0

No matter we are talking about Information Security, or cyber security or IT security... I always hear first about "the moth" being the first security threat. But I don't believe it is when talking about cyber security.

I believe that the infamous MARK II moth is a computer related incident, and it is even a security incident which affected the integrity of the code MARK II was running. But I don't think we can consider this a "cyber" security menace.

I have also read (and I am more inclined toward this thought) that, in fact, the famous "blue boxes" might be the real first cyber security incidents.

Others think that the first cyber security incident was the first virus ever in ARPANET: "The Creeper", but I believe this is more a concept application than a real menace, so, here is my question,

Which event is consider the first cyber security incident? and,

Is there any other than, due to its importance or relevance could be considered than the first real one?

kiBytes
  • 3,450
  • 15
  • 26
  • The [Morris worm](http://en.wikipedia.org/wiki/Morris_worm)? – Xander May 14 '14 at 20:28
  • 1
    What do you mean with "cyber"? – TildalWave May 15 '14 at 01:00
  • The problem with this question is how do you define what was actually a "menace"? Early viruses and such were primarily "what can we do" type of things that progressively got more profit oriented as things moved in to wider use. Defining when that switch occurred from pranks and "can we do this" to "lets try to cause harm for fun or profit" is highly subjective at best. – AJ Henderson May 15 '14 at 13:37
  • bug != security threat – schroeder May 15 '14 at 17:40
  • Well I believe that with "cyber" I refer to any communication system using computers. – kiBytes May 16 '14 at 16:48
  • @schroeder that's true, the threat in Mark II was the possibility of a bug getting inside its inners =) – kiBytes May 16 '14 at 16:49

1 Answers1

2

It is difficult to define when the word "computer" started getting traction and it is more difficult for the concept of "computer security".

To my mind, the first incident in computer security is the process that sparked the invention of the modern computer. That was the work of Alan Turing on the machine that broke the enigma encryption.

The Enigma machine's use of a reliably small key space makes it vulnerable to brute force and thus a violation of CWE-326

While the Bombe was not a fully programable electronic computer (Colossus was the first), security was not an issue until the time-sharing paradigm has been introduced in the 60's. That's when authentication and authorisation were introduced because people would not respect their time slot and resources. The first international conference on computer security in London in 1971 was primarily driven by the time-sharing industry and its customers.

This is a timeline of meaningful computer security events.

Cristian Dobre
  • 9,797
  • 1
  • 30
  • 50
  • 1
    I am more interested in "cyber security" events and not just "computer security". Enigma was definitely related to a communication system but I believe if we allow this one to be a real cybersecurity threat we might consider old greeks or romans communications weaknesses. – kiBytes May 14 '14 at 19:36
  • 1
    @kiBytes In that case, you'll need to provide a clear definition for "cyber security". – Michael Hampton May 14 '14 at 23:15