Wake up call?
In trying to accredit intelligence databases for multilevel access,1 the Defence Intelligence Agency requested a “security check of the system so that they could get their systems accredited for SI and TK [signals intelligence and Talent Keyhole/top secret] information”.2 The result of the exercise can be best summarised by the following quote: “By the time the attacks terminated, the penetration was so thorough that a penetrator at a distant remote terminal had actually seized control of the system. [The Defence Intelligence Agency] never got its accreditation, and the results of the exercise made many at NSA sceptical that multilevel security could ever be achieved”.3 Similarly within the United States Air Force, teams testing the vulnerability of systems (so-called ‘tiger teams’) concluded in 1979: “In a very real sense the Air Force has been fortunate that security is so poor in current computers – the greater danger will come when the argument that a computer is secure because tiger teams failed to penetrate it appears plausible”.4
1 Thomas R. Johnson, American Cryptology during the Cold War, 1945-1989: Book IV Cryptologic Rebirth, 1981-1989 (Fort Meade: National Security Agency Center for Cryptologic History, 1995b). p. 293.
3 Roger R. Schell, “Computer Security,” Air University Review (1979).
4 Warner, “Cybersecurity: A Pre-History.” p. 786.