ARPANET - Problem and Solution - The Rand Report R-609

ARPANET (Advance Research Project Agency Network)

• In 1973, Robert M. “Bob” Metcalfe, who is credited with the development of Ethernet, one of the most popular networking protocol, identified fundamental problems with ARPANET security.
• Individual remote sites did not have sufficient controls and safeguards to protect data from unauthorized remote users;
•  Other problems abounded:

• Vulnerability of password structure and formats;
• Lack of safety procedures for dial-up connections; and
• Non existent user identification and authorization to the system

• Phone numbers were widely distributed and openly publicized on the walls of phone booths, giving hackers easy access to APRANET.
• Because of the range and frequency of computer security violations and the explosion in the numbers of hosts and users on ARPANET, network security was referred to as network insecurity. 

The Rand Report R-609

• In 1967, the ARPA formed a task force to study the process of securing classified information systems.

• The Task Force met regularly to formulate recommendations, which ultimately became the contents of the Rand Report R-609

• Rand Report R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security.

• It noted that the wide utilization of networking components in information systems in the military introduced security risks that could not be mitigated by routine practices then used to secure these systems.

 

• This paper signaled a pivotal moment In computer security history – when the scope of computer security expanded significantly from the safety of physical locations and hardware to include the following:

o   Securing the data

o   Limiting the random and unauthorized access to the data

o   Involving personnel from multiple levels of the organizations in matters pertaining to information security