Fred Kaplan’s new book Dark Territory is a history of cyber war. It traces the origins of efforts to protect computers and networks from hostile intrusions and then development of offensive capabilities to eavesdrop and even sabotage adversary’s computers and networks. Fred introduces us to many diverse characters from computer geeks to senior government officials involved in a struggle that has rarely seen sunshine as most of the work is highly classified. It was a 1983 movie War Games that prompted President Ronald Reagan to ask Pentagon if someone could break into Department of Defense (DOD) computers and tamper with missile launch. Chairman Joint Chiefs of Staff General John Vessey came back a week later with the answer that the problem was much worse than they thought. This prompted the first attempts of cyber security.
Fred provides the details of a 1997 exercise by National Security Agency’s (NSA) ‘red team’ to check the vulnerability of DOD computer networks. NSA’s ‘hackers’ were able to penetrate DODs network in four days. When they encountered difficulty in hacking into intelligence directorate of Joint Chiefs J-2, one of the team members simply called a J-2 officer. He told the officer that he was from the Pentagon’s IT department fixing a problem and needed to reset the passwords. The J-2 officer gave him all the passwords over the phone without even confirming the identity of the caller. This is a good example of how millions of dollars worth of security systems in place can be bypassed by such simple almost idiotic concepts. The team had also cracked the Chairman Joint Chiefs of Staff Committee (CJCSC) password but in the final report this was not mentioned with a note that ‘no need to piss-off a four star’.
One chapter of the book provides details of ‘Operation Olympic Games’ to sabotage the Iranian nuclear program. This program was exposed because the virus escaped from Natanz nuclear plant and computer security companies in United States and Russia detected this virus. These companies then figured out that this virus named Stuxnet was specifically designed for sabotage. Experts had assured President Obama that there was no chance that the virus could escape the ‘box’ and affect other computers, however they forgot German strategist Helmut von Moltke’s words that “no operation extends with any certainty beyond the first encounter with the main body of the enemy.” Later, it was revealed that this operation was a joint venture of NSA, CIA and Israel’s cyber warfare Unit 8200. In a follow up attack ‘Operation Flame’, hard drives of the Iranian oil ministry were wiped out.
United States set the precedent of nuclear warfare when it dropped nuclear bombs on Hiroshima and Nagasaki. In the same manner, it has set the precedent of offensive cyber war by targeting Iran’s nuclear program. U.S. government and private sector computers are facing a barrage of attacks from Russian and Chinese hackers and government entities. A Korean cyber attack shut down several U.S. government websites as well as the New York Stock Exchange. In 2012, Iran counter-attacked with Shamoon virus damaging hard drives of Saudi Aramco. NSA’s own internal memo concluded that the Iranians had shown the capability to learn from American and Israeli capabilities in the field of cyber warfare. This is a new frontier of warfare and no one knows the rules of this combat.
Dark Territory is a good book about the history of cyber security and vulnerabilities. It gives a glimpse about how increasing complexity also increases the vulnerabilities. United States set another precedent by launching cyber attack specifically for ‘offensive’ purposes without fully calculating the consequences. The United States is the most vulnerable country as it is more dependent on computers and networks than any other country. Once you have a new weapon, it is very hard to control the urge to use it. However, policy makers need to pause and reflect on Sun Tzu’s words that ‘the side that knows when to fight and when not to will take the victory”. The real debate should be how to translate cyber capabilities into a coherent policy and at the same time updating laws of the land to ensure a balance between privacy and security. This is the most challenging task as most of the programs are classified and so far most of the information has come from leaks by NSA contractor Edward Snowden. Fred Kaplan points to important turning points in the history of cyber warfare and raises some very important questions concerning law and policy.