized their internal antivirus project and IBM Virscan for MS-DOS went on sale for $35.
Further reading: For more nostalgia, check out our guide to the best hardware of the 1980s .
1990s: The world goes online
1990 was quite a year:
- The first polymorphic viruses were created (code that mutates while keeping the original algorithm intact to avoid detection)
- British computer magazine PC Today released an edition with a free disc that ‘accidentally’ contained the DiskKiller virus, infecting tens of thousands of computers
- EICAR (European Institute for Computer Antivirus Research) was established
Early antivirus was purely signature-based, comparing binaries on a system with a database of virus ‘signatures’. This meant that early antivirus produced many false positives and used a lot of computational power – which frustrated users as productivity slowed.
As more antivirus scanners hit the market, cybercriminals were responding and in 1992 the first anti-antivirus program appeared.
By 1996, many viruses used new techniques and innovative methods, including stealth capability, polymorphism, and ‘macro viruses’, posing a new set of challenges for antivirus vendors who had to develop new detection and removal capabilities.
New virus and malware numbers exploded in the 1990s, from tens of thousands early in the decade growing to 5 million every year by 2007. By the mid-‘90s, it was clear that cybersecurity had to be mass-produced to protect the public. One NASA researcher developed the first firewall program, modeling it on the physical structures that prevent the spread of actual fires in buildings.
The late 1990s were also marked by conflict and friction between antivirus developers:
- McAfee accused Dr. Solomon’s of cheating so that testing of uninfected discs showed good speed results and the scan tests of virus collections showed good detection results. Dr. Solomon’s filed suit in response
- Taiwanese developer Trend Micro accused McAfee and Symantec of violating its patent on virus scan-checking technology via the internet and electronic mail. Symantec then accused McAfee of using code from Symantec’s Norton AntiVirus.
Heuristic detection also emerged as a new method to tackle the huge number of virus variants. Antivirus scanners started to use generic signatures – often containing non-contiguous code and using wildcard characters – to detect viruses even if the threat had been ‘hidden’ inside meaningless code.
Email: a blessing and a curse
Towards the end of the 1990s, email was proliferating and while it promised to revolutionize communication, it also opened up a new entry point for viruses.
In 1999, the Melissa virus was unleashed. It entered the user’s computer via a Word document and then emailed copies of itself to the first 50 email addresses in Microsoft Outlook. It remains one of the fastest spreading viruses and the damage cost around $80 million to fix.
2000s: Threats diversify and multiply
With the internet available in more homes and offices across the globe, cybercriminals had more devices and software vulnerabilities to exploit than ever before. And, as more and more data was being kept digitally, there was more to plunder.
In 2001, a new infection technique appeared: users no longer needed to download files – visiting an infected website was enough as bad actors replaced clean pages with infected ones or ‘hid’ malware on legitimate webpages. Instant messaging services also began to get attacked, and worms designed to propagate via IRC (Internet Chat Relay) channel also arrived.
The development of zero-day attacks , which make use of ‘holes’ in security measures for new software and applications, meant that antivirus was becoming less effective – you can’t check code against existing attack signatures unless the virus already exists in the database. Computer magazine c’t found that detection rates for zero-day threats had dropped from 40-50% in 2006 to only 20-30% in 2007.
As crime organizations started to heavily fund professional cyberattacks, the good guys were hot on their trail:
- 2000: the first open-source antivirus engine OpenAntivirus Project is made available
- 2001: ClamAV is launched, the first-ever open-source antivirus engine to be commercialized
- 2001: Avast launches free antivirus software, offering a fully-featured security solution to the masses. The initiative grew the Avast user base to more than 20 million in five years.
A key challenge of antivirus is that it can often slow a computer’s performance. One solution to this was to move the software off the computer and into the cloud. In 2007, Panda Security combined cloud technology with threat intelligence in their antivirus product – an industry-first. McAfee Labs followed suit in 2008, adding cloud-based anti-malware functionality to VirusScan. The following year, the Anti-Malware Testing Standards Organization (AMTSO) was created and started working shortly after on a method of testing cloud products.
Another innovation this decade was OS security – cybersecurity that’s built into the operating system, providing an additional layer of protection. This often includes performing regular OS patch updates, installation of updated antivirus engines and software, firewalls, and secure accounts with user management.
With the proliferation of smartphones, antivirus was also developed for Android and Windows mobile.
2010s: The next generation
The 2010s saw many high-profile breaches and attacks starting to impact the national security of countries and cost businesses millions.
- 2012: Saudi hacker 0XOMAR publishes the details of more than 400,000 credit cards online
- 2013: Former CIA employee for the US Government Edward Snowden copied and leaked classified information from the National Security Agency (NSA)
- 2013-2014: Malicious hackers broke into Yahoo, compromising the accounts and personal information of its 3 billion users. Yahoo was subsequently fined $35 million for failing to disclose the news
- 2017: WannaCry ransomware infects 230,000 computers in one day
- 2019: Multiple DDoS attacks forced New Zealand’s stock market to temporarily shut down
The increasing connectedness and the ongoing digitization of many aspects of life continued to offer cybercriminals new opportunities to exploit. Cybersecurity tailored specifically to the needs of businesses became more prominent and in 2011, Avast launched its first business product.
As cybersecurity developed to tackle the expanding range of attack types, criminals responded with their own innovations: multi-vector attacks and social engineering . Attackers were becoming smarter and antivirus was forced to shift away from signature-based methods of detection to ‘next generation’ innovations.
Next-gen cybersecurity uses different approaches to increase detection of new and unprecedented threats, while also reducing the number of false positives. It typically involves:
- Multi-factor authentication (MFA)
- Network Behavioural Analysis (NBA) – identifying malicious files based on behavioral deviations or anomalies
- Threat intelligence and update automation
- Real-time protection – also referred to as on-access scanning, background guard, resident shield and auto-protect
- Sandboxing – creating an isolated test environment where you can execute a suspicious file or URL
- Forensics – replaying attacks to help security teams better mitigate future breaches
- Back-up and mirroring
- Web application firewalls (WAF) – protecting against cross-site forgery, cross-site-scripting ( XSS ), file inclusion, and SQL injection.
Who knows what the next decade will bring? Whatever happens, Avast Business will be there to provide advanced protection for organizations and offer peace of mind for business leaders and IT professionals. Learn more about our range of solutions and find which one is best suited for your business using our Help Me Choose tool.
This blog originally appeared here .
AVAST Archives
– Katie Chadd is an e-Commerce Manager at Avast.
Avast is one of the largest security companies in the world using next-gen technologies to fight cyber attacks in real time. We differ from other next-gen companies in that we have an immense cloud-based machine learning engine that receives a constant stream of data from our hundreds of millions of users, which facilitates learning at unprecedented speeds and makes our artificial intelligence engine smarter and faster than anyone else’s.
© 2024 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this content by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.
All rights reserved Cybersecurity Ventures © 2024
CYBERSECURITY PUNDITS: 2024 LIST OF INDUSTRY EXPERTS VIEW LIST
IMAGES
VIDEO
COMMENTS
The Information Age (also known as the Third Industrial Revolution, Computer Age, Digital Age, Silicon Age, New Media Age, Internet Age, or the Digital Revolution) is a historical period that began in the mid-20th century. It is characterized by a rapid shift from traditional industries, as established during the Industrial Revolution, to an economy centered on information technology.
While decisionmakers warn about the cyber threat constantly, there is little systematic analysis of the issue from an international security studies perspective. Cyberweapons are expanding the range of possible harm between the concepts of war and peace, and give rise to enormous defense complications and dangers to strategic stability. It is detrimental to the intellectual progress and policy ...
Cyberethics. Hands are shown typing on a backlit keyboard to communicate with a computer. Cyberethics is "a branch of ethics concerned with behavior in an online environment". [1] In another definition, it is the "exploration of the entire range of ethical and moral issues that arise in cyberspace " while cyberspace is understood to be "the ...
People. v. t. e. Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer ...
That is the title of a recent essay in International Security by Lucas Kello, a post-doctoral fellow at the Kennedy School at Harvard. The essay is a rare effort to understand how international relations theory, and social science more generally, should apply to cyber war. From the introduction: The article makes three main arguments.
cyber issue. The resulting scholarly gap hinders the intellectual progress and policy relevance of the security studies field. 2. Complications of Cyber Defense 3. Strategic Instability The cyber revolution is exerting a limited but observable influence on regularized patterns of international security competition.!! Follow-on Research
The Meaning of the Cyber Revolution | 11 offensive [cyber] attacks."12 The consoling and predictive title of an article by Thomas Rid sums up skeptics' perception of threat inflation: "Cyber War Will Not Take Place."13 The two forms of skepticism described above—deep and substantive—have resulted in considerable neglect of the cyber issue.
The cyber revolution is still incipient; conclusions about its implications for theory and practice are necessarily provisional. It remains open to question whether the related technology demands a greater order of change in our thinking about international security than did previous technological revolutions.
The Cyber Revolution and the coming Fourth Wave economy are first and foremost a warning. The future is not going to be like the past. We are facing a period of radical and unprecedented change. This is not a call for a new and modified diet. It is not a call to be more conscientious about recycling or to buy a Prius or to learn a new trade or ...
Perils to Theory and Statecraft. The growth of cyber arsenals, in short, is outpacing the design of doctrines to. limit their risks. Against this backdrop, there is an evident need for scholars of ...
ARPANET was an early computer network and ushered in the start of cybersecurity in the form of a research project. Bob Thomas, an engineer at BBN Technologies, created the first computer virus, called Creeper. It could move across ARPANET's network between computers and left a trace reading, "I'm a creeper, catch me if you can".
This chapter explores the history of cyber(in-)security to identify the structure of relations between the main actors of interest, highlighting the interaction between state security interests, global technology companies and internet providers, and users in the development of cyber(in)security. It traces how cyber(in-)security was shaped and ...
Abstract. While decisionmakers warn about the cyber threat constantly, there is little systematic analysis of the issue from an international security studies perspective. Some scholars presume that the related technology's scientific complexity and methodological issues prohibit orderly investigation; only a minimum degree of technical acuity is needed, however, revealing the scope of ...
In this article, you'll explore the evolution of hacking and cybersecurity. When ENIAC, the first modern computer, was brought online in 1945, cybersecurity wasn't a word you could find in the dictionary. The only way to interact with the building-sized computers of the era was to be physically present, so virtual threats weren't a risk ...
3 min read. ·. Oct 21, 2023. The evolution of cybersecurity is a fascinating journey that has closely followed the rapid development of information technology. This brief overview covers key ...
the information revolution will flatten bureaucratic hierarchies and replace them with network ... and the open source encyclopedia, Wikipedia, begins in 2001. In the late 1990s, businesses begin to use the new technology to shift production ... or it can use cyber instruments to produce preferred outcomes in other domains outside cyber-space.
Prague, Czech Republic - Nov. 30, 2020. From the 1940s to the present, discover how cybercrime and cybersecurity have developed to become what we know today. Many species evolve in parallel, each seeking a competitive edge over the other. As cybersecurity and technology have evolved, so have criminals and 'bad actors' who seek to exploit ...
y is the current information revolution. And with it comes an increase in the role of soft power - the ability to obtain preferred outcomes by attraction and pe. asion rather than coercion and payment. Information revolutions are not new - one can think back to the dramatic effects of Gutenberg's printing press in the 16th century - but ...
Malware can be designed to open an avenue of access to an adversary's computer system, or to attack it, or both. Thus, the use of malware is an instru-ment of cyber hostility and not, as is sometimes implied, a separate category of action.32 Almost all cyber hostilities involve the use of malware.33 cyber crime.
An example of a physical security measure: a metal lock on the back of a personal computer to prevent hardware tampering. Computer security, cybersecurity, digital security, or information technology security (IT security) is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware ...
Abstract. 'Cyberspace' is a romantic term, introduced in the elegant science-fiction writing of William Gibson, but the concepts that make up the environment called 'cyberspace' are the stuff of real science, with origins that can be traced to ancient Greece. Much has been written about the origins of cyberspace, including a ...
Introduction. The cypherpunks were a group of privacy activists who in the 1990s helped establish the use of unregulated digital cryptography within the United States. Digital privacy, better phrased as privacy in the digital age given the inexorable digital-physical convergence, is achieved principally via digital security.
"Fourth Industrial Revolution", "4IR", or "Industry 4.0" is a buzzword and neologism describing rapid technological advancement in the 21st century. The term was popularised in 2016 by Klaus Schwab, the World Economic Forum founder and executive chairman, who says that the changes show a significant shift in industrial capitalism.. A part of this phase of industrial change is the joining of ...