Cornell University Press

For Information Security, What Was Old Must Become New Again

Return to Home

The modern world is mired in failures of information security.

Criminals use malicious software known as “ransomware” to encrypt files and then demand payment for decrypting them. A panoply of organizations have suffered ransomware attacks, including hospitals, state and local governments, and major commercial companies.

In what is referred to as a “supply chain attack,” hackers target a supplier such as a software vendor in order to compromise the customers of that supplier. Nation-states such as Russia and China have employed supply chain attacks to carry out espionage.

Why do such endemic failures of information security exist, and how can they be addressed?

The Present is a Product of the Past

Information security is a fast-moving field, and it is easy to be carried along by the wave of new security vulnerabilities, new hacking techniques, and new data breaches. There are also powerful incentives within the commercial markets that push people and organizations to focus on the latest threat du jour.

The unfortunate result is that considerable time and effort is spent on mitigating symptoms when it would be better to address the underlying causes.

Today’s security failures have deep roots that stretch back several decades into the past. The effect of decisions made at the very birth of computing affect us today.

It is only by confronting these root causes that information security can be fundamentally improved, and to accomplish this requires an understanding of how they came to exist.

The History of Information Security

A Vulnerable System: The History of Information Security in the Computer Age delivers a long view of the history of information security, beginning with the creation of the first digital computers.

The book describes the history of information security as it unfolds alongside the history of computing itself. The creation of the first multi-user computers, the first programming languages, the internet, and the world wide web, all had profound effects on our ability to deliver the security of information.

The development of important disciplines within the field of information security are also detailed, such as software security, usable security, and the economics of security. These disciplines emerged as a result of the shifting landscape of computing.

This historical approach reveals that much of modern-day thinking takes place in a strange ahistorical vacuum.  It is not therefore an imperfect understanding of the present that limits us, but rather an incomplete understanding of the past.

Wittgenstein describes how the limits of our language create the limits of our world. In order for there to be meaningful progress in information security, our language—meaning our understanding—must now encompass our history.

*Featured photo: Source code from SATAN by Dan Farmer and Wietse Venema.

A Vulnerable System
Cover image of A Vulnerable System.
Read more about this book.

Andrew J. Stewart is an officer at a global investment bank. He received his MSc in Information Security from Royal Holloway, University of London.

Book Finder