Nervous System: What Hollywood Has Taught the US Government about Cybersecurity

David Kalat writes about how screenwriters for the films WarGames and Sneakers influenced and guided top policymakers in the development of modern American cybersecurity.

Read the article.

The state of modern American cybersecurity owes a curious debt to Hollywood. In an indirect but vital way, a pair of screenwriters and the blockbuster technothrillers they created influenced and guided top policymakers at crucial junctures in the development of today’s Information Age.

In 1980, Lawrence Lasker and Walter Parkes were working on a script about a teenage hacker who breaks into the North American Air Defense Command (NORAD) system and almost triggers World War Three. Worried that certain plot points seemed farfetched, they approached knowledgeable experts in the hopes of getting a better sense of how the real systems actually worked. They received a meeting with William Ware, a legendary figure in the field of computer security. Ware had helped design one of the first electrical computers and headed the Computer Science department at the RAND Corporation, a top Defense Department contractor. He was also an advisor to the National Security Agency (NSA), although the screenwriters did not know that—what they did know was that in 1967 Ware had authored a seminal paper on information security, Security and Privacy in Computer Systems.

Ware’s concern, in both 1967 and 1980, was that the habit of networking computers meant that the entire system was only ever as secure as the least secured part of the network. A breach to one part was a breach to the whole thing. Since classified military data was stored on the same network as unsecured and unclassified data, Ware knew that top government secrets were at risk of exposure to anyone with the ability to hack into the unsecured parts of the network.

Far from telling Lasker and Parkes that their scenario was fanciful, Ware reassured them that the risks they were dramatizing were very real.

Their movie WarGames hit theaters in summer 1983 and became a sensation. One of the first people to see the film was Ronald Reagan (a perk of being chief executive). As vividly recounted by Fred Kaplan in his book Dark Territory: The Secret History of Cyber War, Reagan was shaken by the film. A few days later, he attended a meeting with the Joint Chiefs of Staff; the secretaries of Defense, Treasury, and State; his own security staff; and top Congressional leaders ostensibly to discuss nuclear armaments… but Reagan sidetracked the meeting to recount the film in detail. This was an era in which it was still unusual for the Leader of the Free World to draw policy suggestions from movies and TV, and many of the important people gathered at this meeting struggled to avoid obviously rolling their eyes at Reagan’s fixation. Finally, the president called on General John Vessey, the chairman of the Joint Chiefs, to find out if something like what happened in the movie could happen in real life.

General Vessey was alarmed to discover it could, and that there were people inside the NSA who had been warning of this threat for some time. The makers of WarGames had given voice to these fears and gotten the attention of the President to do something about it.

The White House quickly drafted and published National Security Decision Directive Number 145 (“NSDD-145”), placing the NSA in charge of monitoring and securing the nation’s information technology systems. It was the first serious discussion of cybersecurity by top policymakers, but it was a short-lived endeavor. Civil libertarians in Congress objected that the NSA did not have the constitutional authority to spy on Americans and balked at any attempt to give the NSA this power through executive fiat. The directive was all but abandoned, and the subsequent Computer Security Act of 1987 gave the NSA control over military computers only.

Eight years later, Bill Clinton was now president, but the nation’s information system infrastructure was still largely unprotected and its security ignored by policymakers. Meanwhile, Rear Admiral Mike McConnell struggled to reform the moribund NSA. The agency was still mired in the Cold War, focused on monitoring analog radio signals from the Russians despite the fall of the USSR and the almost complete switchover to digital communications.

Then McConnell saw the movie Sneakers, in which Robert Redford plays a computer hacker recruited to steal critical security technology from the NSA. In much the same way that Reagan was transported by seeing WarGames a decade earlier, McConnell felt the movie was speaking directly to him. He told his staff to see the film and even obtained a print of it himself to screen personally to NSA top officials. McConnell considered Sneakers to be the NSA’s mission statement.

As it happened, Sneakers had also been written by the team of Lawrence Lasker and Walter Parkes, who had found themselves once again inspiring governmental officials.

McConnell created a new position, director of Information Warfare, based on the film. Soon, others in the defense sector also started speaking in language they had picked up from the movie.

They had not just taken up the movie’s way of speaking about “information warfare,” but also changed their way of thinking. The NSA had spent years passively listening to enemy communications. The idea of information warfare was to make that technology proactive—to penetrate enemy systems to distort, disable, and derail them.

The problem was that whatever we could do to them, they could do to us. In an age of physical threats, the United States enjoyed a certain inherent protection from its size and geography. If an enemy wanted to bomb us, it would first have to get the bomb to us; if it wanted to invade us, it would first have to get its army over here. In an era of cyber threats, however, one person with one computer sitting almost anywhere in the world could infiltrate and compromise critical computer systems. The greatest threats were no longer big and cumbersome, but invisible and ephemeral.

On July 15, 1996, President Clinton signed Executive Order 13010, establishing a blue-ribbon commission to study threats to the nation’s critical infrastructure from threats both physical (to tangible property) and cyber (from electronic, radio, or computer-based attacks on critical information or communication systems).

At last, the US government was preparing to take cybersecurity seriously, thanks to a couple of screenwriters who unwittingly rattled the right cages.

 

The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.