restricted access Notes on the Evolution of Computer Security Policy in the US Government, 1965–2003

The United States government and military helped lead the information technology revolution and were among the first to warn of its consequent dangers to privacy and national security. This article discusses White House, congressional, and high-level US Department of Defense (DoD) policy documents that illustrate the direction and pace of Washington’s recognition of potential foreign threats to US government information systems and the government’s policy-level response. The documents show a progression from recognition of the security problem--particularly for the DoD--to the assignment of responsibilities and creation of capabilities for the “cyber domain.” While the documents herein hardly comprise a representative sampling of cyber policy pronouncements since the 1960s, they suggest that the values of privacy and innovation stressed by the earliest legislative approaches to the problem had the lingering, unintended consequence of complicating the improvement of security. Indeed, the US government might have missed an opportunity in the 1980s to advance federal computer security policy.