In the mid-20th century, digital electronic computers became central to everyday business in a variety of industries, including insurance, banking, manufacturing, chemical processing, and many others. By the mid-1970s, however, these businesses were also realizing that the same machines that promised greater efficiency and accuracy were also sources of vulnerability. Concerns about computer-enabled crime grew rapidly in the mid-1970s, accompanied by the rise of a new field of electronic data processing audit and a new industry in computer and network security.
To date, we know relatively little about what has become a booming business in its own right—the cybersecurity industry. What little we do know tends to glamorize innovations in the field. For example, Stephen Levy’s Crypto provides a popular account of how civilian cryptographers developed the technology and industry that challenged the U.S. government’s monopoly on cryptography. Others suggest a race for innovation, such as the tagline: “Today’s innovations are tomorrow’s vulnerabilities.”
While computer and network security can be partially understood as a race for innovation in offense and defense, as attackers and defenders both develop new technologies and skills, this paper emphasizes a different race—that of maintenance and repair. Computer systems administrators have struggled to contain a never-ending flood of new vulnerabilities; “computer emergency response teams” have developed organizational protocols and procedures for classifying and communicating vulnerabilities to affected industries; and computer companies have developed continual patching capabilities. This paper will discuss the rise of practices for responding to and repairing computer technology as they emerged in the aftermath of the “internet worm” of the late 1980s, focusing in particular on the rise of computer emergency response teams and their integration into business communities through the 1990s.