Editing Computer security (section)

==History==
Since the [[Internet]]'s arrival and with the digital transformation initiated in recent years, the notion of cybersecurity has become a familiar subject in both our professional and personal lives. Cybersecurity and cyber threats have been consistently present for the last 60 years of technological change. In the 1970s and 1980s, computer security was mainly limited to [[wikt:academia|academia]] until the conception of the Internet, where, with increased connectivity, computer viruses and network intrusions began to take off. After the spread of viruses in the 1990s, the 2000s marked the institutionalization of organized attacks such as [[distributed denial of service]].<ref>{{Cite web |title=A Brief History of the Cybersecurity Profession |url=https://www.isaca.org/resources/news-and-trends/industry-news/2022/a-brief-history-of-the-cybersecurity-profession |access-date=2023-10-13 |website=ISACA}}</ref> This led to the formalization of cybersecurity as a professional discipline.<ref>{{Cite web |title=One step ahead in computing security |url=https://www.rit.edu/news/one-step-ahead-computing-security |access-date=2023-10-13 |website=RIT |language=en}}</ref>

The [[Security and Privacy in Computer Systems|April 1967 session]] organized by [[Willis Ware]] at the [[Spring Joint Computer Conference]], and the later publication of the [[Ware Report]], were foundational moments in the history of the field of computer security.<ref name="MAHC.2016.48">{{Cite journal |last1=Misa |first1=Thomas J. |year=2016 |title=Computer Security Discourse at RAND, SDC, and NSA (1958-1970) |url=https://dl.acm.org/doi/10.1109/MAHC.2016.48 |journal=IEEE Annals of the History of Computing |volume=38 |issue=4 |pages=12–25 |doi=10.1109/MAHC.2016.48 |s2cid=17609542|url-access=subscription }}</ref> Ware's work straddled the intersection of material, cultural, political, and social concerns.<ref name="MAHC.2016.48" />

A 1977 [[NIST]] publication<ref>{{cite web |first1=A. J.|last1=Neumann|first2=N.|last2=Statland|first3=R. D.|last3=Webb |date=1977 |title=Post-processing audit tools and techniques |url=https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nbsspecialpublication500-19.pdf |url-status=live |archive-url=https://web.archive.org/web/20161010044638/http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nbsspecialpublication500-19.pdf |archive-date=2016-10-10 |access-date=2020-06-19 |website=nist.gov |publisher=US Department of Commerce, National Bureau of Standards |pages=11–3–11–4 |language=en-US}}</ref> introduced the ''CIA triad'' of confidentiality, integrity, and availability as a clear and simple way to describe key security goals.<ref>{{cite web |last1=Irwin |first1=Luke |date=5 April 2018 |title=How NIST can protect the CIA triad, including the often overlooked 'I' – integrity |url=https://blog.itgovernanceusa.com/blog/how-nist-can-protect-the-cia-triad-including-the-often-overlooked-i-integrity |access-date=16 January 2021 |website=www.itgovernanceusa.com}}</ref> While still relevant, many more elaborate frameworks have since been proposed.<ref>{{cite web |last=Perrin |first=Chad |date=30 June 2008 |title=The CIA Triad |url=http://www.techrepublic.com/blog/security/the-cia-triad/488 |access-date=31 May 2012 |website=techrepublic.com}}</ref><ref>{{cite report |url=http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf |title=Engineering Principles for Information Technology Security |last1=Stoneburner |first1=G. |last2=Hayden |first2=C. |publisher=csrc.nist.gov |doi=10.6028/NIST.SP.800-27rA |last3=Feringa |first3=A. |archive-url=https://web.archive.org/web/20041012074937/http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf |archive-date=2004-10-12 |url-status=live |year=2004}} ''Note: this document has been superseded by later versions.''</ref>

However, in the 1970s and 1980s, there were no grave computer threats because computers and the internet were still developing, and security threats were easily identifiable. More often, threats came from malicious insiders who gained unauthorized access to sensitive documents and files. Although malware and network breaches existed during the early years, they did not use them for financial gain. By the second half of the 1970s, established computer firms like [[IBM]] started offering commercial access control systems and computer security software products.<ref>{{Cite journal |last=Yost |first=Jeffrey R. |date=April 2015 |title=The Origin and Early History of the Computer Security Software Products Industry |url=https://ieeexplore.ieee.org/document/7116464 |journal=IEEE Annals of the History of Computing |volume=37 |issue=2 |pages=46–58 |doi=10.1109/MAHC.2015.21 |issn=1934-1547 |s2cid=18929482|url-access=subscription }}</ref>

One of the earliest examples of an attack on a computer network was the [[computer worm]] [[Creeper and Reaper|Creeper]] written by Bob Thomas at [[BBN Technologies|BBN]], which propagated through the [[ARPANET]] in 1971.<ref>{{Cite web |date=2023-04-19 |title=A Brief History of Computer Viruses & What the Future Holds |url=https://www.kaspersky.com/resource-center/threats/a-brief-history-of-computer-viruses-and-what-the-future-holds |access-date=2024-06-12 |website=www.kaspersky.com |language=en}}</ref> The program was purely experimental in nature and carried no malicious payload. A later program, [[Creeper and Reaper|Reaper]], was created by [[Ray Tomlinson]] in 1972 and used to destroy Creeper.{{citation needed|date=April 2020}}

Between September 1986 and June 1987, a group of German hackers performed the first documented case of cyber espionage.<ref>{{Cite web |title=First incident of cyber-espionage |url=https://www.guinnessworldrecords.com/world-records/612868-first-incident-of-cyber-espionage |access-date=2024-01-23 |website=Guinness World Records}}</ref> The group hacked into American defense contractors, universities, and military base networks and sold gathered information to the Soviet KGB. The group was led by [[Markus Hess]], who was arrested on 29 June 1987. He was convicted of espionage (along with two co-conspirators) on 15 Feb 1990.

In 1988, one of the first computer worms, called the [[Morris worm]], was distributed via the Internet. It gained significant mainstream media attention.<ref>{{Cite web |last=FBI News |date=2018-11-02 |title=The Morris Worm - 30 Years Since First Major Attack on the Internet |url=https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218 |access-date=2024-01-23 |website=fbi.gov}}</ref>

[[Netscape]] started developing the protocol [[Transport Layer Security|SSL]], shortly after the National Center for Supercomputing Applications (NCSA) launched Mosaic 1.0, the first web browser, in 1993.<ref name=":0">{{Cite book |last=Boncella |first=Robert J |title=The Internet Encyclopedia, Volume 2 |date=April 2004 |publisher=Wiley |isbn=978-0-471-68996-6 |editor-last=Bidgoli |editor-first=Hossein |edition=2nd |page=262}}</ref><ref>{{Cite web |title=1993: Mosaic Launches and the Web is Set Free |url=https://webdevelopmenthistory.com/1993-mosaic-launches-and-the-web-is-set-free/ |website=Web Development History|date=8 December 2021 }}</ref> Netscape had SSL version 1.0 ready in 1994, but it was never released to the public due to many serious security vulnerabilities.<ref name=":0" /> However, in 1995, Netscape launched Version 2.0.<ref>{{cite web |url=https://www.webdesignmuseum.org/web-design-history/netscape-navigator-2-0-1995|title=Web Design Museum - Netscape Navigator 2.0|date=10 March 2023 |access-date= 4 December 2023}}</ref>

The [[National Security Agency]] (NSA) is responsible for the [[protection]] of U.S. information systems and also for collecting foreign intelligence.<ref>{{cite news |author=Nakashima |first=Ellen |date=26 January 2008 |title=Bush Order Expands Network Monitoring: Intelligence Agencies to Track Intrusions |newspaper=The Washington Post |url=https://www.washingtonpost.com/wp-dyn/content/article/2008/01/25/AR2008012503261_pf.html |access-date=8 February 2021}}</ref> The agency analyzes commonly used software and system configurations to find security flaws, which it can use for offensive purposes against competitors of the United States.<ref name="perlroth">{{cite news |first=Nicole |last=Perlroth |date=7 February 2021 |title=How the U.S. Lost to Hackers |work=[[The New York Times]] |url=https://www.nytimes.com/2021/02/06/technology/cyber-hackers-usa.html |url-access=limited |access-date=9 February 2021 |archive-url=https://ghostarchive.org/archive/20211228/https://www.nytimes.com/2021/02/06/technology/cyber-hackers-usa.html |archive-date=2021-12-28}}{{cbignore}}</ref>

NSA contractors created and sold ''click-and-shoot'' attack tools to US agencies and close allies, but eventually, the tools made their way to foreign adversaries.<ref>{{Cite web |last1=Perlroth |first1=Nicole |last2=Sanger |first2=David |last3=Shane |first3=Scott |date=May 6, 2019 |title=How Chinese Spies Got the N.S.A.'s Hacking Tools, and Used Them for Attacks |url=https://www.nytimes.com/2019/05/06/us/politics/china-hacking-cyber.html |access-date=October 18, 2024 |website=The New York Times}}</ref> In 2016, NSAs own hacking tools were hacked, and they have been used by Russia and North Korea.{{citation needed|date=April 2020}} NSA's employees and contractors have been recruited at high salaries by adversaries, anxious to compete in [[cyberwarfare]].{{citation needed|date=April 2020}} In 2007, the United States and [[Israel]] began exploiting security flaws in the [[Microsoft Windows]] operating system to attack and damage equipment used in Iran to refine nuclear materials. Iran responded by heavily investing in their own cyberwarfare capability, which it began using against the United States.<ref name="perlroth" />