Dark Territory: The Secret History of Cyber WarIn the early 1990s, NSA Director Mike McConnell created a brand-new position at the National Security Agency: Director of Information Warfare.  McConnell appointed Rich Wilhelm, with whom McConnell had worked closely on U.S. counter-command & -control intelligence operations during the first Iraq war.  After just a few weeks settling into his new job, Wilhelm walked into Director McConnell’s office and said “Mike, we’re kind of f***ed here.”

The problem?  The U.S. could penetrate and disrupt foreign adversaries’ increasingly computerized military, government, and civic infrastructures, and it was already clear that future conflicts would turn upon what would only later be dubbed cyber warfare.  But whatever we could do to our adversaries, they could do to us.  Making matters worse, the U.S. military, civilian governmental agencies, and private businesses were rapidly connecting everything in computer networks, with no meaningful attention paid to network security.  We’d be throwing rocks from the largest glass house on the planet.

In Dark Territory: The Secret History of Cyber War, Pulitzer Prize-winning journalist Fred Kaplan adroitly distills over one hundred key player interviews –  from U.S. cabinet secretaries, generals, admirals, and NSA directors, to analysts, aides, and officers in the trenches – into a riveting narrative that tracks the debut, developments, and dilemmas of cyber warfare.

Kaplan’s book is a cyber roller coaster ride spanning three decades.  Here are some notable highs and lows:

  • President Reagan’s question to senior military staff, after watching the 1983 movie WarGames (teenager Matthew Broderic hacking into NORAD), “Could something like this really happen?” and the resulting national security decision directive NSDD-145, which, if it hadn’t been derailed by Congress, would have put the NSA in charge of ensuring public and private sector telecommunications and computer security.
  • The post-Oklahoma City bombing focus of the Clinton administration on critical infrastructure security, including both physical and also “cyber threats”, culminating in the 1997 Marsh Report by the President’s Commission on Critical Infrastructure Protection, which highlighted cyber vulnerabilities, but was purposefully silent on bugeoning U.S. offensive cyber capabilities.
  • The 1997 Eligible Receiver exercise, in which an NSA Red Team, using only commercially available hadware and software, hacked into networks and computers throughout the entire Department of Defense in just four days (the exercise’s debrief tactfully omitted that the Red Team successfully cracked the password of the Chairman of the Joint Chiefs of Staff).
  • The 1998 Solar Sunrise hacking of over a dozen U.S. military bases, initially feared to be an Iraqi attack, but which was actually perpetrated by two California 16 year-olds (“Stimpy” and “Makaveli”, who later explained “It’s power, dude.  You know, power”).
  • The Moonlight Maze 1998 compromise of numerous U.S. military computer systems by Russian hackers.
  • The Pentagon’s J-39 Unit’s cyber exploits in the Serbian war, including distorting Serbian air defense system information so that the locations of incoming U.S. aircraft were subtly off-target.
  • The formation of the Office of Tailored Access Operations (“TAO”), NSA’s elite, secret team of hundreds of hackers, with the mission and motto of “getting the ungettable,” and which was heavily utilized in the post-9/11 global pursuit of jihadists in Iraq and elsewhere.
  • The genesis of the NSA program Trailblazer, and its successor Turbulence, used to monitor and track Internet transmissions in real time.
  • The hacking of Syrian air-defense radar systems by Israel’s elite cyber team Unit 8200, which allowed the successful Israeli bombing in 2007 of Syria’s nuclear reactor.
  • The Aurora Generator Test, a secret U.S. government exercise in 2007, in which the injection of twenty-one lines of malicious code physically destroyed the test-subject power generator.
  • The devastating cyber assaults on Estonia in 2007 and Georgia in 2008, attributed to Russia.
  • The 2008 discovery of a hostile intrusion into U.S. Central Command’s classified computers, which were air-gapped from the internet.
  • George Bush’s personal briefing of newly-elected President Barack Obama on Olympic Games, the joint NSA (TAO) and Israeli Unit 8200 creation of super-worm Flame, used to cripple Iran’s nuclear centrifuges, and which was later detected by private security firms and publicly dubbed the Stuxnet virus.
  • The decades long, rampant hacking of western countries’ government and business systems by China’s PLA Unit 61398.
  • Edward Snowden’s release of documentation revealing the NSA’s secret cyber activities, including TAO’s intrusion tools and the highly classified PRISM program for collecting data from major Internet companies.
  • Iran’s 2014 cyber attack on the Las Vegas Sands Corporation in retaliation for public comments of majority owner Sheldon Adelson.
  • North Korea’s “Guardians of Peace” destructive 2014 hack of Sony Pictures, to induce the studio to shelve its comedy movie The Interview.

As I read Dark Territory, I couldn’t help but think of Tao – not NSA’s Office of Tailored Access Operations, but instead the dynamic yin and yang of cyber attack and cyber defense, of fixing versus exploiting system vulnerabilities, of national security interests versus privacy rights – with each in flux, shaped by the other.  It’s one thing for North Korea to have had, until recently, such bad luck with its missile launches (hmmm, wonder why), but its another to be persistently exposed to cyber attacks from other nation states and non-state actors.  It’s also striking that there are no clear rules of engagement, no clarity on effective deterrence, and no consensus of what types or levels of cyber attack constitute an act of war.  Dark territory indeed.