Cyber security 99 years ago

Last Updated: 16 Feb 2017
This captured WWI codebook illustrates an issue that we still face today

Ciaran Martin, CEO of the National Cyber Security Centre, said on BBC Radio 4 on 14 February 2017 that current practice in password management was like asking everybody to learn a new 600 digit number every month. Most people cannot remember their passwords so write them down. During the First World War, the German Army on the Western Front had a similar problem, as this captured codebook shows.

During the static trench warfare which characterised the Western Front for most of the war, the duel between codemakers and codebreakers meant that changes had to be made regularly to tactical encryption systems.  Given the different addressees to whom encrypted messages might need to be sent, a German Brigade Signals Office would have had a range of different codes.  The contents list for this codebook, which was created for the German Army's 109th Infantry Division, shows this:

  1. Morse and phonetic alphabet
  2. Brevity codes
    1. General procedure code
    2. Flying Service
      1. general
      2. codes for artillery support
      3. infantry support
  3. Numerical brevity codes (place names)
    1. Military and place names
    2. Contact procedures
    3. Numerical letter and syllable codes
    4. Numerical numbers and times
    5. Alphabetical word list


But as well as this, the codebook includes examples of lots more ad hoc additions added to the main list: coverterms, numerical substitution tables, and even shapes to make on the ground which could be read by aircraft overflying the divisional area of responsibility. There is far too much for anyone to remember.

In a static environment this might not have been important, but this codebook was being used by 174th Infantry Brigade during the Second Battle of the Somme in August 1918 when it was captured. As a result, the Division’s entire tactical encryption system was revealed.