CSEC 101: The History of Codes and Codebreaking

This course establishes that the desire to protect information—and the desire to steal it—are among the oldest impulses in human civilization. By studying the evolution of cryptography from ancient substitution ciphers to modern public-key encryption, learners gain an intuitive understanding of why security matters and how the cat-and-mouse game between codemakers and codebreakers has shaped history.

Ancient and Classical Ciphers

The course begins with accessible historical examples: the Caesar cipher (a simple letter-shifting technique used by Julius Caesar to communicate with his generals), the Spartan scytale (a physical device that encrypted messages by wrapping a strip of leather around a rod of a specific diameter), and the polyalphabetic Vigenère cipher that resisted cryptanalysis for centuries. These early examples demonstrate core principles—substitution, transposition, key management—that remain relevant in modern systems.

Alan Turing, Bletchley Park, and the Enigma Machine

The centerpiece of this module is the story of Alan Turing and the British codebreaking operation at Bletchley Park during World War II. The German military’s Enigma machine was considered unbreakable: it could produce over 150 trillion possible letter combinations for each message. Turing, a brilliant mathematician recruited by the Government Code and Cypher School, designed an electromechanical device called the “Bombe” that dramatically accelerated the process of testing possible Enigma settings.

Turing’s insight was profoundly important for the field of computer science: rather than trying to brute-force every possible combination, his machine exploited known weaknesses in German message protocols—such as the fact that operators often used predictable phrases like weather reports—to eliminate impossible configurations. His approach anticipated modern computational methods for decades to come.

The Bletchley Park story also serves as a powerful lesson in secrecy and institutional failure. After the war, the British government suppressed knowledge of the codebreaking operation for decades. Turing himself was prosecuted in 1952 for homosexuality (then a criminal offense in Britain), subjected to chemical castration, and died in 1954 at the age of 41. He received a posthumous royal pardon in 2013. His story is a sobering reminder that the people who protect us are not always protected in return.

Recommended viewing: The Imitation Game (2014), directed by Morten Tyldum, starring Benedict Cumberbatch as Turing. While the film takes considerable creative liberties (independent analysis found it only about 42% historically accurate), it effectively conveys the emotional weight of Turing’s story and makes the concepts of codebreaking accessible to a general audience.

CASE STUDY: The Enigma Machine

The Enigma device used a system of rotating wheels (rotors) to scramble each letter typed on its keyboard. Each time a letter was pressed, the rotors advanced, meaning the same letter would be encrypted differently each time. The German military reset the Enigma settings every 24 hours at midnight, giving Bletchley Park’s codebreakers a daily race against time. Turing’s Bombe machine could test thousands of rotor configurations per second, but the real breakthrough came from combining mathematical logic with intelligence about the Germans’ own operational habits. The lesson: even the most sophisticated encryption system can be compromised when the humans using it are predictable.

The WRENS of WATU: Women Who Won the Battle of the Atlantic

One of the most remarkable and least-known stories of World War II is that of the Western Approaches Tactical Unit (WATU) in Liverpool, England. In 1942, German U-boats were sinking Allied merchant ships at an alarming rate—over 1,200 in 1940 alone—threatening to starve Britain into submission. The Royal Navy turned to Captain Gilbert Roberts, a retired war-gamer, and gave him a staff not of seasoned officers but of young women from the Women’s Royal Naval Service (WRENS).

Roberts and his assigned WRENS—some of them teenagers fresh out of school—created a war game on a large linoleum floor, using chalk lines to represent nautical miles and wooden ship models to simulate convoy battles. By interviewing survivors of U-boat attacks and translating German manuals, they made a stunning discovery: the U-boats were not attacking convoys from the outside, as the Royal Navy had assumed. Instead, they were sneaking into the middle of the convoys at night on the surface, using their fast diesel engines and mimicking merchant ships on radar, then firing at close range from inside the formation.

When Admiral Sir Max Horton, commander-in-chief of the Western Approaches, visited WATU, he dismissed war games as child’s play. He was challenged to play “The Game” and was defeated—by Janet Okell, a 20-year-old tactical analyst who had never been on a boat. Humbled, Horton implemented WATU’s recommendations. Within months, German Admiral Karl Dönitz ordered his submarines to withdraw from the North Atlantic entirely.

Recommended reading: A Game of Birds and Wolves by Simon Parkin, which documents this declassified story in full.

CASE STUDY: WATU and the Power of Simulation

The WATU story is not just a compelling historical narrative—it is a foundational lesson in cybersecurity. Modern “red team / blue team” exercises, penetration testing, and threat modeling are all direct descendants of the kind of adversarial simulation that Roberts and the WRENS pioneered on that linoleum floor. The lesson: you do not need to have been in the battle to understand how the battle works. What you need is rigorous thinking, honest analysis, and the humility to let the data override your assumptions—even if the data comes from a 20-year-old who has never set foot on a ship.