April 20, 2010 -- In "Cyber War," author Richard Clarke explores the newest front of modern war: the Internet and how America could already be on the losing side.
Read an excerpt of the book below, and then head to the "GMA" Library to find more good reads.
It was in the depths of a gray and chill Washington winter. On aside street not far from Dupont Circle, in a brownstone filledwith electric guitars and an eclectic collection of art, we gathered toremember the man who had taught us how to analyze issues of warand defense. Two dozen of his former students, now mostly in theirfifties, drank toasts that February night in 2009 to Professor WilliamW. Kaufmann, who had died weeks earlier at age ninety. Bill, aseveryone referred to him that night, had taught defense analysis andstrategic nuclear weapons policy at MIT for decades, and later atHarvard and the Brookings Institution. Generations of civilian andmilitary "experts" had earned that title by passing through hiscourses. Bill was also an advisor to six Secretaries of Defense, sittingin the "front office" on the E Ring of the Pentagon. He shuttledbetween Boston and Washington every week for decades.
Behind his back, some of us had referred to Professor Kaufmann as "Yoda," in part because of a vague physical and stylistic resemblance,but chiefly because we thought of him as our Jedi master, theman who understood the workings of the Force and tried to teachthem to us. As an analyst and advisor, Bill had been one of a handfulof civilians who had created the framework of strategic nuclearwar doctrine in the late 1950s and early 1960s. They had walkedthe United States back from a nuclear strategy that had called forthe United States to go first in a nuclear war, to use all of its nuclearweapons in one massive attack, and to destroy hundreds of cities inEurope and Asia. Bill and his colleagues had probably prevented aglobal nuclear war and had made strategic arms control possible.Our conversation that night, lubricated by the same martinis Billused to drink with us, turned to the future. What could we do tohonor the memory of William W. Kaufmann and the other strategistsof the second half of the twentieth century? We could, someonesuggested, continue their work, use what Bill had taught us, askthe tough analytical questions about today's strategy. Another at thetable suggested that today is very different from the 1950s, whennuclear weapons were being deployed without a thoughtful strategy;strategies are well developed today.
But is it such a different time? In the first decade of the twentyfirstcentury, the U.S. developed and systematically deployed a newtype of weapon, based on our new technologies, and we did so withouta thoughtful strategy. We created a new military command toconduct a new kind of high-tech war, without public debate, mediadiscussion, serious congressional oversight, academic analysis, orinternational dialogue. Perhaps, then, we are at a time with somestriking similarities to the 1950s. Perhaps, then, we need to stimulatelearned discussion and rigorous analysis about that new kind ofweapon, that new kind of war.
It is cyberspace and war in it about which I speak. On October 1,2009, a general took charge of the new U.S. Cyber Command, a military organization with the mission to use information technologyand the Internet as a weapon. Similar commands exist in Russia,China, and a score of other nations. These military and intelligenceorganizations are preparing the cyber battlefield with things called"logic bombs" and "trapdoors," placing virtual explosives in othercountries in peacetime. Given the unique nature of cyber war, theremay be incentives to go first. The most likely targets are civilian innature. The speed at which thousands of targets can be hit, almostanywhere in the world, brings with it the prospect of highly volatilecrises. The force that prevented nuclear war, deterrence, does notwork well in cyber war. The entire phenomenon of cyber war isshrouded in such government secrecy that it makes the Cold Warlook like a time of openness and transparency. The biggest secret inthe world about cyber war may be that at the very same time the U.S.prepares for offensive cyber war, it is continuing policies that make itimpossible to defend the nation effectively from cyber attack.
A nation that has invented the new technology, and the tacticsto use it, may not be the victor, if its own military is mired in theways of the past, overcome by inertia, overconfident in the weaponsthey have grown to love and consider supreme. The originator of thenew offensive weaponry may be the loser unless it has also figuredout how to defend against the weapon it has shown to the rest of theworld. Thus, even though the American colonel Billy Mitchell wasthe first to understand the ability of small aircraft to sink mightybattleships, it was the Japanese Imperial Navy that acted on thatunderstanding, and came close to defeating the Americans in thePacific in World War II. It was Britain that first developed the tank,and a French colonel, Charles de Gaulle, who devised the tactics ofrapid attack with massed tanks, supported by air and artillery. Yetit was a recently defeated Germany that perfected the tank in the1930s and first employed de Gaulle's tactics, which later becameknown as blitzkrieg. (As recently as 1990, and again in 2003, the U.S. military went to war with an updated version of the seventyyear-old blitzkrieg tactic: fast movement of heavy tank units, supportedby aircraft.)Warmed by the camaraderie of my fellow ex-students, and bythe martinis, I left the brownstone and wandered out into that coldnight, pondering this irony of history, and making a commitment tomyself, and to Bill, that I would try to stimulate open, public analysisand discussion of cyber-war strategy before we stumbled into sucha conflict. This book is the down payment on that commitment. Iknew that I needed a younger partner to join me in trying to understandthe military and technological implications of cyber warwell enough to produce this book. Different generations think ofcyberspace differently. For me, looking at my sixtieth birthday in2010, cyberspace is something that I saw gradually creep up aroundme. It happened after I had already had a career dealing with nuclearweapons, in a bipolar world. I became the first Special Advisor to thePresident for Cyber Security in 2001, but my views of cyber war arecolored by my background in nuclear strategy and espionage.Rob Knake was thirty when he and I wrote this book. For hisgeneration, the Internet and cyberspace are as natural as air and water.Rob's career has focused on homeland security and the transnationalthreats of the twenty-first century. We have worked togetherat Harvard's Kennedy School of Government, at Good Harbor Consulting,and on the Obama for America campaign. In 2009, Robwon the prestigious International Affairs Fellowship at the Councilon Foreign Relations with an appointment to study cyber war. Wedecided to use the first-person singular in the text because manytimes I will be discussing my personal experiences with government,with the information-technology industry, and with Washington'sclans, but the research, writing, and concept development were ajoint enterprise. We have wandered around Washington and otherparts of this country together in search of answers to the many questions surrounding cyber war. Many peoplehave helped us in thatsearch, some of them wishing to remain unnamed in this book becauseof their past or present associations. We had spent long hoursdiscussing, debating, and arguing until we found a synthesis of ourviews. Rob and I both agree that cyber war is not some victimless,clean, new kind of war that we should embrace. Nor is it some kindof secret weapon that we need to keep hidden from the daylight andfrom the public. For it is the public, the civilian population of theUnited States and the publicly owned corporations that run our keynational systems, that are likely to suffer in a cyber war.
While it may appear to give America some sort of advantage, infact cyber war places this country at greater jeopardy than it doesany other nation. Nor is this new kind of war a game or a figmentof our imaginations. Far from being an alternative to conventionalwar, cyber war may actually increase the likelihood of the more traditionalcombat with explosives, bullets, and missiles. If we couldput this genie back in the bottle, we should, but we can't. Therefore,we need to embark on a complex series of tasks: to understand whatcyber war is, to learn how and why it works, to analyze its risks, toprepare for it, and to think about how to control it.
This book is an attempt to begin to do some of that. It is nota technical book, not meant to be an electrical engineer's guide tothe details of cyber weapons. Nor is it designed to be a Washingtonwonk's acronym-filled, jargon-encrusted political or legal exegesis.Finally, it is also definitely not a military document and not writtento be immediately translatable into Pentagonese. Therefore,some experts in each of those fields may think the book simplisticin places where it discusses things they understand and opaque inparts that stretch beyond their expertise. Overall, we have tried tostrike a balance and to write in an informal style that will be bothclear and occasionally entertaining. Lest you take too much comfortin those assurances, however, it is necessary in a book on this subject to discuss the technology, the ways of Washington, as well as somemilitary and intelligence themes. Likewise, it is impossible to avoidentirely the use of acronyms and jargon, and therefore we include aglossary (starting on page 281).
I have been taught by senior national security officials for decadesnever to bring them a problem without also suggesting a solution.This book certainly reveals some problems, but it also discusses potentialsolutions. Putting those or other defenses in place will taketime, and until they are a reality, this nation and others are runningsome new and serious risks to peace, to international stability, to internalorder, and to our national and individual economic well-being.
The authors wish to thank the many peoplewho helped us withthis book, most important the experts in and out of governmentswho helped us on condition that they go unnamed. Pieter Zatko,John Mallery, Chris Jordan, Ed Amoroso, Sami Saydjari, and BarnabyPage helped us understand some of the more technical aspectsof cyber security. Paul Kurtz served as a constant sounding boardand helped shape our thinking in innumerable ways. Ken Minihan,Mike McConnell, and Rich Wilhelm gave us added insight fromtheir decades in government and the private sector, Alan Paller,Greg Rattray, and Jim Lewis gave their insights and latest thinkingon this complex topic. We thank Janet Napolitano for taking timeout of her busy schedule to meet with us and for being willing to doso on the record. We also thank Rand Beers for his wisdom. WillHowerton helped in a major way to get this book across the finishline. He possesses a keen editorial eye and a gift for research. WillBardenwerper also provided editorial assistance.Bev Roundtree, as she has been on so many projects over thedecades, was the sine qua non.
Chapter 1: Trial Runs
A quarter-moon reflected on the slowly flowing Euphrates, a riveralong which nations have warred for five thousand years. It wasjust after midnight, September 6, 2007, and a new kind of attackwas about to happen along the Euphrates, one that had begun incyberspace. On the east side of the river, seventy-five miles south intoSyria from the Turkish border, up a dry wadi from the riverbank, afew low lights cast shadows on the wadi's sandy walls. The shadowswere from a large building under construction. Many North Koreanworkers had left the construction site six hours earlier, queuing inorderly lines to load onto buses for the drive to their nearby dormitory.For a construction site, the area was unusually dark and unprotected,almost as if the builder wanted to avoid attracting attention.
Without warning, what seemed like small stars burst above the site, illuminating the area with a blue-white clarity brighter thandaylight. In less than a minute, although it seemed longer to thefew Syrians and Koreans still on the site, there was a blinding flash,then a concussive sound wave, and then falling pieces of debris. Iftheir hearing had not been temporarily destroyed by the explosions,those on the ground nearby would then have heard a longer acousticwash of military jet engines blanketing the area. Had they been ableto look beyond the flames that were now sweeping the constructionsite, or above the illuminating flares that were still floating downon small parachutes, the Syrians and Koreans might have seen F-15Eagles and F-16 Falcons banking north, back toward Turkey. Perhapsthey would even have made out muted blue-and-white Star ofDavid emblems on the wings of the Israeli Air Force strike formationas it headed home, unscathed, leaving years of secret work nearthe wadi totally destroyed.
Almost as unusual as the raid itself was the political silence thatfollowed. The public affairs offices of the Israeli government saidnothing. Even more telling, Syria, which had been bombed, wassilent. Slowly, the story started to emerge in American and Britishmedia. Israel had bombed a complex in eastern Syria, a facility beingbuilt by North Koreans. The facility was related to weapons of massdestruction, the news accounts reported from unnamed sources. Israelipress censors allowed their nation's newspapers to quote Americanmedia accounts, but prohibited them from doing any reportingof their own. It was, they said, a national security matter. Promptedby the media accounts, the Syrian government belatedly admittedthere had been an attack on their territory. Then they protested it,somewhat meekly. Syrian President Assad asserted that what hadbeen destroyed was "an empty building." Curiously, only North Koreajoined Damascus in expressing outrage at this surprise attack.
Media accounts differed slightly as to what had happened andwhy, but most quoted Israeli government sources as saying that the facility had been a North Korean–designed nuclear weapons plant.If that was true, North Korea had violated an agreement with theUnited States and other major powers that it would stop selling nuclearweapons know-how. Worse, it meant that Syria, a nation onIsrael's border, a nation that had been negotiating with Israel throughthe Turks, had actually been trying secretly to acquire nuclear weapons,something that even Saddam Hussein had stopped doing yearsbefore the U.S. invasion of Iraq.
Soon, however, self-anointed experts were casting doubt on the"Syria was making a nuclear bomb" story.
Satellite pictures, taken by reconnaissance satellite, were revealedby Western media. Experts noted that the site had little securityaround it before the bombing. Some contended that the buildingwas not tall enough to house a North Korean nuclear reactor. Otherspointed to the lack of any other nuclear infrastructure in Syria.
They offered alternative theories. Maybe the building was related toSyria's missile program. Maybe Israel had just gotten it wrong andthe building was relatively innocent, like Saddam Hussein's alleged"baby milk factory" of 1990 or Sudan's supposed aspirin plant of1998, both destroyed in U.S. strikes. Or maybe, said some commentators,Syria was not the real target. Maybe Israel was sending a messageto Iran, a message that the Jewish state could still successfullycarry out surprise air strikes, a message that a similar strike couldoccur on Iranian nuclear facilities unless Tehran stopped its nucleardevelopment program.
Media reports quoting unnamed sources claimed various degreesof American involvement in the raid: the Americans had discoveredthe site on satellite photography, or the Americans had overlookedthe site and the Israelis had found it on satellite images given tothem routinely by the U.S. intelligence community; the Americanshad helped plan the bombing, perhaps persuading the Turkish militaryto look the other way as the Israeli attack formation sailed over Turkey to surprise Syria by attacking from the north. Americans—or were they Israelis?—had perhaps snuck into the constructionsite before the bombing to confirm the North Korean presence,and maybe verify the nuclear nature of the site. President GeorgeW. Bush, uncharacteristically taciturn, flatly refused to answer areporter's question about the Israeli attack.
The one thing that most analysts agreed upon was that somethingstrange had happened. In April 2008, the CIA took the unusualstep of producing and publicly releasing a video showing clandestineimagery from inside the facility before it was bombed. The film leftlittle doubt that the site had been a North Korean–designed nuclearfacility. The story soon faded. Scant attention was paid when, sevenmonths later, the UN's International Atomic Energy Agency (IAEA)issued its report. It had sent inspectors to the site. What the inspectorsfound was not a bombed-out ruin, nor did they come upon abeehive of renewed construction activity. Instead, the internationalexperts were taken to a site that had been neatly plowed and raked,a site showing no signs of debris or construction materials. It lookedlike an unimproved home lot for sale in some desert communityoutside of Phoenix, perfectly anodyne. The disappointed inspectorstook pictures. They filled plastic ziplock baggies with soil samplesand then they left the banks of the Euphrates and flew back to theirheadquarters on an island in the Danube near Vienna. There theyran tests in their laboratories.
The IAEA announced, again to little attention, that the soil sampleshad contained unusual, "man-made," radioactive materials. Forthose few who had been following the mystery of Syria's Euphratesenigma, that was the end of the story, vindicating Israel's highlyregarded intelligence service.
Despite how unlikely it seemed, Syriain fact had been secretly fooling around with nuclear weapons, andthe bizarre regime in North Korea had been helping. It was time toreassess the intentions of both Damascus and Pyongyang.
Behind all of this mystery, however, was another intrigue. Syriahad spent billions of dollars on air defense systems. That Septembernight, Syrian military personnel were closely watching their radars.Unexpectedly, Israel had put its troops on the Golan Heights onfull alert earlier in the day. From their emplacements on the occupiedSyrian territory, Israel's Golani Brigade could literally lookinto downtown Damascus through their long-range lenses. Syrianforces were expecting trouble. Yet nothing unusual appeared ontheir screens. The skies over Syria seemed safe and largely emptyas midnight rolled around. In fact, however, formations of Eaglesand Falcons had penetrated Syrian airspace from Turkey. Those aircraft,designed and first built in the 1970s, were far from stealthy.Their steel and titanium airframes, their sharp edges and corners,the bombs and missiles hanging on their wings, should have lit upthe Syrian radars like the Christmas tree illuminating New York'sRockefeller Plaza in December. But they didn't.
What the Syrians slowly, reluctantly, and painfully concluded thenext morning was that Israel had "owned" Damascus's pricey air defensenetwork the night before. What appeared on the radar screenswas what the Israeli Air Force had put there, an image of nothing.The view seen by the Syrians bore no relation to the reality that theireastern skies had become an Israeli Air Force bombing range. Syrianair defense missiles could not have been fired because there hadbeen no targets in the system for them to seek out. Syrian air defensefighters could not have scrambled, had they been fool enough todo so again against the Israelis, because their Russian-built systemsrequired them to be vectored toward the target aircraft by groundbasedcontrollers. The Syrian ground-based controllers had seen notargets.
By that afternoon, the phones were ringing in the Russian DefenseMinistry off Red Square. How could the Russian air defensesystem have been blinded? Syria wanted to know. Moscow promised to send experts and technicians right away. Maybe there had been animplementation problem, maybe a user error, but it would be fixedimmediately. The Russian military-industrial complex did not needthat kind of bad publicity about its products. After all, Iran wasabout to buy a modern air defense radar and missile system fromMoscow. In both Tehran and Damascus, air defense commanderswere in shock.
Cyber warriors around the world, however, were not surprised.This was how war would be fought in the information age, this wasCyber War. When the term "cyber war" is used in this book, it refersto actions by a nation-state to penetrate another nation's computersor networks for the purposes of causing damage or disruption.When the Israelis attacked Syria, they used light and electric pulses,not to cut like a laser or stun like a taser, but to transmit 1's and 0'sto control what the Syrian air defense radars saw. Instead of blowingup air defense radars and giving up the element of surprise beforehitting the main targets, in the age of cyber war, the Israelis ensuredthat the enemy could not even raise its defenses.
The Israelis had planned and executed their cyber assault flawlessly.Just how they did it is a matter of some conjecture.
There are at least three possibilities for how they "owned" theSyrians. First, there is the possibility suggested by some media reportsthat the Israeli attack was preceded by a stealthy unmannedaerial vehicle (UAV) that intentionally flew into a Syrian air defenseradar's beam. Radar still works essentially the same way it beganseventy years ago in the Battle of Britain. A radar system sends outa directional radio beam. If the beam hits anything, it bounces backto a receiver. The processor then computes where the object was thatthe radio beam hit, at what altitude it was flying, at what speed itwas moving, and maybe even how big an object was up there. Thekey fact here is that the radar is allowing an electronic beam to comefrom the air, back into the ground-based computer system.
Radar is inherently an open computer door, open so that it canreceive back the electronic searchers it has sent out to look for thingsin the sky. A stealthy Israeli UAV might not have been seen by theSyrian air defense because the drone would have been coated withmaterial that absorbs or deflects a radar beam. The UAV might,however, have been able to detect the radar beam coming up fromthe ground toward it and used that very same radio frequency totransmit computer packets back down into the radar's computerand from there into the Syrian air defense network. Those packetsmade the system malfunction, but they also told it not to act therewas anything wrong with it. They may have just replayed a do-loopof the sky as it was before the attack. Thus, while the radar beammight later have bounced off the attacking Eagles and Falcons, thereturn signal did not register on the Syrian air defense computers.The sky would look just like it had when it was empty, even thoughit was, in actuality, filled with Israeli fighters. U.S. media reportsindicate that the United States has a similar cyber attack system,code-named Senior Suter.
Second, there is the possibility that the Russian computer codecontrolling the Syrian air defense network had been compromisedby Israeli agents. At some point, perhaps in the Russian computerlab or in a Syrian military facility, someone working for Israel orone of its allies may have slipped a "trapdoor" into the millions oflines of computer code that run the air defense program. A "trapdoor"(or "Trojan Horse") is simply a handful of lines of computercode that look just like all the other gibberish that comprise the instructionsfor an operating system or application. (Tests run by theNational Security Agency determined that even the best-trainedexperts could not, by visually looking through the millions of linesof symbols, find the "errors" that had been introduced into a pieceof software.)
The "trapdoor" could be instructions on how to respond to certain circumstances. For example, if the radar processor discovers a particularelectronic signal, it would respond by showing no targets inthe sky for a designated period of time, say, the next three hours. Allthe Israeli UAV would have to do is send down that small electronicsignal. The "trapdoor" might be a secret electronic access point thatwould allow someone tapping into the air defense network to getpast the intrusion-detection system and firewall, through the encryption,and take control of the network with full administrator'srights and privileges.
The third possibility is that an Israeli agent would find any fiberopticcable of the air defense network somewhere in Syria and spliceinto the line (harder than it sounds, but doable). Once on line, theIsraeli agent would type in a command that would cause the "trapdoor"to open for him. While it is risky for an Israeli agent to bewandering around Syria cutting into fiber-optic cables, it is far fromimpossible. Reports have suggested for decades that Israel places itsspies behind Syrian borders. The fiber-optic cables for the Syriannational air defense network run all over the country, not just insidemilitary installations. The advantage of an agent in place hackinginto the network is that it does not cause the operation to rely uponthe success of a "takeover packet" entering the network from a UAVflying overhead. Indeed, an agent in place could theoretically set upa link from his location back to Israel's Air Force command post.Using low-probability-of-intercept (LPI) communications methods,an Israeli agent may be able to establish "cove comms" (covert communications),even in downtown Damascus, beaming up to a satellitewith little risk of anyone in Syria noticing.
Whatever method the Israelis used to trick the Syrian air defensenetwork, it was probably taken from a playbook they borrowed fromthe U.S. Our Israeli friends have learned a thing or two from the programswe have been working on for more than two decades. In 1990,as the United States was preparing to go to war with Iraq for the first time, early U.S. cyber warriors got together with Special Operationscommandos to figure out how they could take out the extensive Iraqiair defense radar and missile network just before the initial wavesof U.S. and allied aircraft came screeching in toward Baghdad. Asthe hero of Desert Storm, four-star General Norm Schwarzkopf, explainedto me at the time, "these snake-eaters had some crazy idea"to sneak into Iraq before the first shots were fired and seize control ofa radar base in the south of the country. They planned to bring withthem some hackers, probably from the U.S. Air Force, who wouldhook up to the Iraqi network from inside the base and then send outa program that would have caused all the computers on the networkall over the country to crash and be unable to reboot.