The Roots of the United States’ Cyber (In)Security*

Abstract

Three months after Hillary Clinton’s surprise defeat in the 2016 election, the Office of the Director of National Intelligence released a report concluding Russia’s President Putin had ordered the theft of data from the Democratic National Committee and Clinton campaign to mount an online influence campaign aimed at harming her electability and potential presidency. In response to this foreign intervention in the U.S. electoral process, members of Congress called for the formation of a bipartisan select committee to devise solutions to deter and defend against further cyberattacks. But this was not the first time a call had been raised to improve the security of America’s computer networks, and based upon the nation’s poor grasp of its own cyber history, will not the be the last. This paper explores the debates that surrounded the introduction of NSDD 145, the United States’ first cyber security directive, in 1984. The order, which sought to place the NSA at the heart of protecting America’s burgeoning computer networks in both the government and private sector from foreign penetration, became a lightning rod for dissent among Congress, private sector businesses, academics, and privacy campaigners alike. By exploring the motives of the directive’s architect, the cases put forward by its opponents, and the reasons for its eventual repudiation, this paper provides a better understanding of the enduring reasons behind America’s cyber insecurity. In doing so, it ensures historians are better informed in their efforts to place the current sense of vulnerability into a wider context, and that contemporary policymakers are better placed to approach the issue.