AMAC Exclusive by Herald Boas
As the Colonial Pipeline hack vividly demonstrated earlier this month, the United States faces a major threat from cyberwarfare. But this is not the first time our country has faced a complex technological challenge that has required the combined effort of the best American minds to prevail. Indeed, the cybersecurity crisis of today is comparable to the cryptographic challenge Americans faced in World War Two—a story of stunning American achievements that are almost entirely forgotten today.
The top-secret activities of the British WWII codebreaking operation, known as “Ultra,” at Bletchley Park in England are now well-known and celebrated in books and war films. But few remember the story of Ultra’s U.S. counterpart, “Magic,” which broke the Japanese Naval Code at Arlington Hall outside Washington, D.C. in Virginia. Their breakthroughs proved pivotal to the Pacific war effort.
Arlington Hall was built in 1927 as a private girl’s school in suburban Washington, DC in Virginia. In June, 1942, the U.S. Army requisitioned the large school building and 100-acre surrounding property for military use, including some facilities for the Army Nurse Corps and most significantly, the location for the top-secret codebreaking cryptanalyst services of the Army Signal Corps. Now called Arlington Hall Station, the property had its own police and fire departments, and a small post hospital was established to serve those who worked there, many of whom were civilian women, as well as for General George Marshall and his staff headquartered at nearby Fort Myers.
Heading the Signal Corps’ codebreaking operation was Colonel William Friedman. Friedman and his wife Elizebeth were already cryptology legends. The Friedmans had met and worked together during WWI, married afterward, and become famous for helping law enforcement catch and prosecute criminals – William at the newly-created peace time Army Signal Corps; Elizebeth at a special Coast Guard unit. Then in 1940, William led the team that cracked the Japanese Purple (diplomatic) Code. A few months after war broke out in December 1941, the Signal Corps’ codebreaking operation, named “Magic,” was transferred to Arlington Hall and placed under the command of William Friedman.
During WWII, the Friedmans lived together in Washington, DC, but only William worked at Arlington Hall on Japanese codes. Elizabeth, assigned to the Coast Guard, worked with British cryptographers at Bletchley Park on their momentous work cracking the Nazi military code using the secretly captured German “Enigma” machine.
Although some today believe President Roosevelt knew about Pearl Harbor in advance because America had cracked the Purple Code, the U.S. military did not decipher the more important Japanese Naval Code until 1943 at Arlington Hall. So, it is unlikely Roosevelt was aware of the fleet on its way to Pearl Harbor. After 1943, Arlington Hall decoders were even busier night and day reading and translating much of Japan’s war communications. Among the recipients of Signal Corps secrets were officials of the new OSS, which would later become the modern-day CIA. In fact, under the command of Colonel Bill Donovan, the OSS reportedly had agents at Arlington Hall to coordinate their receipt of critical information.
The U.S. Signal Corps’ success in cracking the Japanese Naval Code through Magic was comparable to the British “Ultra” effort in cracking the Nazi Enigma code. The two allies soon shared their work, and by 1944, Allied forces were intercepting and reading most German and Japanese military communications.
The post hospital was run by a recently inducted physician who was too old to be sent to Europe, so he was assigned to Arlington Hall. Commissioned as an Army captain, a few weeks after arriving in summer, 1942, he received a phone call that General George Marshall himself would come to Arlington Hall the next morning to inspect the hospital. Exactly at the appointed hour, the military leader of all Allied forces in the Atlantic and Pacific campaigns showed up with an entourage and toured the facility with its visibly overwhelmed post captain. After the brief tour, General Marshall turned to the physician, and said, “Thank you, Major,” and pausing for a moment for the stunned physician to realize he had just been promoted, Marshall added, “Major, in this man’s Army, it’s not what you know, but who you know!” Not waiting for a response, Marshall then turned and left.
Over the next few years, military and civilian patients, including General Marshall and his wife, as well as Dwight Eisenhower, Jesse Owens, Signal Corps officers and decoders, Army nurses, soldiers of various ranks, and William Friedman made their way to the small post hospital at Arlington Hall. In early 1946, the hospital was closed, and the Major returned as a civilian to Pennsylvania where he practiced medicine for another 45 years, occasionally recalling wartime experiences to family and friends—including this author.
But Arlington Hall did not close. Today, it is the home of the George P. Shultz National Foreign Affairs Training Center and the Army National Guard Readiness Center.
George C. Marshall, who had been Army Chief of Staff under President Franklin Roosevelt and performed the miracle of building a multi-million-man Army in so short a time, and then ran the war from his headquarters in Virginia, received the highest rank and numerous postwar honors. He then served President Harry Truman first as U.S. mediator in a brewing civil war in China, then as Secretary of Defense, and finally as Secretary of State. His ideas to help war-ravaged nations, allies and former foes alike, became known as the Marshall Plan – for which he received the Nobel Peace Prize in 1953.
William Friedman remained at Arlington Hall, turning his codebreaking efforts from WWII to the Cold War. Friedman wrote some important papers on cryptanalysis, many of which are still in use today.
Elizebeth Smith Friedman also continued her work with Coast Guard, proving to be not only America’s first, but also greatest, woman cryptanalyst.
In view of today’s ominous challenges of military and criminal cyberwarfare, it is important to recall similar challenges nearly 80 years ago, when American leadership, brains, ingenuity, and determination faced even greater challenges – and with the help of a colorful group of brilliant and committed patriots, ultimately prevailed.
Your article is coming at the problem of cyber threats from the wrong perspective (Lets throw a big government approach, with massive amounts of government spending, at the problem. Staffed of course by a lot of academics and so-called government “experts” with little to no real world experience to address the problem via reports and white papers which do more harm than good.), based on a lack of understanding of why the situation at Colonial Pipeline and other companies and institutions (like schools and state and local government facilities) likely occurred.
Here’s the reality behind most computer security breaches that are occurring in the United States today from someone who used to work in the software industry: It is not the lack of proficiency by most IT personnel in most U.S. companies to address such problems and in most cases even implement the necessary safeguards to prevent the kind of incursion experienced by Colonial Pipeline. It is the lack of priority and resources assigned by most corporate management to the issue. If you ask most corporate CEOs and CFO’s to name their top 5 or top 10 priorities related to their technology infrastructure, hardening their computer infrastructure against a sophisticated cyber attack is almost never on the list. Most CEOs and CFOs think making sure anti-virus is regularly updated magically prevents all issues related to their computer infrastructure. They shy away from anything more since it doesn’t immediately add to the bottom line. Which involves the metrics they are judged on for their annual compensation packages (salary, bonuses and stock options).
Corporate CIOs all understand the threats involves, as do their staffs, but outside of industries like finance, pharma, defense aerospace and a few others, most CIOs in other industries don’t really have a major voice in deciding where capital gets budgeted to enhance their computer infrastructure to withstand cyber threats that will continue to evolve over time. It isn’t a lack of understanding of the threat. It isn’t a lack of means to address the threat. It is an unwillingness of many in corporate management to adequately prioritize the problem to safeguard against it, because at the end of the day it is cheaper to pay a ransom, which the companies have insurance for, than to devote corporate time and financial resources to a problem that might not occur on their watch. Simple benefit / risk analysis from their perspective. Their downside to doing nothing is less than the upside of continuing business as usual.
By the way, local, state and some government agencies also work on this same model. Telling the voters that x millions of dollars would have to be spent to re-configure and augment their existing computer systems to safeguard against the growing sophistication of cyber attacks that may never come isn’t a conversion many are willing to have.
The problem could of course be fixed through intelligent regulations (I know that’s a real hard ask from a technologically ignorant Congress that is so in the pocket of certain big tech corporations) and minimum computer security standards making the senior management of companies and government entities personally accountable in either a criminal or civil manner. However, until you change the risk / benefit analysis for senior management, nothing will substantially change. Nothing changes the priorities of any corporation or government body like the prospect of the top tier facing real jail time or financial penalties that hit the execs themselves. However short of that, this issue will continue to be a growing problem.
So once again, AMAC decides to censor a comment that does not agree with their views. I thought the purpose of your organization was to help educate people on the issues. Not to simply push your narrative, even when they incorrect. I guess I was wrong. Bye-bye AMAC
Didnt both code groups use Colussus the first computer to break codes then?
A great American and allied story, one that should never be forgotten, particularly as we move into an increasingly technological era. The modern problem is that some of our best minds are working for the other team.
How about a story about how we got out the 38 miners trapped waay under ground. Maybe 8 years ago
Thanks for history lesson . Hope that government is jumping all over these cyber attacks. Have not heard much of SPACE FORCE that Trump created, but should not this group be involved. Also, if ransomware is being paid thru Bitcoin — then how is this crytocurrency trend good for world.
I hope USA has some of the best computer people in the world & can design software to stop cyber attakcs/ransomware. I worry that the two ransomwares in 3-weeks are a test of US government and Biden administration & that more will come if not stopped.