The document that seems to get the honor on googling “the paper that started the study of computer security” is the Rand Report of 1970 by the Department of Defense. It was the final report of Task Force on Computer Security.
The paper was so important particularly to the US government’s Department of Defense mainly because of the problems of computer information or resource sharing systems such as interference and prohibited access to classified military information. Due to these problems inherent in the then existing computer systems, there was need for secure computer systems that would ensure that information used by the defense organs is not accessed by unauthorized individuals thus compromising national security. Moreover, according to Ware (1970), the then existing technology was unable to provide secure computer system in open environments where users work unprotected.
The report explored new areas in computer security such as full programming systems, multiprogramming, types of computer system vulnerabilities, areas of computer security protection and computer systems personnel. The paper recommended, among other things, user-authorized access to classified information, user authentication, designation and responsibility, inspections and tests on computer systems and systems certification. The paper, according to Ware (1970), would also facilitate handling of security issues in the open environment, improve how we understand failure risks, and improve the efficacy of computer security control systems. It thus explored new areas of threats to computer system security and security protection and was an attempt to define multiple mechanisms and controls required for the protection of multilevel computer systems.
The kind of insight that I get about the computing environment in the 1960s and 1970s from this paper is that computing during these periods was still rudimentary as compared to today. Moreover, it is evident that during these times, computer systems were vulnerable to attacks and security violations. Also, there was much unregulated and unrestricted access to computer systems information that posed security challenge to users and national department of defense.
References
Ware, W. H. (1970). Security controls for computer systems (U): Report of Defense Science Board Task Force on computer security. Washington, D.C.: The Rand Corporation. Retrieved July 1, 2016, from seclab.cs.ucdavis.edu/projects/history/seminoal.html
