24 February 2016

The Influence of the Movie “War Games” On Today’s Cyberwar Policy

Fred Kaplan
February 21, 2016

‘WarGames’ and Cybersecurity’s Debt to a Hollywood Hack

From left, Dabney Coleman, Matthew Broderick and Ally Sheedy in “WarGames” (1983). The film led to the nation’s first directive about computer security. CreditMGM

Movies rarely influence public policy, but Washington’s policies on cyberattacks, computer surveillance and the possibility of cyberwarfare were directly influenced by the 1983 box-office hit “WarGames.”

The film — starring Matthew Broderick as a tech-whiz teenager who unwittingly hacks into the computer of the North American Aerospace Defense Command (NORAD) and nearly sets off World War III — opened nationwide that June 3. The next night, President Ronald Reagan watched it at Camp David. And that is where this strange story — culled from interviews with participants and Reagan Library documents — begins.

The following Wednesday, back in the White House, Reagan met with his national-security advisers and 16 members of Congress to discuss forthcoming nuclear arms talks with the Russians. But he still seemed focused on the movie.


At one point, he put down his index cards and asked if anyone else had seen it. No one had, so he described the plot in detail. Some of the lawmakers looked around the room with suppressed smiles or raised eyebrows. Three months earlier, Reagan had delivered his “Star Wars” speech, imploring scientists to build laser weapons that could shoot down Soviet missiles in outer space. The idea was widely dismissed as nutty. What was the old man up to now?

After finishing his synopsis, Reagan turned to Gen. John W. Vessey Jr., the chairman of the Joint Chiefs of Staff, and asked: “Could something like this really happen?” Could someone break into our most sensitive computers? General Vessey said he would look into it.

One week later, the general returned to the White House with his answer. “WarGames,” it turned out, wasn’t far-fetched. “Mr. president,” he said, “the problem is much worse than you think.”

Reagan’s question set off a series of interagency memos and studies that culminated, 15 months later, in his signing a classified national security decision directive, NSDD-145, titled “National Policy on Telecommunications and Automated Information Systems Security.”

The first laptop computers had barely hit the market; public Internet providers wouldn’t exist for another few years. Yet NSDD-145 warned that these new machines — which government agencies and high-tech industries had started buying at a rapid clip — were “highly susceptible to interception.” Hostile foreign powers were “extensively” hacking into them already; “terrorist groups and criminal elements” had the ability to do so, too.

General Vessey could answer the president’s question so promptly — and national-security aides could compose NSDD-145 in such detailed language — because, deep within the bureaucracy, a small group of scientists and spies had been concerned about this looming threat for more than a decade.

In the 1960s, the Defense Department’s Advanced Research Projects Agency undertook a program called the ARPAnet. The idea, a precursor to the Internet, was to let Pentagon labs and contractors share data and research on the same network.

Just before the program’s rollout, in April 1967, an engineer named Willis Ware wrote a paper called “Security and Privacy in Computer Systems.” A computer pioneer dating back to the ’40s, Mr. Ware headed the computer science department at the RAND Corporation, the think tank in Santa Monica, Calif.

In his paper, he lauded the goals of the ARPAnet but explained some risks of what he called “on-line” networks. As long as computers sat in isolated chambers, security wasn’t a problem. But once multiple users could gain access to data from unprotected locations, anyone with certain skills could hack into the network — and, once inside, roam at will, pilfering unclassified and secret files alike. Mr. Ware’s warnings went unheeded for decades, though he remained a frequent consultant. (He died in 2013, at the age of 93.)

In 1980, Lawrence Lasker and Walter Parkes, former Yale classmates in their late 20s, were writing the screenplay for “WarGames.” (It would be nominated for an Oscar but would lose to Horton Foote’s “Tender Mercies.”) A hacker friend had told them about “demon-dialing,” in which a telephone modem searched for other modems by automatically dialing each phone number in an area code and letting it ring twice before proceeding to the next number. If a modem answered, it would squawk; the demon-dialing software would record the number, so the hacker could call back later. In their screenplay, this was how their hero broke into NORAD. But they wondered if this was plausible: Didn’t the military close off its computers to public telephone lines?

Mr. Lasker lived in Santa Monica, a few blocks from RAND. Figuring someone there might be helpful, he called the public affairs office, which put him in touch with Mr. Ware, who invited the pair to his office.

They’d come to the right man. Not only had he long known about the vulnerability of computer networks, but he’d also helped design the software for the real NORAD computer. And Mr. Ware proved remarkably open, even friendly. Listening to the writers’ questions, he waved off their worries. Yes, he told them, the computer was supposed to be closed, but some officers wanted to work from home on weekends, so they’d leave a port open. Anyone could get in, if the right number was dialed.

“The only computer that’s completely secure,” Mr. Ware told them with a mischievous smile, “is a computer that no one can use.”

Ware gave the writers the confidence to go ahead with their project. It’s fitting that the scenario of “WarGames” — which aroused Reagan’s curiosity and led to the first national policy on reducing the vulnerability of computers — owed a crucial debt to the man who’d first warned that they were vulnerable.

Meanwhile, Reagan’s directive hit a roadblock. It put the National Security Agency in charge of securing all of the nation’s computer servers and networks — government, business and personal. The agency had been established in 1952 to intercept foreign communications; it was expressly barred from spying on Americans. Representative Jack Brooks, a Texas Democrat and a fiery civil-liberties advocate, wasn’t about to let a classified presidential decree blur the distinction. He sponsored and got passed a law overriding that directive.

The main author of Reagan’s NSDD-145 was Donald Latham, the Pentagon’s liaison to the National Security Agency — and a former N.S.A. analyst himself. General Vessey had assigned him to answer Reagan’s question on “WarGames” (Could something like this really happen?). Mr. Latham answered as he did (The situation is much worse than you think.) because he knew that the N.S.A. had long been hacking into the communications systems of the Soviet Union and China — and what we were doing to them, they could someday do to us.

Mr. Ware had been among the first to draw this conclusion. Mr. Latham knew about it early on because the two were longtime friends, Mr. Ware having served on the N.S.A.’s scientific advisory board. The N.S.A. was the most secretive branch of the American intelligence community. Reagan’s screening of “WarGames” brought Mr. Ware’s concerns into high policy-making circles for the first time. And it sparked the first public controversy over the tensions between security and privacy on the Internet, as well as the first public power struggle about the subject between the N.S.A. and Congress — a debate and a struggle that persist today.

Fred Kaplan is the author of “Dark Territory: The Secret History of Cyber War,” due out March 1.

No comments: