by Shane Harris
But cyberspace is too vast, and too pervasive, to allow a single entity to govern it or to dictate the norms of behavior. There is no neat way to define cyberspace. It’s not a commons. But it’s not private. We have come to depend on it as a public utility—like electricity and water. But it’s still mostly a collection of privately owned devices. Fortunately, we are at the dawn of a new age, not its twilight, and there is some time to consider this conundrum, which has confounded every discussion about the nature of this space to which we seem inexorably tied.
But time is running short. Governments and corporations are making the rules as they go, and their actions have had a more tangible effect than many have realized. It’s incumbent on everyone who touches cyberspace—which is undeniably a collective—to find what Eisenhower called “essential agreement on issues of great moment, the wise resolution of which will better shape the future of the nation.” As anxious as Eisenhower was about the emergence of powerful and potentially destructive new technologies, he was more wary of a “scientific-technological elite” who claimed to know best how to make decisions that free people could make for themselves. It was the entitlement of the military-industrial complex that Eisenhower feared most. And his reminder to remain vigilant to the “rise of misplaced power” resonates as much now as it did then. “We should take nothing for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals, so that security and liberty may prosper together.”
Acknowledgments
BOOK WRITING IS a solitary experience. But publishing a book is a collaborative act. Actually, it’s a series of them. I’d like to mention a few people whose guidance, encouragement, support, and time was especially valuable to me along this book’s journey.
I long ago ran out of superlatives to describe my agent, Tina Bennett, which, I can attest, is a common problem among her clients. She is one of the most thoughtful people I know, and a tireless advocate for her writers and their work. This is our second book together, and as with the first, she sharpened and refined my ideas and helped me realize what I wanted to say. A writer can have no better companion.
Which is why I’m absurdly lucky to have two of them. I would trust my editor, Eamon Dolan, with my firstborn, which I suppose I did. This is also our second book together, and not that I needed to be reminded of his gifts and generosity, but I was. Eamon didn’t just make this book better with his graceful editing and assiduous attention to detail. He helped to conceive a frame for the story. It’s not an exaggeration to say that this would have been a different book if not for Eamon—and it would have been an inferior one.
Thank you also to Tina and Eamon’s colleagues. Svetlana Katz never missed a beat, answered my every question, and saved my bacon on one occasion. And Ben Hyman kept me on track for the many deadlines that come before and after one actually finishes writing a book. I’m grateful to Margaret Wimberger, who carefully copyedited my manuscript, finding plenty of figurative bolts to tighten and wrinkles to iron. Thanks also to Larry Cooper for shepherding the manuscript through production to eventual publication.
Simon Trewin at WME was an early champion for me and the book in London. He guided my proposal to Simon Thorogood at Headline Publishing Group, whose enthusiasm for this project has been unflagging. I’m so pleased that the book found a home with them, and that more people will have a chance to read it because of their efforts.
I’m grateful to my new friends and colleagues at New America, both for their support for this book and my research and for the intellectual community they’ve created. I’ve been thrilled to be a part of it, especially because I’ve admired the work of New America’s scholars for years. Special thanks to Andrés Martinez and Becky Shafer, who so ably corraled and guided our band of fellows. Becky and Kirsten Berg also assisted with research on some crucial chapters in the book, and I’m grateful for their help. Thanks also to Peter Bergen for his kindness and all he’s done to support me and my work. Tim Maurer created a series of superb discussions on cyber security that deepened and sharpened my thinking. I’m grateful to Arizona State University and President Michael Crow for their support of my research on the future of war. And thanks to Anne-Marie Slaughter, New America’s president and CEO, for her leadership, encouragement, and enthusiasm.
I was the luckiest writer in town to have Denise Wills as my editor for three years at Washingtonian magazine, and I’m luckier still to have her as a friend. She’s the dream editor—both a coach and a collaborator. So is Noah Shachtman, who brought me back to the news business at Foreign Policy. We had rambunctious fun in the few months we worked together, which happened to coincide with the biggest news event of 2013. Good timing, Papi.
Thanks to my colleagues at Foreign Policy for making me happy to come to work every day, especially Yochi Dreazen and our news team. Thanks also to Ben Pauker, Peter Scoblic, Mindy Kay Bricker, and David Rothkopf for all they’ve done guiding this fast-moving and fast-growing ship.
I owe a particular debt of gratitude to the voluminous and insightful reporting of several journalist colleagues whose work informed my own research, including Siobhan Gorman and Danny Yadron at the Wall Street Journal; David Sanger, Nicole Perlroth, and John Markoff at the New York Times; Ellen Nakashima at the Washington Post; Tony Romm at Politico; Spencer Ackerman at the Guardian and formerly of Wired’s Danger Room blog; Kim Zetter, also of Wired and author of its Threat Level blog; Joseph Menn at Reuters; and Michael Riley at Bloomberg Businessweek. Each of them has done groundbreaking work on this terrain.
Thanks to my friend and favorite lunch companion, Ben Wittes, whose blog Lawfare is an indispensable destination for serious thinking about national security. Ben has been an unfailing counselor and guide to me over the years, supremely generous with his time and ideas.
Carol Joynt has been a source of fun and laughter, support and wisdom. She’s a true pal, and an ace reporter, who has taught and inspired me. Thanks also to Spencer Joynt, both for letting his dear mom stay out late and for his friendship.
Dave Singleton continues to be the best friend a guy can have. It’s hard to find someone who can embrace, and frequently tolerate, the many sides of yourself. We met nearly fifteen years ago, and we didn’t know at the time we had something so rare. But we do now.
Christopher Kerns makes me laugh hard and think hard at the same time. His willingness to say what he means and to mean what he says has made me a sharper thinker and a stronger journalist. I cherish our conversations, whether over a drink or a long car ride.
Special thanks go to my friends Jason Kello and Jason Wilson, whose thoughtful insights into cyber security—what it looks like now and where it’s going—inform so many parts of this book. Their enthusiasm for this subject is infectious. Their ability to translate technical complexity into clear, compelling language is remarkable.
My longtime mentor and friend Anne Laurent has a special place at the heart of everything I write. More than a decade ago she put me on the path of writing about the intersection of technology and security. Surely I wouldn’t be here if not for her.
Thanks to my family, particularly my mother and father, Ed and Carol Harris, for being teachers and teammates, and always at the moments I needed them most. To Troy, Susan, and Madelyn Harris, thank you for reminding me every day about the constancy of family. My grandmother, Bettiann Kinney, who taught me to tell stories, continues to be a source of inspiration in more ways than I’d ever expected. To my mother-in-law, Mary de Feo, and my (now legal) extended family, thank you for bringing so much laughter and happiness into my life, and for welcoming me into yours.
Finally, to my husband, Joe de Feo, what could I possibly tell you that you don’t already know? Somehow you manage to make me happier every day than I was the last. The months I spent writing this book, sitting with the two little monsters in one room and you working in the other, were some of the happiest we’ve sha
red. Thank you for everything you’ve done for me, and for us. Thank you for centering me. And thank you for being there when I come home. It’s my favorite part of the day.
Notes
Prologue
[>] He was an ex-military officer: This account is based on interviews with a number of former Defense Department officials, as well as news reports.
[>] About 7.5 million lines: “Joint Strike Fighter: Strong Risk Management Essential as Program Enters Most Challenging Phase,” US Government Accountability Office, GAO-09-711T, May 20, 2009, http://www.gao.gov/products/GAO-09-711T.
[>] In 2006 it held at least $33.5 billion: “Top 200 Contractors,” Government Executive, August 15, 2007, http://www.govexec.com/magazine/2007/08/top-200-contractors/25086/.
[>] The spies had made off: “Computer Spies Breach Fighter-Jet Project,” Wall Street Journal, April 21, 2009, http://online.wsj.com/news/articles/SB124027491029837401.
[>] The spies had penetrated: “Security Experts Admit China Stole Secret Fighter Jet Plans,” Australian, March 12, 2012, http://www.theaustralian.com.au/news/world/security-experts-admit-china-stole-secret-fighter-jet-plans/story-fnb64016-1226296400154#mm-premium.
[>] It bore a number of design: Andrea Shalal-Esa, “Pentagon Sees Risks, Progress on Lockheed’s F-35 Jet,” Reuters, April 24, 2013, http://www.reuters.com/article/2013/04/25/us-lockheed-fighter-idUSBRE93O00E20130425.
[>] The CEOs weren’t sure: Author interviews with meeting participants and others who were briefed afterward, as well as Defense Department officials who worked on the DIB program. Interviews included Robert Lentz, the deputy assistant defense secretary who oversaw the initiative; James Lewis, a cyber security expert with the Center for Strategic and International Studies in Washington, DC; and Steve Hawkins, vice president of information security solutions at Raytheon, 2009. Also air force general Michael Basla, 2013.
[>] “A lot of people went”: Author interview with James Lewis, April 2009.
[>] After the meeting the Defense Department: Author interviews with current and former Defense Department and Homeland Security Department officials, as well as corporate executives, 2009 and 2013.
[>] “cyber Pearl Harbor”: Panetta spoke aboard the Intrepid Sea, Air & Space Museum in New York City on October 12, 2012, http://www.defensenews.com/article/20121012/DEFREG02/310120001/Text-Speech-by-Defense-U-S-Secretary-Leon-Panetta.
[>] Five months earlier President Barack Obama: Barack Obama, “Taking the Cyberattack Threat Seriously,” Wall Street Journal, July 19, 2012, http://online.wsj.com/news/articles/SB10000872396390444330904577535492693044650.
[>] FBI director James Comey: Comey testified before the Senate Committee on Homeland Security and Governmental Affairs on November 14, 2013, http://www.fbi.gov/news/testimony/homeland-threats-and-the-fbis-response.
[>] In 2014 the government planned: Chris Strohm and Todd Shields, “Obama Boosts Pentagon Cyber Budget Amid Rising Attacks,” Bloomberg.com, April 11, 2013, http://www.bloomberg.com/news/2013-04-10/lockheed-to-general-dynamics-target-shift-to-cyber-spend.html.
[>] To put that in some perspective: Federal Climate Change Expenditures Report to Congress, August 2013, http://www.whitehouse.gov/sites/default/files/omb/assets/legislative_reports/fcce-report-to-congress.pdf.
1. The First Cyber War
[>] Bob Stasio never planned: Author interview, October 2013.
[>] In May 2007: The account of the meeting is based on two lengthy interviews with Mike McConnell, then the president’s director of national intelligence, as well as an interview with Fran Townsend, then Bush’s counterterrorism adviser, and Dale Meyerrose, a retired air force general who was then a senior official in the Office of the Director of National Intelligence. The operational details of the NSA and the military’s cyber activities in Iraq come from three former military intelligence officers who participated in the operations and asked not to be identified. Other officials, including David Petraeus, former commander of US forces in Iraq, have spoken publicly about cyber operations in Iraq and the contribution they made to the US victory there.
[>] The president had already okayed: In addition to the author’s own interviews with current and former US officials and computer security experts, information about the Stuxnet campaign was drawn from voluminous research papers and news articles, of which the following provided key details: Ralph Langner, “Stuxnet’s Secret Twin,” Foreign Policy, November 21, 2013, http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack#sthash.nq7VuMAC.8FWcquMx.dpbs; David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012, http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all; James Bamford, “The Secret War,” Wired, June 12, 2013, http://www.wired.com/threatlevel/2013/06/general-keith-alexander-cyberwar/all/; and Jim Finkle, “Researchers Say Stuxnet Was Deployed Against Iran in 2007,” Reuters, February 26, 2013, http://www.reuters.com/article/2013/02/26/us-cyberwar-stuxnet-idUSBRE91P0PP20130226.
[>] The prior year had been one of the bloodiest: Casualty statistic from iCasualties.org, http://icasualties.org/Iraq/index.aspx.
[>] Iraqi civilian deaths: Ibid., http://www.iraqbodycount.org/database/.
[>] By September 2004: Dana Priest, “NSA Growth Fueled by Need to Target Terrorists,” Washington Post, July 21, 2013, http://www.washingtonpost.com/world/national-security/nsa-growth-fueled-by-need-to-target-terrorists/2013/07/21/24c93cf4-f0b1-11e2-bed3-b9b6fe264871_story.html.
[>] “This trend presents”: David E. Peterson, “Surveillance Slips into Cyberspace,” Signal, February 2005, http://www.afcea.org/content/?q=node/629.
[>] Their center of operations: The description comes from several sources, including an interview with a former senior military officer, other military and intelligence officers who worked in Iraq, and press accounts, including Priest, “NSA Growth”; and Joby Warrick and Robin Wright, “US Teams Weaken Insurgency in Iraq,” Washington Post, September 6, 2008, http://articles.washingtonpost.com/2008-09-06/world/36869600_1_salim-abdallah-ashur-abu-uthman-iraqi-insurgents. See also David H. Petraeus, “How We Won in Iraq,” Foreign Policy, October 29, 2013, http://www.foreignpolicy.com/articles/2013/10/29/david_petraeus_how_we_won_the_surge_in_iraq?page=0,3; and Stanley A. McChrystal, “It Takes a Network,” Foreign Policy, February 22, 2011, http://www.foreignpolicy.com/articles/2011/02/22/it_takes_a_network.
[>] In September 2007: See Eric Schmitt and Thom Shanker, Counterstrike: The Untold Story of America’s Secret Campaign Against Al Qaeda (New York: Times Books, 2011).
[>] The NSA also developed a tool: Scott Shane, “No Morsel Too Minuscule for All-Consuming NSA,” New York Times, November 2, 2013, http://www.nytimes.com/2013/11/03/world/no-morsel-too-minuscule-for-all-consuming-nsa.html?_r=2&pagewanted=all&&pagewanted=print.
[>] Local Christians who had lived: Ned Parker, “Christians Chased Out of District,” Los Angeles Times, June 27, 2007, http://articles.latimes.com/2007/jun/27/world/fg-christians27.
[>] The operation began in June 2007: “US Launches Major Iraq Offensive,” BBC News, June 19, 2007, http://news.bbc.co.uk/2/hi/middle_east/6766217.stm; and “Start of ‘Arrowhead Ripper’ Highlights Iraq Operations,” American Forces Press Service, June 19, 2007, http://www.defense.gov/News/NewsArticle.aspx?ID=46459.
[>] By one account, it aided: Warrick and Wright, “US Teams Weaken Insurgency.”
[>] There were 28 bombings: Ibid.
[>] Petraeus credited this new: National Security Agency statement on surveillance programs, August 9, 2013, http://cryptome.org/2013/08/nsa-13-0809.pdf. See also Petraeus, “How We Won in Iraq.”
2. RTRG
[>] The NSA’s headquarters had moved: 60 Years of Defending Our Nation, an official NSA history, published in 2012 for the agency’s anniversary, http://www.nsa.gov/about/cryptologic_heritage/60th/book/NSA_60th_Anniversary.pdf.
[>] A twenty-four-hour watch center: The description of the so
-called President’s Surveillance Program and Stellar Wind is drawn from multiple interviews with former government officials, as well as a report by the NSA’s inspector general, ST-09-002 Working Draft, March 24, 2009, which was disclosed by Edward Snowden. A copy of the document is available at http://www.theguardian.com/world/interactive/2013/jun/27/nsa-inspector-general-report-document-data-collection. See also the author’s book The Watchers: The Rise of America’s Surveillance State (New York: Penguin Press, 2010).
[>] In the litany of NSA code words: Precisely how the NSA comes up with code words is a bit of a mystery. In the 1960s a single NSA employee was responsible for selecting new code words, apparently at random, suggesting that the choice of name has little to do with what the program actually does. See Tom Bowman, “Why Does the NSA Keep an EGOTISTICALGIRAFFE? It’s Top Secret,” NPR News, November 10, 2013, http://www.npr.org/2013/11/10/244240199/why-does-the-nsa-keep-an-egotisticalgiraffe-its-top-secret.
[>] “This is the kind of guy”: Matt Schudel, “Pedro Luis Rustan, 65, “Pedro Luis Rustan, 65, Aerospace and Surveillance Innovator,” Obituaries, Washington Post, July 7, 2012, http://articles.washingtonpost.com/2012-07-07/local/35486174_1_nro-spy-satellites-national-reconnaissance-office.
[>] In a 2010 interview with a trade publication: “Change Agent,” C4ISR Journal, October 8, 2010, http://www.defensenews.com/article/20101008/C4ISR01/10080311/.
[>] “Clearly establishing in the eyes of the Iraqi people”: David H. Petraeus, “How We Won in Iraq,” Foreign Policy, October 29, 2013, http://www.foreignpolicy.com/articles/2013/10/29/david_petraeus_how_we_won_the_surge_in_iraq?page=0,3.