Nervous System: What Hollywood Has Taught the U.S. Government About Cybersecurity
The films WarGames and Sneakers did more than just influence the box office—they helped create cybersecurity policy.
October 12, 2018 at 09:30 AM
7 minute read
|
With the aggressive pace of technological change and the onslaught of news regarding data breaches, cyber-attacks, and technological threats to privacy and security, it is easy to assume these are fundamentally new threats. The pace of technological change is slower than it feels, and many seemingly new categories of threats have actually been with us longer than we remember. Nervous System is a monthly blog that approaches issues of data privacy and cybersecurity from the context of history—to look to the past for clues about how to interpret the present and prepare for the future.
The state of modern American cybersecurity owes a curious debt to Hollywood. In an indirect but vital way, a pair of screenwriters and the blockbuster technothrillers they created influenced and guided top policymakers at crucial junctures in the development of today's Information Age.
In 1980, Lawrence Lasker and Walter Parkes were working on a script about a teenage hacker who breaks into the North American Air Defense Command (NORAD) system and almost triggers World War III. Worried that certain plot points seemed farfetched, they approached knowledgeable experts in the hopes of getting a better sense of how the real systems actually worked. They received a meeting with William Ware, a legendary figure in the field of computer security. Ware had helped design one of the first electrical computers and headed the Computer Science department at the RAND Corporation, a top Defense Department contractor. He was also an advisor to the National Security Agency (NSA), although the screenwriters did not know that—what they did know was that in 1967 Ware had authored a seminal paper on information security, Security and Privacy in Computer Systems.
Ware's concern, in both 1967 and 1980, was that the habit of networking computers meant that the entire system was only ever as secure as the least secured part of the network. A breach to one part was a breach to the whole thing. Since classified military data was stored on the same network as unsecured and unclassified data, Ware knew that top government secrets were at risk of exposure to anyone with the ability to hack into the unsecured parts of the network.
Far from telling Lasker and Parkes that their scenario was fanciful, Ware reassured them that the risks they were dramatizing were very real.
Their movie WarGames hit theaters in summer 1983 and became a sensation. One of the first people to see the film was Ronald Reagan (a perk of being chief executive). As vividly recounted by Fred Kaplan in his book Dark Territory: The Secret History of Cyber War, Reagan was shaken by the film. A few days later, he attended a meeting with the Joint Chiefs of Staff; the secretaries of Defense, Treasury, and State; his own security staff; and top Congressional leaders ostensibly to discuss nuclear armaments… but Reagan sidetracked the meeting to recount the film in detail. This was an era in which it was still unusual for the Leader of the Free World to draw policy suggestions from movies and TV, and many of the important people gathered at this meeting struggled to avoid obviously rolling their eyes at Reagan's fixation. Finally, the president called on General John Vessey, the chairman of the Joint Chiefs, to find out if something like what happened in the movie could happen in real life.
General Vessey was alarmed to discover it could, and that there were people inside the NSA who had been warning of this threat for some time. The makers of WarGames had given voice to these fears and gotten the attention of the President to do something about it.
The White House quickly drafted and published National Security Decision Directive Number 145 (NSDD-145), placing the NSA in charge of monitoring and securing the nation's information technology systems. It was the first serious discussion of cybersecurity by top policymakers, but it was a short-lived endeavor. Civil libertarians in Congress objected that the NSA did not have the constitutional authority to spy on Americans and balked at any attempt to give the NSA this power through executive fiat. The directive was all but abandoned, and the subsequent Computer Security Act of 1987 gave the NSA control over military computers only.
Eight years later, Bill Clinton was now president, but the nation's information system infrastructure was still largely unprotected and its security ignored by policymakers. Meanwhile, Rear Admiral Mike McConnell struggled to reform the moribund NSA. The agency was still mired in the Cold War, focused on monitoring analog radio signals from the Russians despite the fall of the USSR and the almost complete switchover to digital communications.
Then McConnell saw the movie Sneakers, in which Robert Redford plays a computer hacker recruited to steal critical security technology from the NSA. In much the same way that Reagan was transported by seeing WarGames a decade earlier, McConnell felt the movie was speaking directly to him. He told his staff to see the film and even obtained a print of it himself to screen personally to NSA top officials. McConnell considered Sneakers to be the NSA's mission statement.
As it happened, Sneakers had also been written by the team of Lawrence Lasker and Walter Parkes, who had found themselves once again inspiring governmental officials.
McConnell created a new position, director of Information Warfare, based on the film. Soon, others in the defense sector also started speaking in language they had picked up from the movie.
They had not just taken up the movie's way of speaking about “information warfare,” but also changed their way of thinking. The NSA had spent years passively listening to enemy communications. The idea of information warfare was to make that technology proactive—to penetrate enemy systems to distort, disable, and derail them.
The problem was that whatever we could do to them, they could do to us. In an age of physical threats, the United States enjoyed a certain inherent protection from its size and geography. If an enemy wanted to bomb us, it would first have to get the bomb to us; if it wanted to invade us, it would first have to get its army over here. In an era of cyber threats, however, one person with one computer sitting almost anywhere in the world could infiltrate and compromise critical computer systems. The greatest threats were no longer big and cumbersome, but invisible and ephemeral.
On July 15, 1996, President Clinton signed Executive Order 13010, establishing a blue-ribbon commission to study threats to the nation's critical infrastructure from threats both physical (to tangible property) and cyber (from electronic, radio, or computer-based attacks on critical information or communication systems).
At last, the US government was preparing to take cybersecurity seriously, thanks to a couple of screenwriters who unwittingly rattled the right cages.
David Kalat is Director, Global Investigations + Strategic Intelligence at Berkeley Research Group. David is a computer forensic investigator and e-discovery project manager. Disclaimer for commentary: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250