cyber revolution essay wikipedia

The upcoming main navigation can be gotten through utilizing the tab key. Any buttons that open a sub navigation can be triggered by the space or enter key.

Search Lawfare

The meaning of the cyber revolution.

The article makes three main arguments.

Jack Goldsmith

The article makes three main arguments.  First, integrating cyber realities into the international security studies agenda is necessary both for developing effective policies and for enhancing the field’s intellectual progress. Second, the scientific intricacies of cyber technology and methodological issues do not prohibit scholarly investigation; a nascent realm of cyber studies has already begun to emerge. Third, because cyberweapons are not overtly violent, their use is unlikely to ªt the traditional criterion of interstate war; rather, the new capability is expanding the range of possible harm and outcomes between the concepts of war and peace—with important consequences for national and international security. Although the cyber revolution has not fundamentally altered the nature of war, it nevertheless has consequences for important issues in the field of security studies, including nonmilitary foreign threats and the ability of nontraditional players to inflict economic and social harm. Three factors underscore the cyber danger for international security: the potency of cyberweapons, complications relating to cyber defense, and problems of strategic instability. The article has three sections. First, it reviews the sources and costs of scholarly inattention toward the cyber issue and argues why this must change. Second, it presents a selection of common technical concepts to frame the issue from the perspective of security scholars. Third, it assesses the potential consequences of cyberweapons for international security. The article concludes by outlining a research agenda for future cyber studies.

More Articles 

Beyond the Battlefield, Beyond al Qaeda: The Destabilizing Legal Architecture of Counterterrorism

Other topics.

Subscribe to Lawfare

• Today on Lawfare
• The Week That Was

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

The Meaning of the Cyber Revolution: Perils to Theory and Statecraft

2013, International Security

While decisionmakers warn about the cyber threat constantly, there is little systematic analysis of the issue from an international security studies perspective. Some scholars presume that the related technology's scientific complexity and methodological issues prohibit orderly investigation; only a minimum degree of technical acuity is needed, however, revealing the scope of maneuver in the cyber domain. Other skeptics argue that the cyber peril is overblown, contending that cyber weapons have no intrinsic capacity for violence and do not alter the nature or means of war. This view misses the essence of the danger and conceals its true significance: the new capability is expanding the range of possible harm and outcomes between the concepts of war and peace—with important implications for national and international security. The cyber domain, moreover, features enormous defense complications and dangers to strategic stability: offense dominance, attribution difficulties, techno...

Related Papers

Russell Dunne

International Relations theory has endured two failures in the last half century. No International Relations theorist foresaw the end of the Cold War. Likewise with the rise of Cyber War. Whilst the Internet is acknowledged as having the CIA as its parent, no one predicted that it would become a theatre for conflict. Cyber War is here and its impact on our lives will only increase in time. It is only a matter of time before a completely cyber conflict is waged. Yet no theory on Cyber War exists…until now.

Diego Canabarro , Thiago Borne

CANABARRO, D. R. ; BORNE, T. ; CEPIK, M. A. C. . Three Controversies on Cyberwar: a Critical Perspective. In: MPSA Annual Conference, 2013, Chicago - IL - Estados Unidos. MPSA Conference Paper Archive, 2013, on line. The spread of contemporary information and communication technologies among state and non-state actors adds new dimensions to the study of diffusion in global politics. The Digital Era brings about different challenges for national and international security policymaking, heating up academic and political debate surrounding the scope and the implications of the term cyberwar. This paper surveys the evolution of academic and technical production on cyberwar with the intention of providing background for the critical evaluation of the Brazilian case. Finally, it details the prospective research agenda that follows from the evaluation of the Brazilian case.

Conflict Zone Cyberspace: Prospects for Security and Peace Cyberspace as a Domain of Military Action 2 ETHICS AND ARMED FORCES 01/19

Philipp von Wussow

Myriam Dunn Cavelty

Cyber security is seen as one of the most pressing national security issues of our time. Due to sophisticated and highly publicised cyber attacks such as Stuxnet, it is increasingly framed as a strategic issue. The diffuse nature of the threat, coupled with a heightened sense of vulnerability, has brought about a growing militarisation of cyber security. This has resulted in too much attention on the low probability of a large scale cyber attack, a focus on the wrong policy solutions, and a detrimental atmosphere of insecurity and tension in the international system. Though cyber operations will be a significant component of future conflicts, the role of the military in cyber security will be limited and needs to be carefully defined.

Ryan C Maness

Cyber security is seen as one of the most pressing national security issues of our time. Due to sophisticated and highly publicised cyber attacks, it is increasingly framed as a strategic-military concern and many states have or at least want to acquire offensive cyber “weapons”. The aim of this paper is to show that particular ways of framing threats are not only a matter of choice but also come with political and social effects. Focusing on the strategic-military aspects of cyber security means subjecting it to the rules of an antagonistic zero-sum game, in which one party’s gain is another party’s loss. This invokes enemy images even though there is no identifiable enemy, centres too strongly on national security measures instead of economic and business solutions, and wrongly suggests that states can establish control over cyberspace. Not only does this create an unnecessary atmosphere of insecurity and tension in the international system, it is also based on misperceptions of the nature and level of cyber risk and on the feasibility of different protection measures in a world characterised by complex, interdependent risk. While it is undisputed that the cyber dimension will play a substantial role in future conflicts of all grades and shades, threat-representations must remain well informed and well balanced at all times in order to rule out policy (over-)reactions with too high costs and uncertain benefits.

The International Spectator

Gian Piero Siroli

Strategic Studies Quarterly

John Sheldon

What is the strategic purpose of cyberpower? All too many works on cyberspace and cyberpower are focused on the technical, tactical, and operational aspects of operating in the cyber domain. These are undoubtedly important topics, but very few address the strategic purpose of cyberpower for the ends of policy. Understanding its strategic purpose is important if policy makers, senior commanders, and strategists are to make informed judgments about its use. Cyberpower does indeed have strategic purpose relevant to achieving policy objectives. This strategic purpose revolves around the ability in peace and war to manipulate perceptions of the strategic environment to one's advantage while at the same time degrading the ability of an adversary to comprehend that same environment. While it is proper to pay attention to the technological, tactical, and operational implications, challenges, and opportunities of cyberspace, this article concerns itself with its use-"the ability to use cyberspace to create advantages and influence events in all the operational environments and across the instruments of power"-for achieving the policy objectives of the nation. 1 Transforming the effects of cyberpower into policy objectives is the art and science of strategy, defined as "managing context for continuing advantage according to policy" (emphasis in original). 2 The definition provides the overall strategic impetus for the use of cyberpower. To fully understand the power of cyber, one must acknowledge the character of cyber-power and cyberspace. The linkage between strategic context, strategy, and

Jonah Feldman

Jonah Feldman Ming Chow COMP-116 6 December 2017 The Internet’s Security Dilemma: Why Cyber-Weapons Beget Instability Abstract This paper analyzes interstate cyberwarfare through the lens of Robert Jervis’s offense/defense paradigm. In this paradigm, two factors are important in determining technology’s impact on global stability: whether a technology favors offensive or defensive strategy, and whether offensive technology can be distinguished from defensive technology. This paper argues that cybersecurity exemplifies Jervis’s “third world,” where offense has the advantage while offensive and defensive technologies are easily distinguishable. The case for offense/defense distinguishability is straightforward: defensive tactics like encryption, firewalls, and air gapping have little offensive utility. Thus, this paper will focus primarily on cybersecurity’s offensive advantages and its implications for the international system.

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

RELATED PAPERS

Francis Otiato

Troy Smith, PhD

Kevin Govern

Justine Chauvin

Strategic Analysis

Prashant Vats

Science Research Society

Dr K Sita Manikyam

Journal of Information Technology & Politics Vol. 12 No. 4 (2015), 399-401

Francis C . Domingo

Peter Dombrowski

Dr. Ehab Khalifa

Yale University Press

Lucas Kello

Kanun Jurnal Ilmu Hukum

Maskun Maskun

Roger Bradbury

GP ORF Future Warfare and Technology

Noelle Van der Waag-Cowling

Brett J Patron

James Farwell

Review of Policy Research

Geoffrey Herrera

Nikola Schmidt

Ion Alexandru

Dr. Matthew Crosston

2019 11th International Conference on Cyber Conflict

Scholars International Journal of Law, Crime and Justice

Mohd Badrol Awang

Journal of Contemporary Studies

Fahad Nabeel

Current and Emerging Trends in Cyber Operations: Policy, Strategy and Practice

Scott Applegate

RELATED TOPICS

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

What Is the Cyber Revolution?

• First Online: 11 December 2018

Cite this chapter

• Joseph N Pelton 2  

694 Accesses

• The original version of this chapter was revised. The correction to this chapter is available at https://doi.org/10.1007/978-3-030-02137-5_11

The world as we know it is changing. This is no small change but fundamental change. These are sea-changes that will alter the course of human history. There are now truly massive drivers of change afoot. These basic shifts are much larger than most people comprehend. Certainly, we are not prepared for the “Cyber Revolution” or transformations that ‘Space 2.0’ can bring about. These capabilities can open the door to what we call “the Fourth Wave Economy.” In this Fourth Wave Economy work will be redefined. The Internet will challenge democracy. NewSpace systems can not only create a new space economy but also totally new capabilities that might allow us to create new space structures that could allow us to better cope with climate change or even terraform Mars so that its newly created atmosphere can sustain vegetation and life.

Within a few decades, machine intelligence will surpass human intelligence, leading to The Singularity – technological change so rapid and profound it represents a rupture in the fabric of human history. Ray Kurzweil , The Law of Accelerating Returns ( http://www.kurzweilai.net ) I really think there are two fundamental paths [for humans]: One path is we stay on Earth forever, and some eventual extinction event wipes us out…. The alternative is, become a spacefaring and multi-planetary species. Elon Musk (Nick Stockton, “Elon Musk Announces His Plan to Colonize Mars and Save Humanity” Science, Sept. 27, 2016 https://www.wired.com/2016/09/elon-musk-colonize-mars/ )

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

• Get 10 units per month
• Download Article/Chapter or Ebook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime
• Available as EPUB and PDF
• Read on any device
• Instant download
• Own it forever
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Nomos Earth

Geoheritage: A Strategic Resource for the Society in the Anthropocene

A Critically Overpopulated Planet

Change history, 24 october 2019.

This book was inadvertently published without updating the corrections to the chapters noted below.

In truth, it turns out that ‘technological fixes’ to human social issues are quite hard to accomplish and when implemented lack staying power. Automobiles were touted to the London City Council around 1900 as a fix to massive heaps of horse manure and city pollution. More recently, the noted economist John Kenneth Galbraith in the 1950s wrote a book that was much celebrated at the time. It predicted a bright future fueled by technology. This book The Affluent Society that held out so much hope for the future is today considered an exercise in looking to the future through rose-colored glasses. (John Kenneth Galbraith, The Affluent Society , (1958) https://www.goodreads.com/book/show/41589.The_Affluent_Society )

Meara Sharma “Why We Can’t Comprehend Climate Change”, Washington Post, April 8, 2018, p. B-1, B-5.

Geoff Colvin and Ryan Derousseau, “Bill Gates Proposes a Robot Tax” Fortune, February 22, 2017. http://fortune.com/2017/02/22/bill-gates-proposes-a-robot-tax/

Jeffrey Lin and P.W. Singer, “Watch Out SpaceX: China’s Space Start Up Industry Takes Flight,” Popular Science, April 22, 2016. https://www.popsci.com/watch-out-spacex-chinas-space-start-up-industry-takes-flight

Maureen O’Hara, “First luxury hotel in space announced”, https://edition.cnn.com/travel/article/aurora-station-luxury-space-hotel/index.html

Adam Withnall “World’s leading futurologist predicts computers will soon be able to flirt, learn from experience and even make jokes”, The Independent, February 23, 2014. https://www.independent.co.uk/life-style/gadgets-and-tech/news/robots-will-be-smarter-than-us-all-by-2029-warns-ai-expert-ray-kurzweil-9147506.html

David Bell, The Coming of Post-Industrial Society: A Venture in Social Forecasting (1973) Basic Books, New York.

Author information

Authors and affiliations.

International Association for the Advancement of Space Safety, Arlington, VA, USA

Joseph N Pelton

You can also search for this author in PubMed   Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Pelton, J.N. (2019). What Is the Cyber Revolution?. In: Preparing for the Next Cyber Revolution. Springer, Cham. https://doi.org/10.1007/978-3-030-02137-5_1

Download citation

DOI : https://doi.org/10.1007/978-3-030-02137-5_1

Published : 11 December 2018

Publisher Name : Springer, Cham

Print ISBN : 978-3-030-02136-8

Online ISBN : 978-3-030-02137-5

eBook Packages : Engineering Engineering (R0)

Share this chapter

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

The Evolution of Cybersecurity

When ENIAC , the first modern computer, was brought online in 1945, cybersecurity wasn’t a word you could find in the dictionary. The only way to interact with the building-sized computers of the era was to be physically present, so virtual threats weren’t a risk, and access control was a matter of physical security.

Cybersecurity developed as a distinct field throughout the 1960s and 70s and exploded into the public consciousness in the late 1980s, after a series of events that highlighted just how dangerous a lack of security could be. Continuing to grow throughout the 90s, cybersecurity is now a core part of modern life. Let’s explore the brief history of this field!

When you hear the word “hacker” , you probably think of a mysterious individual sitting alone in a dark room, watching information scroll by on multiple windows as they conduct nefarious deeds.

The media often takes creative liberties when depicting hackers. It may surprise you to learn that the origin of the ‘modern hacker’ was a counterculture of people tinkering with technology or finding new ways of sharing information. Hacking is not innately tied to breaking into computers. In fact, an early instance of hacking in 1963 involved hacking a phone system to make long-distance calls for free. Hacking is the act of working within the confines of a system to produce unintended behavior. That behavior ranges from cracking passwords to saving a spaceship’s air system using spare parts .

The more connected we are, the more important cybersecurity is, and the widespread adoption of time-sharing in the 60s was a big increase in connectivity. Computers of the era were expensive and bulky; timesharing let multiple people use a single large computer at the same time, which meant that precautions were needed to prevent unauthorized access to files and to the computer itself. Computing time was expensive in those days! The solution of protecting accounts with passwords has persisted to modern times.

The creation of ARPANET , the earliest form of the internet, gave hackers a lot to think about and explore. ARPANET was a testing ground for new technologies, and the hacker and technical communities busied themselves with developing and prototyping new technologies, including email. There were a few adventures into the development of malware (short for malicious software), including Creeper and Reaper, the first computer worms, but these were academic exercises more than anything else.

The message you would have seen if you received a visit from Creeper!

In this era of rapid development and experimentation, the security of the technology being developed was not a concern. The widespread view of ARPANET as a cooperative academic endeavor and the absence of well-established best practices meant that the motivation and means to design secure systems and software were limited. However, people were starting to think about security. A 1975 paper titled The Protection of Information in Computer Systems presented principles and concepts that would become critical to cybersecurity in the future.

The 1980s were a chaotic time; the Internet was formed in 1983, and the adoption of the Internet Protocol Suite by ARPANET and other networks added more potential targets and attackers to the mix. The first “real” malware emerged during this time, as did the public panic around The Cold War. Tools and techniques developed during this era would become common in modern cybersecurity; dictionary attacks used stolen lists of passwords and exploited weak default credentials, while decoy computer systems trapped attackers.

The late 80’s gave two major events.

• The first was the discovery that a hacker working for the KGB gained access to sensitive documents from the U.S. military.
• The second was the creation of the world’s truly serious piece of malware: the Morris Worm . It was originally written to map the size of the internet but quickly grew out of control, choking computers with multiple copies of itself, and clogging the network as it kept replicating.

These incidences exploited unsecured default settings; default passwords like “admin” ensured a system or piece of software was easily exploitable.

The 1990s are widely considered to be the era of viruses. Computers that connected to the internet became more common in households and this increased access. This led to unskilled script kiddies — individuals who download a piece of code and run it without having to write any code themselves. They can use that code to launch attacks they don’t understand in order to vandalize or destroy targets for fun.

The unfocused, scattered attacks of the era led to the rise of the anti-malware industry, evolving from a curiosity to a core part of modern cybersecurity. Cybersecurity, as a whole, started to be taken much more seriously. Large companies made public pushes to improve the security of their products. Household computers were often targeted by the rampant malware of the era, demonstrating the consequences of poor cybersecurity to their owners.

More and more data became digitized — particularly monetary transactions. As the script kiddies of the 90s grew up and gained more experience, the scale of threats shifted, and attackers started having larger targets beyond vandalism and destruction. Credit-card breaches, hacktivism, and holding corporations’ systems for ransom became increasingly common, as malicious hackers realized there was real money to be made from cybercrime.

Hundreds of millions of sets of credit card data were breached over the course of the decade.

The threats of data breaches and ransomware attacks forced large businesses to improve their cybersecurity programs. Being hacked was no longer just a matter of vandalism; it could lead to extended downtime, loss of customer loyalty, lawsuits, and fines from regulatory bodies.

During the 2010s, the scale of threats continued to grow: Attacks by nation-states increased in frequency, and they carried out infiltration and surveillance campaigns and deployed cyberweapons to attack strategic objectives. Malicious hacker groups targeted major corporations and government organizations, stealing data and launching ransomware attacks, and the growing number of smart devices in circulation gave these groups an entirely new type of target.

The most dangerous of these new threat actors are known as APTs: Advanced Persistent Threats . Often funded by nation-states, APTs possess resources and determination far beyond what smaller threat actors might have access to. While lesser threat actors might be capable of launching cyber attacks against a target, APTs are capable of running entire cyber-campaigns, attempting to infiltrate their target across multiple domains simultaneously.

Large-scale cybersecurity incidents became more and more common: WannaCry and NotPetya caused global damage, the [Equifax) and Yahoo! breaches revealed hundreds of millions of pieces of personal information, and countless companies and organizations were hit by ransomware attacks, bringing their operations grinding to a halt.

The present

With the world as connected as it is, cybersecurity is about protecting people as much as it is about protecting computers. People are fallible, and, like computers, we have vulnerabilities that can be exploited: Emotional manipulation and social engineering are powerful tools, used by hackers to gain access to secure systems. Many of the systems we rely on run on computers, and the stakes for protecting them have never been higher. Attacks on those computers can disrupt transportation, power, economy, healthcare, communication, and even lives.

With computers so integrated into our lives, it’s crucial that we protect them. In cybersecurity, we must learn from our mistakes, applying the lessons learned in the past to prevent attacks in the future. This is the domain of security researchers and ethical hackers: Finding and fixing vulnerabilities before they can be exploited, and helping to make us and our computers as safe as possible.

Learn More on Codecademy

Cybersecurity for business, introduction to cybersecurity.

Evolution Of Cybersecurity: A Brief History And Future Outlook

crawsecurity

The evolution of cybersecurity is a fascinating journey that has closely followed the rapid development of information technology. This brief overview covers key milestones in the history of cybersecurity and offers insights into its future outlook:

1. Early Beginnings (1940s-1960s): The field of cybersecurity has its roots in the early days of computing when security concerns were limited to the physical protection of machines. Early efforts focused on secure communication, and concepts like cryptography began to emerge.

2. The Rise of Hacking (1970s-1980s): As computer networks grew, so did the interest in exploiting vulnerabilities. The 1970s and 1980s saw the emergence of the first hackers, like Kevin Mitnick, who gained notoriety for their exploits. This era also saw the development of the first antivirus software.

3. Internet Explosion (1990s): The proliferation of the internet brought about new challenges. The Morris Worm (1988) demonstrated the destructive potential of malware, leading to increased efforts in intrusion detection and antivirus tools. Firewalls also became commonplace.

4. Y2K and Cybersecurity Awareness (2000s): The fear of the Y2K bug prompted organizations to invest in cybersecurity. The early 2000s saw the emergence of more sophisticated malware and the need for improved defense mechanisms, including intrusion prevention systems and secure coding practices.

5. Advanced Persistent Threats (2010s): The 2010s witnessed the rise of sophisticated cyberattacks attributed to nation-states and advanced criminal groups. High-profile breaches, like those at Target and Sony, highlighted the importance of cybersecurity. This period also saw the growth of the cybersecurity industry, with increased investment in startups and innovations like machine learning-based threat detection.

6. IoT and Cloud Security (2010s-2020s): With the proliferation of Internet of Things (IoT) devices and the shift to cloud computing, new attack vectors emerged. Ensuring the security of these technologies became a top priority for organizations.

7. The Future Outlook (2020s and Beyond): Looking ahead, several trends are shaping the future of cybersecurity:

• Artificial Intelligence (AI) and Machine Learning: AI-powered threat detection and response will become more prevalent, both for cybersecurity and in the hands of attackers.
• Zero Trust Security: The traditional perimeter-based approach is giving way to a zero-trust model that assumes no trust by default, with strict access controls.
• Quantum Computing Threats: The advent of quantum computing poses a potential threat to current encryption methods, spurring the development of quantum-resistant cryptography.
• IoT Security: As IoT devices continue to multiply, security concerns will intensify, requiring better device security and network segmentation.
• Regulations and Compliance: Stricter data protection regulations, like GDPR and CCPA, will drive organizations to prioritize cybersecurity compliance.
• Cybersecurity Workforce: The shortage of skilled cybersecurity professionals will remain a challenge, emphasizing the need for education and training programs.
• Cyber-Physical Systems Security: As more systems become interconnected, securing critical infrastructure and cyber-physical systems will be a focal point.

In conclusion, the evolution of cybersecurity has been a dynamic response to the changing landscape of technology and threats. The future of cybersecurity will continue to adapt to emerging technologies and threats, emphasizing the importance of proactive measures, strong collaboration between public and private sectors, and ongoing innovation in the field.

Written by crawsecurity

Best Ethical Hacking Institute In Delhi

Text to speech

30 Nov The History Of Cybercrime And Cybersecurity, 1940-2020

From phone phreaks to next generation cyberattacks.

Prague, Czech Republic – Nov. 30, 2020

From the 1940s to the present, discover how  cybercrime and cybersecurity have developed to become what we know today.

Many species evolve in parallel, each seeking a competitive edge over the other. As cybersecurity and technology have evolved, so have criminals and ‘bad actors’ who seek to  exploit  weaknesses in the system for personal gain – or just to prove a point. 

This arms race has been going on since the 1950s, and this article explains the evolution of cyberattacks and security solutions. 

• 1940s : The time before crime
• 1950s : The phone phreaks
• 1960s : All quiet on the Western Front
• 1970s : Computer security is born
• 1980s : From ARPANET to internet
• 1990s : The world goes online
• 2000s :  Threats  diversify and multiply
• 2010s : The next generation

1940s: The time before crime

For nearly two decades after the creation of the world’s first digital computer in  1943 , carrying out cyberattacks was tricky. Access to the giant electronic machines was limited to small numbers of people and they weren’t networked – only a few people knew how to work them so the threat was almost non-existent.

Interestingly, the theory underlying computer viruses was first made public in 1949 when computer pioneer John von Neumann speculated that computer programs could reproduce.

1950s: The phone phreaks

The technological and subcultural roots of hacking are as much related to early telephones as they are to computers.

In the late 1950s, ‘phone phreaking’ emerged. The term captures several methods that ‘phreaks’ – people with a particular interest in the workings of phones – used to hijack the protocols that allowed telecoms engineers to work on the network remotely to make free calls and avoid long-distance tolls. Sadly for the phone companies, there was no way of stopping the phreaks, although the practice eventually died out in the 1980s. 

The phreaks had become a community, even issuing newsletters, and included technological trailblazers like Apple’s founders Steve Wozniak and Steve Jobs. The mold was set for digital technology.

Igor Golovniov / Shutterstock.com

1960s: All quiet on the Western Front

The  first-ever reference  to malicious hacking was in the Massachusetts Institute of Technology’s student newspaper.

Even by the mid-1960s, most computers were huge mainframes, locked away in secure temperature-controlled rooms. These machines were very costly, so access – even to programmers – remained limited. 

However, there were early forays into hacking by some of those with access, often students. At this stage, the attacks had no commercial or geopolitical benefits. Most  hackers  were curious mischief-makers or those who sought to improve existing systems by making them work more quickly or efficiently. 

In 1967, IBM invited school kids to try out their new computer. After exploring the accessible parts of the system, the students worked to probe deeper, learning the system’s language, and gaining access to other parts of the system. 

This was a valuable lesson to the company and they acknowledged their gratitude to “a number of high school students for their compulsion to bomb the system”, which resulted in the development of defensive measures – and possibly the defensive mindset that would prove essential to developers from then on. Ethical hacking is still practiced today.

As computers started to reduce in size and cost, many large companies invested in technologies to store and manage data and systems. Storing them under lock and key became redundant as more people needed access to them and passwords began to be used.

Roman Belogorodov /  Shutterstock.com

1970s: Computer security is born

Cybersecurity proper began in 1972 with a research project on ARPANET (The Advanced Research Projects Agency Network), a precursor to the internet.

ARPANET developed protocols for remote computer networking. 

Researcher  Bob Thomas  created a computer program called Creeper that could move across ARPANET’s network, leaving a breadcrumb trail wherever it went. It read: ‘I’m the creeper, catch me if you can’. Ray Tomlinson – the inventor of email – wrote the program Reaper, which chased and deleted Creeper. Reaper was not only the very first example of antivirus software, but it was also the first self-replicating program, making it the first-ever  computer worm .

An example of the Creeper’s taunting message. (Image credit:  Core War )

Challenging the vulnerabilities in these emerging technologies became more important as more organizations were starting to use the telephone to create remote networks. Each piece of connected hardware presented a new ‘entry point’ and needed to be protected.

As reliance on computers increased and networking grew, it became clear to governments that security was essential, and unauthorized access to data and systems could be catastrophic. 1972-1974 witnessed a marked increase in discussions around computer security, mainly by academics  in papers .

Creating early computer security was undertaken by ESD and ARPA with the U.S. Air Force and other organizations that worked cooperatively to develop a design for a security kernel for the Honeywell Multics (HIS level 68) computer system. UCLA and the Stanford Research Institute worked on similar projects.

ARPA’s Protection Analysis project explored operating system security; identifying, where possible, automatable techniques for detecting vulnerabilities in software.

By the mid-1970s, the concept of cybersecurity was maturing. In 1976  Operating System Structures to Support Security and Reliable Software  stated :

“Security has become an important and challenging goal in the design of computer systems.”

In 1979, 16-year-old  Kevin Mitnick  famously hacked into The Ark – the computer at the Digital Equipment Corporation used for developing operating systems – and made copies of the software. He was arrested and jailed for what would be the first of several cyberattacks he conducted over the next few decades. Today he runs Mitnick Security Consulting.

Gennady Grechishkin /  Shutterstock.com

1980s: From ARPANET to internet

The 1980s brought an increase in high-profile attacks, including those at National CSS, AT&T, and Los Alamos National Laboratory. The movie War Games, in which a rogue computer program takes over nuclear missiles systems under the guise of a game, was released in 1983. This was the same year that the terms  Trojan  Horse and Computer  Virus  were first used. 

At the time of the Cold War, the threat of cyber espionage evolved. In 1985, The US Department of Defense published the Trusted Computer System Evaluation Criteria (aka The Orange Book) that provided guidance on:

• Assessing the degree of trust that can be placed in software that processes classified or other sensitive information
• What security measures manufacturers needed to build into their commercial products. 

Despite this, in 1986, German hacker Marcus Hess used an internet gateway in Berkeley, CA, to piggyback onto the ARPANET. He hacked 400 military computers, including mainframes at the Pentagon, intending to sell information to the KGB.

Security started to be taken more seriously. Savvy users quickly learned to monitor the command.com file size, having noticed that an increase in size was the first sign of potential infection. Cybersecurity measures incorporated this thinking, and a sudden reduction in free operating memory remains a sign of attack to this day.

1987: The birth of cybersecurity

1987 was the birth year of commercial antivirus, although there are competing claims for the innovator of the first antivirus product.

• Andreas Lüning and Kai Figge released their first antivirus product for the Atari ST – which also saw the release of Ultimate Virus Killer (UVK)
• Three Czechoslovakians created the first version of NOD antivirus
• In the U.S., John McAfee founded McAfee (now part of Intel Security), and released VirusScan.

Also in 1987: 

• One of the earliest documented ‘in the wild’ virus removals was performed by German Bernd Fix when he neutralized the infamous Vienna virus – an early example of  malware  that spread and corrupted files.
• The encrypted Cascade virus, which infected .COM files, first appeared .A year later, Cascade caused a serious incident in IBM’s Belgian office and served as the impetus for IBM’s antivirus product development. Before this, any antivirus solutions developed at IBM had been intended for internal use only.

The Cascade virus made text ‘fall’ to the bottom of the screen

By 1988, many antivirus companies had been established around the world – including Avast, which was founded by Eduard Kučera and Pavel Baudiš in Prague, Czech Republic. Today,  Avast  has a team of more than 1,700 worldwide and stops around 1.5 billion attacks every month. 

Early antivirus software consisted of simple scanners that performed context searches to detect unique virus code sequences. Many of these scanners also included ‘immunizers’ that modified programs to make viruses think the computer was already infected and not attack them. As the number of viruses increased into the hundreds, immunizers quickly became ineffective.

It was also becoming clear to antivirus companies that they could only react to existing attacks, and a lack of a universal and ubiquitous network (the internet) made updates hard to deploy. 

As the world slowly started to take notice of computer viruses, 1988 also witnessed the first electronic forum devoted to antivirus security – Virus-L – on the Usenet network. The decade also saw the birth of the antivirus press: UK-based Sophos-sponsored Virus Bulletin and Dr. Solomon’s Virus Fax International. 

The decade closed with more additions to the cybersecurity market, including F-Prot, ThunderBYTE, and Norman Virus Control. In 1989, IBM finally commercialized their internal antivirus project and IBM Virscan for MS-DOS went on sale for $35. 

Further reading: For more nostalgia, check out our guide to  the best hardware of the 1980s .

1990s: The world goes online

1990 was quite a year:

• The first polymorphic viruses were created (code that mutates while keeping the original algorithm intact to avoid detection)
• British computer magazine  PC Today  released an edition with a free disc that ‘accidentally’ contained the DiskKiller virus, infecting tens of thousands of computers
• EICAR (European Institute for Computer Antivirus Research) was established

Early antivirus was purely signature-based, comparing binaries on a system with a database of virus ‘signatures’. This meant that early antivirus produced many false positives and used a lot of computational power – which frustrated users as productivity slowed.

As more antivirus scanners hit the market, cybercriminals were responding and in 1992 the first anti-antivirus program appeared. 

By 1996, many viruses used new techniques and innovative methods, including stealth capability, polymorphism, and ‘macro viruses’, posing a new set of challenges for antivirus vendors who had to develop new detection and removal capabilities. 

New virus and malware numbers exploded in the 1990s, from tens of thousands early in the decade growing to 5 million every year by 2007. By the mid-‘90s, it was clear that cybersecurity had to be mass-produced to protect the public. One NASA researcher developed the first  firewall  program, modeling it on the physical structures that prevent the spread of actual fires in buildings.

The late 1990s were also marked by conflict and friction between antivirus developers:

• McAfee accused Dr. Solomon’s of cheating so that testing of uninfected discs showed good speed results and the scan tests of virus collections showed good detection results. Dr. Solomon’s filed suit in response
• Taiwanese developer Trend Micro accused McAfee and Symantec of violating its patent on virus scan-checking technology via the internet and electronic mail. Symantec then accused McAfee of using code from Symantec’s Norton AntiVirus.

Heuristic detection also emerged as a new method to tackle the huge number of virus variants. Antivirus scanners started to use generic signatures – often containing non-contiguous code and using wildcard characters – to detect viruses even if the threat had been ‘hidden’ inside meaningless code.

Email: a blessing and a curse

Towards the end of the 1990s, email was proliferating and while it promised to revolutionize communication, it also opened up a new entry point for viruses. 

In 1999, the  Melissa virus  was unleashed. It entered the user’s computer via a Word document and then emailed copies of itself to the first 50 email addresses in Microsoft Outlook. It remains one of the fastest spreading viruses and the damage cost around $80 million to fix.

2000s: Threats diversify and multiply

With the internet available in more homes and offices across the globe, cybercriminals had more devices and software vulnerabilities to exploit than ever before. And, as more and more data was being kept digitally, there was more to plunder.

In 2001, a new infection technique appeared: users no longer needed to download files – visiting an infected website was enough as bad actors replaced clean pages with infected ones or ‘hid’ malware on legitimate webpages. Instant messaging services also began to get attacked, and worms designed to propagate via IRC (Internet Chat Relay) channel also arrived.

The development of  zero-day attacks , which make use of ‘holes’ in security measures for new software and applications, meant that antivirus was becoming less effective – you can’t check code against existing attack signatures unless the virus already exists in the database. Computer magazine  c’t  found that  detection rates  for  zero-day  threats had dropped from 40-50% in 2006 to only 20-30% in 2007. 

As crime organizations started to heavily fund professional cyberattacks, the good guys were hot on their trail:

• 2000: the first open-source antivirus engine  OpenAntivirus Project  is made available
• 2001: ClamAV is launched, the first-ever open-source antivirus engine to be commercialized
• 2001: Avast launches free antivirus software, offering a fully-featured security solution to the masses. The initiative grew the Avast user base to more than 20 million in five years.

A key challenge of antivirus is that it can often slow a computer’s performance. One solution to this was to move the software off the computer and into the cloud. In 2007, Panda Security combined cloud technology with threat intelligence in their antivirus product – an industry-first. McAfee Labs followed suit in 2008, adding cloud-based  anti-malware  functionality to VirusScan. The following year, the Anti-Malware Testing Standards Organization (AMTSO) was created and started working shortly after on a method of testing cloud products. 

Another innovation this decade was OS security – cybersecurity that’s built into the operating system, providing an additional layer of protection. This often includes performing regular OS patch updates, installation of updated antivirus engines and software, firewalls, and secure accounts with user management. 

With the proliferation of smartphones, antivirus was also developed for Android and Windows mobile.

2010s: The next generation

The 2010s saw many high-profile breaches and attacks starting to impact the national security of countries and cost businesses millions. 

• 2012: Saudi hacker 0XOMAR publishes the details of more than 400,000 credit cards online
• 2013: Former CIA employee for the US Government Edward Snowden copied and leaked classified information from the National Security Agency (NSA)
• 2013-2014: Malicious hackers broke into Yahoo, compromising the accounts and personal information of its 3 billion users. Yahoo was subsequently fined $35 million for failing to disclose the news
• 2017:  WannaCry   ransomware  infects 230,000 computers in one day
• 2019: Multiple  DDoS  attacks forced New Zealand’s stock market to temporarily shut down

The increasing connectedness and the ongoing digitization of many aspects of life continued to offer cybercriminals new opportunities to exploit. Cybersecurity tailored specifically to the needs of businesses became more prominent and in 2011, Avast launched its first business product. 

As cybersecurity developed to tackle the expanding range of attack types, criminals responded with their own innovations: multi-vector attacks and  social engineering . Attackers were becoming smarter and antivirus was forced to shift away from signature-based methods of detection to  ‘next generation’  innovations.

Next-gen cybersecurity uses different approaches to increase detection of new and unprecedented threats, while also reducing the number of false positives. It typically involves:

• Multi-factor authentication  (MFA)
• Network Behavioural Analysis (NBA) – identifying malicious files based on behavioral deviations or anomalies
• Threat intelligence and update automation 
• Real-time protection – also referred to as on-access scanning, background guard, resident shield and auto-protect
• Sandboxing  – creating an isolated test environment where you can execute a suspicious file or URL
• Forensics – replaying attacks to help security teams better mitigate future breaches
• Back-up and mirroring 
• Web application firewalls (WAF) – protecting against cross-site forgery, cross-site-scripting ( XSS ), file inclusion, and SQL injection.

Who knows what the next decade will bring? Whatever happens,  Avast Business  will be there to provide advanced protection for organizations and offer peace of mind for business leaders and IT professionals. Learn more about our range of solutions and find which one is best suited for your business using our Help Me Choose tool. 

This blog originally appeared  here .

AVAST Archives

– Katie Chadd is an e-Commerce Manager at Avast.

Avast  is one of the largest security companies in the world using next-gen technologies to fight cyber attacks in real time.  We differ from other next-gen companies  in that we have an immense cloud-based machine learning engine that receives a constant stream of data from our hundreds of millions of users, which facilitates learning at unprecedented speeds and makes our artificial intelligence engine smarter and faster than anyone else’s.

© 2024 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this content by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.

All rights reserved Cybersecurity Ventures © 2024

CYBERSECURITY PUNDITS: 2024 LIST OF INDUSTRY EXPERTS VIEW LIST