A dialogue between Michael Warner (Historian, United States Cyber Command) and Tony Rutkowski (Cybersecurity engineer, lawyer and historian)

Michael is chairing a cyber history panel at the October biennial Symposium on Cryptologic History hosted by the National Security Agency; his panel will include discussion of the almost unknown key role of cryptologist Ruth Nelsonz leading a team in the 1980s in a major initiative to secure public internet infrastructure.

I was actually a communications engineer in the Firing Room for the Apollo 11 launch almost 50 years ago now – who even took a selfie on the way to work for that day. (Tony Rutkowski) TR: Like the ongoing efforts for Apollo 11, we need to capture and tell the history of what was effectively “The U.S. Cyber Moonshot.” As fate has it, that history threads through much of my diverse career. I was actually a communications engineer in the Firing Room for the Apollo 11 launch almost 50 years ago now—who even took a selfie on the way to work for that day. My job included ensuring the resiliency and security of communication systems for the launch, and I subsequently went to work for the Federal Communications Commission in Washington where my varied positions included similar functions for the nation’s infrastructure.

It is not well known, but seven years later in 1976, Hal Folts as head of the technical branch at the little-known DOD agency NCS, generated a memo that launched the U.S. secure/resilient internet initiative. The National Communications System had the responsibility for Executive Branch communications during exceptional emergencies known as NS/EP, and my FCC role included liaison with them. The initiative in turn led to the development of the Secure Data Network System (SDNS) by NSA and contractors in which Ruth Nelson played a leading role.

My career ironically had come to thread through parts of ensuing Cyber Moonshot developments. Massive resources among multiple government agencies were committed to bringing about this “Cyber Moonshot.” A number of unfortunate developments in the early 90s resulted in the government withdrawing support and resources. However, rather like the actual “Moonshot,” the technologies found their way into countless products and services today to make them more secure.

MW: Sounds like a good idea. I’d like to see the article.

TR: I am working to get additional documents available through the National Cryptologic Museum library. There are a number in the public domain via the National Computer Security Conference proceedings in the late 80s and a few research compilations. The specifications were also introduced into the NIST GOSIP specs and then into CCITT/ISO standards internationally. One of the contractor participants has a few on his personal website.

The former leaders of the NSA Information Assurance Directorate, Tony Sager and Curt Dukes, who now work at the Center for Internet Security have tried to reach out to other retired colleagues who were part of the SDNS program. However, people are disappearing. Additionally, the entire history was largely lost in the 1990s when the TCP/IP internet folks who prevailed in the marketplace borrowed much of the work without crediting the origins. Ruth Nelson’s case is particularly interesting because after leading the SDNS effort and then writing for a while, she retired outside of Boston and became a local artist.

The history would also be a great adjunct to the new National Cryptologic Museum, as the public and most academics, and even today’s government staff have no idea this seminal “cyber-shot” project ever occurred. For example, NIST recently produced an IPsec specification for comment without ever mentioning that IPsec was developed by through the SDNS project, published as the SP-3 standard, inserted into the NIST’s on GOSIP standard in 1989 and then further in CCITT/ISO in 1994 where it all still exists today.

MW: Help me set my thinking on this. It was basically a “moon shot” to create a secure and defendable new “Internet” that got underway just before the TCP/IP steamroller went global and crushed all competitors?

Steve Lukasik giving his famous 2008 Congressional testimony.TR: The history is far more extensive—which is part of the problem.

In 1976, host-to-host datagram network technology began emerging across multiple research initiatives, including especially France’s CYCLADES internet at INRIA, and was moving into international standards bodies where it was referred to as the OSI connectionless datagram mode. Hal Folts, who was running the technology standards shop at NCS in his Pentagon bunker, publicly declared that U.S. national defense policy rested on developing and securing that OSI technology. What complicates the matter is that DARPA operating on its own had a skunkworks network among its academic researchers for a similar technology that became subsequently known as TCP/IP and then years later called “internet.” Both platforms were similar internets, and ideas were borrowed continuously among the groups. Even the World Wide Web had its origins in the OSI work.

DOD began spending millions in making the OSI internet happen and engaging U.S. industry who joined the effort to make it secure and resilient for public infrastructure. Hal himself was so committed that he left the government and started up a consortium to further evangelize the effort. Rather considerable resources were expended during the 1980s to put all the technical standards in place internationally, and domestic standards via the GOSIP profiles.

On the legal and strategic international side, a new related treaty conference was convened in 1988 to bless all of this, including the SDNS security platform, and it was written into the World Trade Organization GATS agreement. My career on the legal side encompassed that effort as I moved to Geneva in a senior ITU position to facilitate all of that technologically and legally. Even the KGB bought into the resulting treaty despite the Morris Worm incident that occurred in 1988 during negotiations. SDNS was the perfectly timed Cyber-moonshot.

Vendors all had products in play. ATT invested millions into winning the 1992 InterNIC award and the rights to run the national OSI X.500 registry. VeriSign was created to offer X.509 PKI certificates for secure email and communications. Microsoft was writing the OSI specifications into its Office platforms. At the 1992 DARPA Internet Architecture Board meeting in Kobe, a decision was taken that the TCP/IP based academic NREN as it was known then, would move from IPv4 to OSI’s CLNP and begin implementing that protocol in all the routers which at the time were dual routing.

It never happened. Al Gore moved into the White House with Clinton and wanted TCP/IP which he helped fund in 1986 with $2.5 billion to impede a perceived French technological/market advantage at the time, and almost immediately put an end to all U.S. commitments and funding to OSI. TCP/IP—which had been pursued in an independent DARPA and NSF universe at the time to foster academic collaboration—was evangelized as the world’s Information Highway, with the associated Internet Economy providing an endless cornucopia of goodness, along with regime changes throughout the world. All the companies who had favored TCP/IP hit a bonanza and put millions into lobbying Washington, and in public media efforts to further TCP/IP. I know, because I ended up working for several of them in senior positions.

Press Winter at NSA together with Steve Lukasik who had run DARPA during some of its most important years in the 60s and 70s, including authorization of TCP/IP development, and moved to SAIC in the 1990s, basically said “oh shit” and embarked on a number of mitigating initiatives together. Putin likely said, “oh goody” and turned on his intelligence agencies.

As the TCP/IP platform began to go to hell because it had zero identity management or security as a public infrastructure, some of the SDNS platforms began to be resurrected and rolled out as proprietary products and slipped into the IETF TCP/IP standards without saying much about where they came from. With the critical X.509 standard, it was just copied to create a new profile. Other SDNS pieces found their way into other network platforms.

However, the intent is to keep the narrative positive to show how the government’s SDNS initiative within the GOSIP effort, represented a Cyber Moonshot that was years ahead of its time, and constitutes a compelling history should be captured and made available so that it does justice the millions spent and the many people who dedicated their lives and careers.

MW: Is it your contention that SDNS would have been more secure? I know that by 1996 even D/DISA was waving the white flag. He claimed at Harvard he was running his Agency via email [i.e., TCP/IP] and getting 150 emails a day [!], while he got only 3 messages per day on AUTODIN [despite AUTODIN costing millions and employing 15k people].

TR: That is a no-brainer. The NREN TCP/IP platform had zero security “as public infrastructure.” I add that caveat because being both, part of the NSF InterNIC oversight committee, as well as Sprint’s network technology director after getting hired by them in 1992, I can attest that the government had complete insight over the entire TCP/IP internet infrastructure until 1994. It had instituted multiple controls and created new monitoring capabilities to basically know every end point, what/who was there, where it was, and what traffic what going there. SDNS and the OSI internet had some of the same capabilities.

Those capabilities disappeared almost overnight in 1994 and all hell broke loose. At the time, Sprint was pursuing all sides of the market: it had the FTS 2000 contract to supply services to half the USG agencies, operated both platforms, and provided services directly to the public and the underlying infrastructure of other providers, e.g., AOL. It did this not only domestically, but internationally via enormous investments in undersea fiber that was largely unlit, and still operating the largest global X.25 infrastructure out of the Reston NOC. Sprint even had a major USG contract to connect up the TCP/IP networks throughout the world and help them run them and ensure security.

So like D/DISA, the White House and a lot of other agencies were willing to ditch all security/identity management for the convenience, speed, cheapness, and reachability of the TCP/IP platform—drinking what became the Washington political Kool-Aid. The TCP/IP platform was pure madness in the public infrastructure because it rested on the naïve belief that everyone would produce perfect code and that no one would exploit network vulnerabilities, and endless innovation for the benefit of humankind would occur. Although the TCP/IP platform did facilitate information access worldwide and speed some innovation, the darker reality was that criminals, anarchists, societal misfits, terrorists, and foreign intelligence agencies also became a highly motivated community of innovators, while most companies exploited the platform to fatten up stock prices. Without government oversight or regulation that was eliminated in the 1990s, it was a new global gold rush. I know, because I helped sell it to them—much to my regret. Washington is still drinking the TCP/IP internet KoolAid, even as 5G is ramping up exponentially worldwide to succeed it as potentially a safer infrastructure.

Lukasik ranks this transition to TCP/IP as the worst national security network technology decision ever made and spent the rest of his productive years between 1996 and 2012 doing incredibly prophetic analysis and threat reports for multiple parties including the late Andy Marshall at DOD’s Office of Net Assessment and John Poindexter at NSA. His 2008 Defense Threat Reduction Agency report described in amazing detail Russia’s election “mass effect” techniques used against the U.S. several years later and proposed mitigations that were never acted on. Some of this work was done in collaboration with another leader in the cybersecurity strategy field at Stanford and Georgia Tech—Sy Goodman.

The unfortunate withdrawal of support for the Cyber Moonshot initiative and transition to TCP/IP for public infrastructure in the mid-1990s combined with eliminating all the international technical and legal solutions had significant adverse collateral effects. The potential devastating attack scenarios by adversaries created a need for cyberwar capabilities as a non-kinetic retaliatory option. In both the legal and technical domains, it also created a need for new domestic and international law and network capabilities that included lawful interception, data retention, and extraterritorial forensics acquisition. Along with disrupted markets came disrupted societies and an unstable world.

Lukasik also testified before a closed Congressional committee meeting in Feb 2008 where he revealed that he so distrusted the DARPA TCP/IP researchers that he secretly had NSA do bit-level encryption on all the links they used and never told them. Lukasik is arguably the greatest national security scientist the U.S. has ever produced—and his Wikipedia page attempts to capture the breadth of his work.

There was also a kind of second, less well-known Cyber Security Moonshot that emerged about twenty years ago which was undertaken through the legendary leaders at NSA’s Information Assurance Directorate—Tony Sager and Curt Dukes. As NSA sought to help government agencies cope with the fundamentally insecure TCP/IP world, they developed and nurtured almost every relevant cyber defense platform of any value today. One of the more important—generally known as the 20 Controls—lives on with them at the Center for Internet Security and is being used worldwide.

Hal Folts, who initiated so much activity through his 1976 NCS memo, came back into the government for a few years in the 1990s and then left to successfully sell real estate in suburban Virginia.