Nervous System: What Hollywood Has Taught the U.S. Government About Cybersecurity
The films WarGames and Sneakers did more than just influence the box office—they helped create cybersecurity policy.
October 12, 2018 at 09:30 AM
7 minute read
With the aggressive pace of technological change and the onslaught of news regarding data breaches, cyber-attacks, and technological threats to privacy and security, it is easy to assume these are fundamentally new threats. The pace of technological change is slower than it feels, and many seemingly new categories of threats have actually been with us longer than we remember. Nervous System is a monthly blog that approaches issues of data privacy and cybersecurity from the context of history—to look to the past for clues about how to interpret the present and prepare for the future.
The state of modern American cybersecurity owes a curious debt to Hollywood. In an indirect but vital way, a pair of screenwriters and the blockbuster technothrillers they created influenced and guided top policymakers at crucial junctures in the development of today's Information Age.
In 1980, Lawrence Lasker and Walter Parkes were working on a script about a teenage hacker who breaks into the North American Air Defense Command (NORAD) system and almost triggers World War III. Worried that certain plot points seemed farfetched, they approached knowledgeable experts in the hopes of getting a better sense of how the real systems actually worked. They received a meeting with William Ware, a legendary figure in the field of computer security. Ware had helped design one of the first electrical computers and headed the Computer Science department at the RAND Corporation, a top Defense Department contractor. He was also an advisor to the National Security Agency (NSA), although the screenwriters did not know that—what they did know was that in 1967 Ware had authored a seminal paper on information security, Security and Privacy in Computer Systems.
Ware's concern, in both 1967 and 1980, was that the habit of networking computers meant that the entire system was only ever as secure as the least secured part of the network. A breach to one part was a breach to the whole thing. Since classified military data was stored on the same network as unsecured and unclassified data, Ware knew that top government secrets were at risk of exposure to anyone with the ability to hack into the unsecured parts of the network.
Far from telling Lasker and Parkes that their scenario was fanciful, Ware reassured them that the risks they were dramatizing were very real.
Their movie WarGames hit theaters in summer 1983 and became a sensation. One of the first people to see the film was Ronald Reagan (a perk of being chief executive). As vividly recounted by Fred Kaplan in his book Dark Territory: The Secret History of Cyber War, Reagan was shaken by the film. A few days later, he attended a meeting with the Joint Chiefs of Staff; the secretaries of Defense, Treasury, and State; his own security staff; and top Congressional leaders ostensibly to discuss nuclear armaments… but Reagan sidetracked the meeting to recount the film in detail. This was an era in which it was still unusual for the Leader of the Free World to draw policy suggestions from movies and TV, and many of the important people gathered at this meeting struggled to avoid obviously rolling their eyes at Reagan's fixation. Finally, the president called on General John Vessey, the chairman of the Joint Chiefs, to find out if something like what happened in the movie could happen in real life.
General Vessey was alarmed to discover it could, and that there were people inside the NSA who had been warning of this threat for some time. The makers of WarGames had given voice to these fears and gotten the attention of the President to do something about it.
The White House quickly drafted and published National Security Decision Directive Number 145 (NSDD-145), placing the NSA in charge of monitoring and securing the nation's information technology systems. It was the first serious discussion of cybersecurity by top policymakers, but it was a short-lived endeavor. Civil libertarians in Congress objected that the NSA did not have the constitutional authority to spy on Americans and balked at any attempt to give the NSA this power through executive fiat. The directive was all but abandoned, and the subsequent Computer Security Act of 1987 gave the NSA control over military computers only.
Eight years later, Bill Clinton was now president, but the nation's information system infrastructure was still largely unprotected and its security ignored by policymakers. Meanwhile, Rear Admiral Mike McConnell struggled to reform the moribund NSA. The agency was still mired in the Cold War, focused on monitoring analog radio signals from the Russians despite the fall of the USSR and the almost complete switchover to digital communications.
Then McConnell saw the movie Sneakers, in which Robert Redford plays a computer hacker recruited to steal critical security technology from the NSA. In much the same way that Reagan was transported by seeing WarGames a decade earlier, McConnell felt the movie was speaking directly to him. He told his staff to see the film and even obtained a print of it himself to screen personally to NSA top officials. McConnell considered Sneakers to be the NSA's mission statement.
As it happened, Sneakers had also been written by the team of Lawrence Lasker and Walter Parkes, who had found themselves once again inspiring governmental officials.
McConnell created a new position, director of Information Warfare, based on the film. Soon, others in the defense sector also started speaking in language they had picked up from the movie.
They had not just taken up the movie's way of speaking about “information warfare,” but also changed their way of thinking. The NSA had spent years passively listening to enemy communications. The idea of information warfare was to make that technology proactive—to penetrate enemy systems to distort, disable, and derail them.
The problem was that whatever we could do to them, they could do to us. In an age of physical threats, the United States enjoyed a certain inherent protection from its size and geography. If an enemy wanted to bomb us, it would first have to get the bomb to us; if it wanted to invade us, it would first have to get its army over here. In an era of cyber threats, however, one person with one computer sitting almost anywhere in the world could infiltrate and compromise critical computer systems. The greatest threats were no longer big and cumbersome, but invisible and ephemeral.
On July 15, 1996, President Clinton signed Executive Order 13010, establishing a blue-ribbon commission to study threats to the nation's critical infrastructure from threats both physical (to tangible property) and cyber (from electronic, radio, or computer-based attacks on critical information or communication systems).
At last, the US government was preparing to take cybersecurity seriously, thanks to a couple of screenwriters who unwittingly rattled the right cages.
David Kalat is Director, Global Investigations + Strategic Intelligence at Berkeley Research Group. David is a computer forensic investigator and e-discovery project manager. Disclaimer for commentary: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250