Editing Information security (section)

== History ==
Since the early days of communication, diplomats and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of correspondence and to have some means of detecting [[Tamper-evident|tampering]].<ref>{{Cite journal |last=Larsen |first=Daniel |date=2019-10-31 |title=Creating An American Culture Of Secrecy: Cryptography In Wilson-Era Diplomacy |url=https://doi.org/10.1093/dh/dhz046 |journal=Diplomatic History |doi=10.1093/dh/dhz046 |issn=0145-2096|url-access=subscription }}</ref> [[Julius Caesar]] is credited with the invention of the [[Caesar cipher]] c. 50 B.C., which was created in order to prevent his secret messages from being read should a message fall into the wrong hands.<ref>{{Citation|title=Introduction : Caesar Is Dead. Long Live Caesar!|url=http://dx.doi.org/10.5040/9781474245784.0005|work=Julius Caesar's Self-Created Image and Its Dramatic Afterlife|year=2018|publisher=Bloomsbury Academic|doi=10.5040/9781474245784.0005|isbn=978-1-4742-4578-4|access-date=2021-05-29|url-access=subscription}}</ref> However, for the most part protection was achieved through the application of procedural handling controls.<ref>{{cite book|first1=Gaius|last1=Suetonius Tranquillus|title=Lives of the Caesars (Oxford World's Classics)|year=2008|publisher=Oxford University Press|location=New York|isbn=978-0-19-953756-3|page=28|author-link=Suetonius}}</ref><ref>{{cite book |title=The Code Book |last=Singh |first=Simon |author-link=Simon Singh |year=2000 |publisher=Anchor |isbn=978-0-385-49532-5 |pages=[https://archive.org/details/codebook00simo/page/289 289–290] |title-link=The Code Book }}</ref> Sensitive information was marked up to indicate that it should be protected and transported by trusted persons, guarded and stored in a secure environment or strong box.<ref>{{Cite thesis|title=Towards trusted and secure communications in a vehicular environment|url=http://dx.doi.org/10.32657/10356/72758|publisher=Nanyang Technological University|first=Heng Chuan|last=Tan|year=2017|doi=10.32657/10356/72758}}</ref> As postal services expanded, governments created official organizations to intercept, decipher, read, and reseal letters (e.g., the U.K.'s Secret Office, founded in 1653<ref name="JohnsonTheEvo97">{{cite book |first=John |last=Johnson |title=The Evolution of British Sigint: 1653–1939 |year=1997 |publisher=Her Majesty's Stationery Office |asin=B00GYX1GX2}}</ref>).

In the mid-nineteenth century more complex [[Classified information|classification systems]] were developed to allow governments to manage their information according to the degree of sensitivity.<ref name=WBS_1>{{cite journal| title=Were Banks Special? Contrasting Viewpoints in Mid-Nineteenth Century Britain| author=Willison, M.| url=https://ssrn.com/abstract=3249510| journal=Monetary Economics: International Financial Flows| date=21 September 2018| access-date=1 December 2023| doi=10.2139/ssrn.3249510| url-access=subscription}}</ref> For example, the British Government codified this, to some extent, with the publication of the [[Official Secrets Act 1889|Official Secrets Act]] in 1889.<ref name="HastedtSpies11">{{cite book |chapter-url=https://books.google.com/books?id=A8WoNp2vI-cC&pg=PA589 |chapter=Official Secrets Act (1889; New 1911; Amended 1920, 1939, 1989) |title=Spies, Wiretaps, and Secret Operations: An Encyclopedia of American Espionage |volume=2 |author=Ruppert, K. |editor=Hastedt, G.P. |publisher=ABC-CLIO |year=2011 |pages=589–590 |isbn=9781851098088}}</ref> Section 1 of the law concerned espionage and unlawful disclosures of information, while Section 2 dealt with breaches of official trust.<ref>{{Cite book|chapter=2. The Clayton Act: A consideration of section 2, defining unlawful price discrimination|date=1930-12-31|chapter-url=http://dx.doi.org/10.7312/dunn93452-003|title=The Federal Anti-Trust Law|pages=18–28|publisher=Columbia University Press|doi=10.7312/dunn93452-003|isbn=978-0-231-89377-0|access-date=2021-05-29}}</ref> A public interest defense was soon added to defend disclosures in the interest of the state.<ref>{{cite web|last1=Maer|first1=Lucinda|last2=Gay|date=30 December 2008|title=Official Secrecy|url=https://fas.org/irp/world/uk/secrecy.pdf|website=Federation of American Scientists}}</ref> A similar law was passed in India in 1889, The Indian Official Secrets Act, which was associated with the British colonial era and used to crack down on newspapers that opposed the Raj's policies.<ref>{{Citation|title=The Official Secrets Act 1989 which replaced section 2 of the 1911 Act  <!-- appears to be missing from online edition --> |date=2016-06-10 |work=Espionage and Secrecy (Routledge Revivals)|pages=267–282|publisher=Routledge|doi=10.4324/9781315542515 |isbn=978-1-315-54251-5 |last1=Thomas |first1=Rosamund }}</ref> A newer version was passed in 1923 that extended to all matters of confidential or secret information for governance.<ref>{{cite web|date=2019-03-08|title=Official Secrets Act: what it covers; when it has been used, questioned|url=https://indianexpress.com/article/explained/official-secrets-act-what-it-covers-when-it-has-been-used-questioned-rafale-deal-5616457/|access-date=2020-08-07|website=The Indian Express|language=en}}</ref>  By the time of the [[First World War]], multi-tier classification systems were used to communicate information to and from various fronts, which encouraged greater use of code making and breaking sections in diplomatic and military headquarters.<ref>{{Cite journal|last1=Singh|first1=Gajendra|date=November 2015|title="Breaking the Chains with Which We were Bound": The Interrogation Chamber, the Indian National Army and the Negation of Military Identities, 1941–1947|url=http://dx.doi.org/10.1163/2352-3786_dlws1_b9789004211452_019|journal=Brill's Digital Library of World War I|doi=10.1163/2352-3786_dlws1_b9789004211452_019|access-date=2021-05-28|url-access=subscription}}</ref> Encoding became more sophisticated between the wars as machines were employed to scramble and unscramble information.<ref>{{Cite journal|last=Duncanson|first=Dennis|date=June 1982|title=The scramble to unscramble French Indochina|url=http://dx.doi.org/10.1080/03068378208730070|journal=Asian Affairs|volume=13|issue=2|pages=161–170|doi=10.1080/03068378208730070|issn=0306-8374|url-access=subscription}}</ref>

The establishment of [[computer security]] inaugurated the history of information security. The need for such appeared during [[World War II]].{{Sfn|Whitman|Mattord|5=2017|p=|pp=3}} The volume of information shared by the Allied countries during the Second World War necessitated formal alignment of classification systems and procedural controls.<ref>{{Citation|title=Allied Power. Mobilizing Hydro-Electricity During Canada'S Second World War|date=2015-12-31|url=http://dx.doi.org/10.3138/9781442617117-003|work=Allied Power|pages=1–2|publisher=University of Toronto Press|doi=10.3138/9781442617117-003|isbn=978-1-4426-1711-7|access-date=2021-05-29|url-access=subscription}}</ref> An arcane range of markings evolved to indicate who could handle documents (usually officers rather than enlisted troops) and where they should be stored as increasingly complex safes and storage facilities were developed.<ref>{{Citation|last=Glatthaar|first=Joseph T.|title=Officers and Enlisted Men|date=2011-06-15|url=http://dx.doi.org/10.5149/9780807877869_glatthaar.11|work=Soldiering in the Army of Northern Virginia|pages=83–96|publisher=University of North Carolina Press|doi=10.5149/9780807877869_glatthaar.11|isbn=978-0-8078-3492-3|access-date=2021-05-28|url-access=subscription}}</ref> The [[Enigma Machine]], which was employed by the Germans to encrypt the data of warfare and was successfully decrypted by [[Alan Turing]], can be regarded as a striking example of creating and using secured information.<ref name="Sebag-MontefioreEnigma11">{{cite book |title=Enigma: The Battle for the Code |author=Sebag–Montefiore, H. |publisher=Orion |pages=576 |year=2011 |isbn=9781780221236}}</ref> Procedures evolved to ensure documents were destroyed properly, and it was the failure to follow these procedures which led to some of the greatest intelligence coups of the war (e.g., the capture of [[U-570]]<ref name="Sebag-MontefioreEnigma11" />).

Various [[mainframe computers]] were connected online during the [[Cold War]] to complete more sophisticated tasks, in a communication process easier than mailing [[magnetic tapes]] back and forth by computer centers. As such, the [[Advanced Research Projects Agency]] (ARPA), of the [[United States Department of Defense]], started researching the feasibility of a networked system of communication to trade information within the [[United States Armed Forces]]. In 1968, the [[ARPANET]] project was formulated by [[Lawrence Roberts (scientist)|Larry Roberts]], which would later evolve into what is known as the [[internet]].{{Sfn|Whitman|Mattord|5=2017|pp=4-5}}

In 1973, important elements of ARPANET security were found by internet pioneer [[Robert Metcalfe]] to have many flaws such as the: "vulnerability of password structure and formats; lack of safety procedures for [[Dialup connection|dial-up connections]]; and nonexistent user identification and authorizations", aside from the lack of controls and safeguards to keep data safe from unauthorized access. Hackers had effortless access to ARPANET, as phone numbers were known by the public.{{Sfn|Whitman|Mattord|5=2017|p=5}} Due to these problems, coupled with the constant violation of computer security, as well as the exponential increase in the number of hosts and users of the system, "network security" was often alluded to as "network insecurity".{{Sfn|Whitman|Mattord|5=2017|p=5}}
[[File:Posters for information security for the Ministry of Defense of the Russian Federation.jpg|thumb|Poster promoting information security by the Russian [[Ministry of Defence (Russia)|Ministry of Defence]]]]
The end of the twentieth century and the early years of the twenty-first century saw rapid advancements in [[telecommunications]], computing [[computer hardware|hardware]] and [[software]], and data [[encryption]].<ref>{{Cite book|title=Thomas Merton: Twentieth-Century Wisdom for Twenty-First-Century Living|date=2012-04-26|url=http://dx.doi.org/10.2307/j.ctt1cg4k28.13|author=Dekar, Paul R.|pages=160–184|publisher=The Lutterworth Press|doi=10.2307/j.ctt1cg4k28.13|isbn=978-0-7188-4069-3|access-date=2021-05-29}}</ref> The availability of smaller, more powerful, and less expensive computing equipment made [[Data processing|electronic data processing]] within the reach of [[small business]] and home users.<ref>{{Cite report|last=Murphy|first=Richard C.|date=2009-09-01|title=Building more powerful less expensive supercomputers using Processing-In-Memory (PIM) LDRD final report|doi=10.2172/993898|url=http://dx.doi.org/10.2172/993898}}</ref> The establishment of Transfer Control Protocol/Internetwork Protocol (TCP/IP) in the early 1980s enabled different types of computers to communicate.<ref>{{cite web|title=A Brief History of the Internet|url=https://www.usg.edu/galileo/skills/unit07/internet07_02.phtml|access-date=2020-08-07|website=www.usg.edu}}</ref> These computers quickly became interconnected through the [[internet]].<ref>{{Cite journal|date=October 2001|title=Walking through the view of Delft - on Internet|url=http://dx.doi.org/10.1016/s0097-8493(01)00149-2|journal=Computers & Graphics|volume=25|issue=5|pages=927|doi=10.1016/s0097-8493(01)00149-2|issn=0097-8493|url-access=subscription}}</ref>

The rapid growth and widespread use of electronic data processing and [[electronic business]] conducted through the internet, along with numerous occurrences of international [[terrorism]], fueled the need for better methods of protecting the computers and the information they store, process, and transmit.<ref name="DeLeeuwTheHist07">{{cite book |chapter=Chapter 24: A History of Internet Security |title=The History of Information Security: A Comprehensive Handbook |url=https://archive.org/details/historyinformati00leeu |url-access=limited |author=DeNardis, L. |editor1=de Leeuw, K.M.M.|editor2=Bergstra, J. |publisher=Elsevier |pages=[https://archive.org/details/historyinformati00leeu/page/n661 681]–704 |year=2007 |isbn=9780080550589}}</ref> The academic disciplines of [[computer security]] and [[information assurance]] emerged along with numerous professional organizations, all sharing the common goals of ensuring the security and reliability of [[information system]]s.<ref>{{Cite book |last1=Parrish |first1=Allen |last2=Impagliazzo |first2=John |last3=Raj |first3=Rajendra K. |last4=Santos |first4=Henrique |last5=Asghar |first5=Muhammad Rizwan |last6=Jøsang |first6=Audun |last7=Pereira |first7=Teresa |last8=Stavrou |first8=Eliana |chapter=Global perspectives on cybersecurity education for 2030: A case for a meta-discipline |date=2018-07-02 |title=Proceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education |chapter-url=https://dl.acm.org/doi/10.1145/3293881.3295778 |language=en |publisher=ACM |pages=36–54 |doi=10.1145/3293881.3295778 |hdl=1822/71620 |isbn=978-1-4503-6223-8|s2cid=58004425 }}</ref>