Andrew J. Stewart’s A Vulnerable System: The History of Information Security in the Computer Age is a comprehensive review of the evolution of information security within the overall context of the remarkable level of information technological advancement in the twentieth century. Using carefully researched sources combined with an insightful analysis, Stewart takes readers on a journey through the history of safeguarding digital systems.
The book identifies the essence of vulnerability that has been inherent in computer systems since their inception. Stewart details the core challenges faced by early computer pioneers and the subsequent development of security measures as a response to emerging threats. His representation of the dynamic interplay between inexorable technological progress and the need for improvements to the protective measures needed by various constituencies is thought-provoking.
One of the book’s strengths lies in Stewart’s ability to present complex technical concepts in a digestible manner, making it accessible to both experts in the field of information security and readers with a general interest in technology history. His deep understanding of the subject matter is evident as he skillfully weaves together historical anecdotes, case studies, and technological breakthroughs, creating a rich tapestry that illustrates the evolution of information security. The most useful of Stewart’s insights is the framing of the whole work using his “three stigmata.” Placed front and center in the book’s introduction, these stigmata, or marks of past trauma, are then used throughout the work to frame the discussion and allow for retrospective analysis of where information security came from—and, perhaps, where it is going.
In his own words, Stewart sums up the stigmata as “data breaches, the use of computer hacking by nation states, and epistemic closure.” These stigmata are the visible marks signaling that our current approach is not confronting the causes of information security failure. Rather, the continued existence of these indicators reminds us the underlying causes of information security failures remain unaddressed. The remainder of the book, following the introduction, attempts to define and describe the causes rather than the symptoms.
Stewart offers a balanced presentation that catalogues the challenges and controversies that have marked the history of information security. He takes on the instances of failures and breaches from the past, shedding light on the vulnerabilities that persist into the present despite advancements to both information technology and related security technologies in widespread use. By doing so, he underscores the ongoing importance of staying vigilant in the era of an ever-changing technology landscape.
Starting with the embryonic stages of computer systems in the mid-twentieth century, Stewart reviews the inception of early encryption techniques and the motivations behind their development. The author’s decision to commence his narrative from this period is astute, offering readers insight into a nascent field when foundational concepts and practices were first being established and the mature use of manual systems of cryptography faced the challenges of automation.
Transitioning into the latter half of the twentieth century, the book delves into the rapid growth of computer networks and the resultant emergence of new security threats. Stewart elucidates how the growth of the internet and personal computing in the 1980s and ’90s not only revolutionized the way society communicated but also exponentially expanded the potential for security breaches. The narrative is particularly effective in highlighting the cat-and-mouse dynamic between hackers and security experts, which remains a defining characteristic of the field.
Of interest to me were the revelations from the histories of the individuals who created some of the tools and techniques I have used in teaching security courses for many years now. For example, the development and evolution of MULTICS in the 1970s seems much more approachable to me now having read about the theoretical basis of the project and the personalities involved in the project. Likewise, learning the backstory of the ARPANET and the early internet confirmed for me that the way we have been describing how security was built into the early versions of the internet was just as sketchy as we had been teaching.
A notable aspect of Stewart’s work is his use of an engaging narrative style. While he does not shy away from detailing the shortcomings and missteps in information security’s historical journey, he equally recognizes the achievements and strides made by professionals in the field. However, some readers might yearn for more emphasis on the human stories behind the innovations. While the book is replete with technical developments, policies, and milestones, more personal anecdotes or deeper profiles of key figures might have added depth to the narrative. Moreover, given the expansive history covered, certain segments might seem cursory to those well versed in specific facets of information security.
A Vulnerable System is useful as a resource for anyone interested in understanding the relationships between human lived experience, information technology, and the increasing need for information security in today’s world. Stewart’s narrative approach to telling the story of the history of information security, coupled with his thorough research, makes this book a valuable resource for researchers, practitioners, and students alike. It serves as a reminder that while technology has made irrefutable progress, the need for improvements to information security measures remains as vital as ever.
To conclude, Andrew J. Stewart’s A Vulnerable System: The History of Information Security in the Computer Age is an informative and methodical account of the trajectory of information security. It serves as an essential read for those keen on understanding the multifaceted challenges of safeguarding digital information in an increasingly interconnected world. While it might benefit from a touch more personal storytelling, the book stands as a testament to rigorous research and a clear, insightful narrative style.