Wake up call?

In trying to accredit intelligence databases for multilevel access,¹ the Defence Intelligence Agency requested a “security check of the system so that they could get their systems accredited for SI and TK [signals intelligence and Talent Keyhole/top secret] information”.² The result of the exercise can be best summarised by the following quote: “By the time the attacks terminated, the penetration was so thorough that a penetrator at a distant remote terminal had actually seized control of the system. [The Defence Intelligence Agency] never got its accreditation, and the results of the exercise made many at NSA sceptical that multilevel security could ever be achieved”.³ Similarly within the United States Air Force, teams testing the vulnerability of systems (so-called ‘tiger teams’) concluded in 1979: “In a very real sense the Air Force has been fortunate that security is so poor in current computers – the greater danger will come when the argument that a computer is secure because tiger teams failed to penetrate it appears plausible”.⁴

1 Thomas R. Johnson, American Cryptology during the Cold War, 1945-1989: Book IV Cryptologic Rebirth, 1981-1989 (Fort Meade: National Security Agency Center for Cryptologic History, 1995b). p. 293.

2 Ibid.

3 Roger R. Schell, “Computer Security,” Air University Review (1979).

4 Warner, “Cybersecurity: A Pre-History.” p. 786.