Cyberwar timeline
Tracing the history of cyberespionage and cyberwarfare from the invention of the Internet up to the targeted attacks on US banks by an Islamic hacktivist group.
[Editor's note: Story updated on Jan. 8, 2012]
1973 – Defense Advanced Research Projects Agency (DARPA) initiates research program to investigate technologies for linking computer networks.
1982 – Vinton Cerf, later dubbed the "Father of the Internet," leaves DARPA for an executive post with telecom company MCI as the Internet becomes commercialized.
1984 – William Gibson, science fiction author of "Neuromancer," coins term "cyberspace."
1994 – Prof. James Der Derian coins term "cyber deterrence" in Wired Magazine.
1997 – US holds cyberwar game dubbed "Eligible Receiver," featuring National Security Agency personnel as "North Korean" hackers.Target was the US Pacific Command. Team representing US is reported to fare poorly.
February 1998 – Solar Sunrise is an operational name given to a series of incursions into US Department of Defense computer networks. The attacks, which pilfer sensitive data across 500 systems, appear to come from servers around the world. Later it's discovered that three California teenagers were behind the breaches.
1998 – CIA Director George Tenet gives speech on "information security risks" and, for the first time, a US spy chief refers publicly to the threat of "cyberattack."
1998 – US military coordinates cyberdefense efforts under a Joint Task Force – Computer Network Defense.
2003 – Department of Homeland Security (DHS) consolidates several cyberdefense offices into a new National CyberSecurity Division (NCSD), intended to protect government computer systems from Internet-based attacks.
2006 – Air Force announces plans to create a Cyber Command to handle cyberwarfare and network defense.
March 2007 – Idaho National Laboratories secretly conducts the "Aurora Generator Test," which shows that a cyberattack on an industrial-control system can damage a machine. In this case it causes a large diesel generator to shudder, hurl shards of metal, and emit smoke before dying altogether. Video of the demonstration is leaked to the press and reported in Sept. 2007.
April-May 2007 – Cyberwarriors block the websites of the Estonian government and clog the country's Internet network. The attacks disrupt the use of websites for 22 days.
January 2008 – Senior CIA analyst Tom Donahue, speaking at a conference, publicly acknowledges that attackers have targeted power-grid computers worldwide, causing at least one widespread electrical outage.
March 2008 – The Pentagon reveals that, in 2007, computer networks operated by DOD, other federal agencies, and defense-related think tanks and contractors were targets of computer network intrusions. Although those responsible were not definitively identified, cyber security experts suspect the attacks originated in China.
August 2008 – Russian forces invade Georgia, preceded by cyberattacks on Georgian government and business websites and network infrastructure, disabling the country's Web-based communication with the outside world.
November 2008 – Unknown foreign intruders use "thumb drives," portable memory sticks, to infect DOD networks – resulting in what one Pentagon official would later call the "most significant breach of US military computers ever."
December 2008 – Joel Brenner, national counterintelligence executive, calls China's cyber militia formidable. He says the Chinese operate both through government agencies and sponsoring organizations, which mount attacks on the US in "volumes that are just staggering."
2009 – President Obama announces creation of a Cyber-security Coordinator under the National Security Council and the National Economic Council responsible for implementing cybersecurity policies and strategy.
March 2009 – Based on an eight-month investigation, Canadian university researchers report that cyberspies penetrated computer systems in India, using social networks to install botnets.
October 2009 – Janet Napolitano, DHS Secretary, opens new National Cybersecurity and Communications Integration Center (NCCIC), a 24-hour "watch and warn" center.
January 2010 – Google reports it and dozens of other technology companies – most in Silicon Valley, Calif. – had their computer networks infiltrated by hackers it says it traced to China.
January 2010 – The Monitor uncovers evidence of cyber espionage attacks in 2008 and 2009 on at least three large US oil companies, which included the theft of proprietary "bid data" for energy discoveries worldwide. A Chinese connection is suspected by some at the companies.
January 2010 – A California-based company files a $2.2 billion suit alleging that two Chinese companies stole software code and then distributed it to tens of millions of end users in China.
May 2010 – US Cyber Command, operating under the US Strategic Command and integrating existing cyber units,begins operation. It is headed by Lt. Gen. Keith Alexander, who also heads the National Security Agency.
2010 – Richard Clarke, former counterterrorism director for Presidents Bill Clinton and George W. Bush, publishes the book "Cyber War!" He warns of the possibility of an "electronic Pearl Harbor" – a cyberattack that could induce power blackouts, refinery explosions, subway crashes, and other disasters in 150 cities across the US.
June 2010 – Stuxnet, a new type of malicious software, is identified by a Belarus antivirus company.
August 2010 – The Pentagon formally recognizes cyberspace as a "new domain of warfare."
September 2010 – German researcher Ralph Langner and other sources confirm Stuxnet to be the world's first publicly verified military-grade cyber weapon capable of destroying machinery and a major new proliferation threat, a finding first published by The Monitor. Mr. Langner and others' analyses also show the computer worm was likely targeting Iranian nuclear facilities at Bushehr and Natanz.
September 2010 – A Pentagon official calls for the US and Europe to cooperate on a NATO cybershield modeled after a nuclear missile shield NATO is developing.
November 2010 – Britain' announces it will devote $1 billion to building new cyber defenses.
December 2010 – The Cyber Conflict Studies Association in Washington reports that more than 100 counties now have cyber conflict capabilities.
December 2010 – Iran's covert uranium enrichment plant at Natanz may have lost 1,000 centrifuges due to damage caused by the Stuxnet cyber weapon, according to a report by the Institute for Science and International Security.
December 2010 – Group calling itself "Anonymous" launches cyberattacks on Mastercard, Paypal, and other sites ostensibly in support of arrested Wikileaks founder Julian Assange.
December 2010 – Germany's Interior Ministry announces it will set up a national cyber defense center.
January 2011 – Estonia unveils plans to create a cybermilitia called the "Cyber Defense League," a group of volunteer scientists and others that in wartime would operate under military command.
September 2011 – Malware afflicted computer networks at Creech Air Force Base in Nevada, after a computer virus introduced it onto ground control stations for US Air Force drones. No drones were lost or data stolen, but the malware took several attempts to remove. Perpetrator: unknown.
December 2011 – Hackers penetrated the US Chamber of Commerce networks for more than a year, gaining access to member company communication and industry positions on US trade policy. Perpetrator: Press reports linked the hackers to China’s People’s Liberation Army
March 2012 – The US Department of Homeland Security alerted operators of gas pipelines about a cyberintrusion campaign. Perpetrator: an unknown single source.
March 2012 – Thirteen advanced attacks penetrated NASA computers in 2011, the space agency reported. In one, intruders stole user credentials that would allow unauthorized access to NASA systems. Perpetrator: Some attacks came from computers in China.
June 2012 – A phishing campaign targeted aerospace industry experts attending the annual conference of the Institute of Electrical and Electronics Engineers. Perpetrator: unknown.
July 2012 – Cyberbreaches at infrastructure companies jumped 17-fold between 2009 and 2011, the director of the National Security Agency reported.
September 2012 – Nine US banks were the targets of a distributed denial of service attack that blocked customer access to bank websites for about three weeks. A similar attack on five of the banks took place in December. Perpetrator: an Islamic hacktivist group allied to the military wing of Hamas.
Sources: National Research Council, General Accounting Office, Cyber Conflict Studies Association, Strategic StudiesQuarterly, Center for Strategic and International Studies, and Monitor reporting