30 years of risky business: A cybersecurity timeline
With all the attention on recent cyberattacks, it’s easy to forget that the government has been defending the nation’s online resources since the early days of the Internet. Here’s a look at some of the key milestones.
U.S. stages a proto-cyberattack, reprogramming computer equipment (which was being bought through a front company) intended for a Soviet gas pipeline, causing the pipeline to explode.
A researcher at Lawrence Berkeley National Laboratory discovers an international effort to copy information from U.S. government, military and academic computers connected to the Arpanet.
The worm turns up: A Cornell University student creates the first computer worm, which cripples 10 percent of the 88,000 computers on the Arpanet, leading the newly renamed Defense Advanced Research Projects Agency to contract with Carnegie Mellon University to create the CERT Coordination Center.
Arpanet becomes the operational network known as the Internet, with about 2.6 million people around the globe connected.
In response to concern over Internet security, Netscape develops Secure Sockets Layer encryption to secure online transactions.
Utah passes the Utah Digital Signature Act of 1995, becoming the first state to promote use of public-key infrastructure technology for digitally signing documents. PKI, developed in 1976, changed the shape of secure communications by using asymmetric cryptography in protocols such as SSL and Transport Layer Security. Government has been its biggest adopter, with the DISA’s PKI infrastructure for DOD’s Common Access Card program being the largest implementation.
NIST chooses the Advanced Encryption Standard (AES) for classified information; it’s formally approved in 2001.
The ILOVEYOU worm, a.k.a. love bug, infects government and private systems worldwide. In response, U.S. pushes for the Council of Europe Cybercrime Treaty, to harmonize computer crime laws among nations.
DHS begins operations, creates the National Cyber Security Division.
A Veterans Affairs Department employee loses a laptop in a burglary and with it the personal information on 26.5 million active duty troops and veterans. Later recovered untampered with, the incident raised the profile of the risks of mobile data and cost VA $20 million to settle a class action lawsuit.
An employee at the U.S. Central Command put a flash drive into a laptop and accidentally unleashed “Operation Buckshot Yankee,” the worst breach of U.S. computers to date, exposing data on classified and unclassified systems. The fact that it was a fairly unsophisticated worm — placed by a foreign intelligence agency — made the breach more alarming. It prompted the Defense Department to completely remake its cyber defense strategy, parts of which were declassified in 2010. “It isn’t the most capable threat, but that’s the point,” then-Deputy Defense Secretary William Lynn said at the time, “... We need a new strategic approach.”
The Aurora attacks, reportedly originating in China, hit Google and 33 other companies in search of intellectual property. In subsequent years, security experts report the well-funded group continues to strike defense-related and other industries.
U.S. Cyber Command goes operational.
Stuxnet, considered the first weaponized malware because of its targeted nature, throws a wrench into Iran’s nuclear program by disrupting centrifuges used for uranium enrichment. Reportedly created by a covert U.S.-Israeli program, Stuxnet was part of a sophisticated family of worms, including Flame and Duqu, that have upped the ante in cyber espionage and attacks.
The National Strategy for Trusted Identities in Cyberspace launches an initiative for a digital identity ecosystem to make online transactions more secure and enable more government and economic activity on the Internet.